SB14-209: Vulnerability Summary for the Week of July 21, 2014

Title: SB14-209: Vulnerability Summary for the Week of July 21, 2014

NCCIC / US-CERT

National Cyber Awareness System:

07/28/2014 01:44 PM EDT

Original release date: July 28, 2014

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0
Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9
Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

High Vulnerabilities

Primary Vendor -- Product	Description	Published	CVSS Score	Source & Patch Info
acme -- micro_httpd	Buffer overflow in ACME micro_httpd, as used in D-Link DSL2750U and DSL2740U and NetGear WGR614 and MR-ADSL-DG834 routers allows remote attackers to cause a denial of service (crash) via a long string in the URI in a GET request.	2014年07月24日	7.8	CVE-2014-4927 BID EXPLOIT-DB MISC OSVDB
advantech -- advantech_webaccess	Multiple stack-based buffer overflows in Advantech WebAccess before 7.2 allow remote attackers to execute arbitrary code via a long string in the (1) ProjectName, (2) SetParameter, (3) NodeName, (4) CCDParameter, (5) SetColor, (6) AlarmImage, (7) GetParameter, (8) GetColor, (9) ServerResponse, (10) SetBaud, or (11) IPAddress parameter to an ActiveX control in (a) webvact.ocx, (b) dvs.ocx, or (c) webdact.ocx.	2014年07月19日	7.5	CVE-2014-2364
attachmate -- verastream_process_designer	Unrestricted file upload vulnerability in Attachmate Verastream Process Designer (VPD) before R6 SP1 Hotfix 1 allows remote attackers to execute arbitrary code by uploading and launching an executable file.	2014年07月24日	10.0	CVE-2014-0607
autodesk -- sketchbook_pro	Integer overflow in Autodesk SketchBook Pro before 6.2.6 allows remote attackers to execute arbitrary code via crafted layer mask data in a PSD file, which triggers a heap-based buffer overflow.	2014年07月23日	9.3	CVE-2014-3938 MISC SECUNIA
autodesk -- sketchbook_pro	Heap-based buffer overflow in Autodesk SketchBook Pro before 6.2.6 allows remote attackers to execute arbitrary code via crafted layer bitmap data in a PXD file.	2014年07月23日	9.3	CVE-2014-3939 MISC SECUNIA
bfgminer -- bfgminer	Multiple stack-based buffer overflows in sgminer before 4.2.2, cgminer before 4.3.5, and BFGMiner before 3.3.0 allow remote pool servers to have unspecified impact via a long URL in a client.reconnect stratum message to the (1) extract_sockaddr or (2) parse_reconnect functions in util.c.	2014年07月23日	10.0	CVE-2014-4501 FULLDISC
bfgminer -- bfgminer	Multiple heap-based buffer overflows in the parse_notify function in sgminer before 4.2.2, cgminer before 4.3.5, and BFGMiner before 4.1.0 allow remote pool servers to have unspecified impact via a (1) large or (2) negative value in the Extranonc2_size parameter in a mining.subscribe response and a crafted mining.notify request.	2014年07月23日	10.0	CVE-2014-4502 CONFIRM FULLDISC
blogengine -- e2	SQL injection vulnerability in E2 before 2.4 (2845) allows remote attackers to execute arbitrary SQL commands via the note-id parameter to @actions/comment-process.	2014年07月24日	7.5	CVE-2014-4736 MISC BID BUGTRAQ
citrix -- xenserver	Buffer overflow in the HVM graphics console support in Citrix XenServer 6.2 Service Pack 1 and earlier has unspecified impact and attack vectors.	2014年07月22日	10.0	CVE-2014-4947 BID
cybozu -- garoon	The CGI component in Cybozu Garoon 3.1.0 through 3.7 SP3 allows remote attackers to execute arbitrary commands via unspecified vectors.	2014年07月20日	10.0	CVE-2014-1987
cybozu -- garoon	Cybozu Garoon 3.7 before SP4 allows remote authenticated users to bypass intended access restrictions, and execute arbitrary code or cause a denial of service, via an API call.	2014年07月20日	7.5	CVE-2014-1996
elasticsearch -- logstash	Elasticsearch Logstash 1.0.14 through 1.4.x before 1.4.2 allows remote attackers to execute arbitrary commands via a crafted event in (1) zabbix.rb or (2) nagios_nsca.rb in outputs/.	2014年07月22日	7.5	CVE-2014-4326 BUGTRAQ CONFIRM
fuelphp -- fuelphp	The auto-format feature in the Request_Curl class in FuelPHP 1.1 through 1.7.1 allows remote attackers to execute arbitrary code via a crafted response.	2014年07月20日	7.5	CVE-2014-1999
gitlist -- gitlist	Gitlist allows remote attackers to execute arbitrary commands via shell metacharacters in a file name to Source/.	2014年07月22日	7.5	CVE-2013-7392 MISC MISC
gitlist -- gitlist	Gitlist before 0.5.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the file name in the URI of a request for a (1) blame, (2) file, or (3) stats page, as demonstrated by requests to blame/master/, master/, and stats/master/.	2014年07月22日	7.5	CVE-2014-4511 CONFIRM EXPLOIT-DB EXPLOIT-DB MISC MISC MISC
google -- chrome	The ResourceFetcher::canRequest function in core/fetch/ResourceFetcher.cpp in Blink, as used in Google Chrome before 36.0.1985.125, does not properly restrict subresource requests associated with SVG files, which allows remote attackers to bypass the Same Origin Policy via a crafted file.	2014年07月20日	7.5	CVE-2014-3160 CONFIRM CONFIRM
google -- chrome	The WebMediaPlayerAndroid::load function in content/renderer/media/android/webmediaplayer_android.cc in Google Chrome before 36.0.1985.122 on Android does not properly interact with redirects, which allows remote attackers to bypass the Same Origin Policy via a crafted web site that hosts a video stream.	2014年07月20日	7.5	CVE-2014-3161 CONFIRM CONFIRM
honeywell -- falcon_xlweb_linux_controller	Honeywell FALCON XLWeb Linux controller devices 2.04.01 and earlier and FALCON XLWeb XLWebExe controller devices 2.02.11 and earlier allow remote attackers to bypass authentication and obtain administrative access by visiting the change-password page.	2014年07月24日	7.6	CVE-2014-2717
joomlaboat -- com_youtubegallery	Multiple SQL injection vulnerabilities in models\gallery.php in Youtube Gallery (com_youtubegallery) component 4.x through 4.1.7, and possibly 3.x, for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) listid or (2) themeid parameter to index.php.	2014年07月21日	7.5	CVE-2014-4960 BID EXPLOIT-DB
limesurvey -- limesurvey	SQL injection vulnerability in CPDB in application/controllers/admin/participantsaction.php in LimeSurvey 2.05+ Build 140618 allows remote attackers to execute arbitrary SQL commands via the sidx parameter in a JSON request to admin/participants/sa/getParticipants_json, related to a search parameter.	2014年07月21日	7.5	CVE-2014-5017 MISC
mozilla -- firefox	Use-after-free vulnerability in the CERT_DestroyCertificate function in libnss3.so in Mozilla Network Security Services (NSS) 3.x, as used in Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7, allows remote attackers to execute arbitrary code via vectors that trigger certain improper removal of an NSSCertificate structure from a trust domain.	2014年07月23日	10.0	CVE-2014-1544 CONFIRM
mozilla -- firefox	Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.	2014年07月23日	10.0	CVE-2014-1547 CONFIRM CONFIRM CONFIRM CONFIRM
mozilla -- firefox	Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 31.0 and Thunderbird before 31.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.	2014年07月23日	10.0	CVE-2014-1548 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM
mozilla -- firefox	The mozilla::dom::AudioBufferSourceNodeEngine::CopyFromInputBuffer function in Mozilla Firefox before 31.0 and Thunderbird before 31.0 does not properly allocate Web Audio buffer memory, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via crafted audio content that is improperly handled during playback buffering.	2014年07月23日	9.3	CVE-2014-1549 CONFIRM
mozilla -- firefox	Use-after-free vulnerability in the MediaInputPort class in Mozilla Firefox before 31.0 and Thunderbird before 31.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by leveraging incorrect Web Audio control-message ordering.	2014年07月23日	10.0	CVE-2014-1550 CONFIRM
mozilla -- firefox	Use-after-free vulnerability in the FontTableRec destructor in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 on Windows allows remote attackers to execute arbitrary code via crafted use of fonts in MathML content, leading to improper handling of a DirectWrite font-face object.	2014年07月23日	10.0	CVE-2014-1551 CONFIRM
mozilla -- firefox	Use-after-free vulnerability in the nsDocLoader::OnProgress function in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 allows remote attackers to execute arbitrary code via vectors that trigger a FireOnStateChange event.	2014年07月23日	9.3	CVE-2014-1555 CONFIRM
mozilla -- firefox	Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 allow remote attackers to execute arbitrary code via crafted WebGL content constructed with the Cesium _javascript_ library.	2014年07月23日	9.3	CVE-2014-1556 CONFIRM
mozilla -- firefox	The ConvolveHorizontally function in Skia, as used in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7, does not properly handle the discarding of image data during function execution, which allows remote attackers to execute arbitrary code by triggering prolonged image scaling, as demonstrated by scaling of a high-quality image.	2014年07月23日	9.3	CVE-2014-1557 CONFIRM
oleumtech -- sensor_wireless_i/o_module	OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules allow remote attackers to execute arbitrary code via packets that report a high battery voltage.	2014年07月24日	7.5	CVE-2014-2360
oleumtech -- sensor_wireless_i/o_module	OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules, when BreeZ is used, do not require authentication for reading the site security key, which allows physically proximate attackers to spoof communication by obtaining this key after use of direct hardware access or manual-setup mode.	2014年07月24日	7.2	CVE-2014-2361
oleumtech -- sensor_wireless_i/o_module	OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules rely exclusively on a time value for entropy in key generation, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by predicting the time of project creation.	2014年07月24日	7.8	CVE-2014-2362
redhat -- jboss_enterprise_application_platform	The org.picketlink.common.util.DocumentUtil.getDocumentBuilderFactory method in PicketLink, as used in Red Hat JBoss Enterprise Application Platform (JBEAP) 5.2.0 and 6.2.4, expands entity references, which allows remote attackers to read arbitrary code and possibly have other unspecified impact via unspecified vectors, related to an XML External Entity (XXE) issue.	2014年07月22日	7.5	CVE-2014-3530

Medium Vulnerabilities

Primary Vendor -- Product	Description	Published	CVSS Score	Source & Patch Info
advantech -- advantech_webaccess	Unspecified vulnerability in Advantech WebAccess before 7.2 allows remote authenticated users to create or delete arbitrary files via unknown vectors.	2014年07月19日	5.5	CVE-2014-2365
advantech -- advantech_webaccess	upAdminPg.asp in Advantech WebAccess before 7.2 allows remote authenticated users to discover credentials by reading HTML source code.	2014年07月19日	4.0	CVE-2014-2366
advantech -- advantech_webaccess	The ChkCookie subroutine in an ActiveX control in broadweb/include/gChkCook.asp in Advantech WebAccess before 7.2 allows remote attackers to read arbitrary files via a crafted call.	2014年07月19日	4.3	CVE-2014-2367
advantech -- advantech_webaccess	The BrowseFolder method in the bwocxrun ActiveX control in Advantech WebAccess before 7.2 allows remote attackers to read arbitrary files via a crafted call.	2014年07月19日	5.0	CVE-2014-2368
apache -- http_server	The cache_invalidate function in modules/cache/cache_storage.c in the mod_cache module in the Apache HTTP Server 2.4.6, when a caching forward proxy is enabled, allows remote HTTP servers to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger a missing hostname value.	2014年07月20日	4.3	CVE-2013-4352 CONFIRM CONFIRM CONFIRM
apache -- http_server	The mod_proxy module in the Apache HTTP Server 2.4.x before 2.4.10, when a reverse proxy is enabled, allows remote attackers to cause a denial of service (child-process crash) via a crafted HTTP Connection header.	2014年07月20日	4.3	CVE-2014-0117 CONFIRM MISC CONFIRM CONFIRM CONFIRM CONFIRM
apache -- http_server	The deflate_in_filter function in mod_deflate.c in the mod_deflate module in the Apache HTTP Server before 2.4.10, when request body decompression is enabled, allows remote attackers to cause a denial of service (resource consumption) via crafted request data that decompresses to a much larger size.	2014年07月20日	4.3	CVE-2014-0118 CONFIRM CONFIRM CONFIRM
apache -- http_server	Race condition in the mod_status module in the Apache HTTP Server before 2.4.10 allows remote attackers to cause a denial of service (heap-based buffer overflow), or possibly obtain sensitive credential information or execute arbitrary code, via a crafted request that triggers improper scoreboard handling within the status_handler function in modules/generators/mod_status.c and the lua_ap_scoreboard_worker function in modules/lua/lua_request.c.	2014年07月20日	6.8	CVE-2014-0226 CONFIRM MISC CONFIRM CONFIRM CONFIRM CONFIRM
apache -- http_server	The mod_cgid module in the Apache HTTP Server before 2.4.10 does not have a timeout mechanism, which allows remote attackers to cause a denial of service (process hang) via a request to a CGI script that does not read from its stdin file descriptor.	2014年07月20日	5.0	CVE-2014-0231 CONFIRM CONFIRM CONFIRM CONFIRM
apache -- http_server	Memory leak in the winnt_accept function in server/mpm/winnt/child.c in the WinNT MPM in the Apache HTTP Server 2.4.x before 2.4.10 on Windows, when the default AcceptFilter is enabled, allows remote attackers to cause a denial of service (memory consumption) via crafted requests.	2014年07月20日	5.0	CVE-2014-3523 CONFIRM CONFIRM
canonical -- acpi-support	Race condition in the power policy functions in policy-funcs in acpi-support before 0.142 allows local users to gain privileges via unspecified vectors.	2014年07月24日	6.9	CVE-2014-1419 CONFIRM
cgminer_project -- cgminer	The parse_notify function in util.c in sgminer before 4.2.2 and cgminer 3.3.0 through 4.0.1 allows man-in-the-middle attackers to cause a denial of service (application exit) via a crafted (1) bbversion, (2) prev_hash, (3) nbit, or (4) ntime parameter in a mining.notify action stratum message.	2014年07月23日	4.3	CVE-2014-4503 FULLDISC
cisco -- asr_9000_rsp440_router	Cisco IOS XR 4.3(.2) and earlier on ASR 9000 devices does not properly perform NetFlow sampling of IP packets, which allows remote attackers to cause a denial of service (chip and card hangs) via malformed (1) IPv4 or (2) IPv6 packets, aka Bug ID CSCuo68417.	2014年07月24日	6.1	CVE-2014-3322
cisco -- unified_customer_voice_portal	Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified Customer Voice Portal (CVP) allow remote attackers to inject arbitrary web script or HTML via a crafted parameter, aka Bug IDs CSCuh61711, CSCuh61720, CSCuh61723, CSCuh61726, CSCuh61727, CSCuh61731, and CSCuh61733.	2014年07月19日	4.3	CVE-2014-3325
citrix -- xenserver	Unspecified vulnerability in Citrix XenServer 6.2 Service Pack 1 and earlier allows attackers to cause a denial of service and obtain sensitive information by modifying the guest virtual hard disk (VHD).	2014年07月22日	6.4	CVE-2014-4948 BID
cybozu -- garoon	The Portlets subsystem in Cybozu Garoon 2.x and 3.x before 3.7 SP4 allows remote authenticated users to bypass intended access restrictions via unspecified vectors.	2014年07月20日	4.0	CVE-2014-1993
dell -- sonicwall_analyzer	Cross-site scripting (XSS) vulnerability in sgms/panelManager in Dell SonicWALL GMS, Analyzer, and UMA before 7.2 SP1 allows remote attackers to inject arbitrary web script or HTML via the node_id parameter.	2014年07月24日	4.3	CVE-2014-5024 BID FULLDISC MISC
drupal -- drupal	The multisite feature in Drupal 6.x before 6.32 and 7.x before 7.29 allows remote attackers to cause a denial of service via a crafted HTTP Host header, related to determining which configuration file to use.	2014年07月22日	5.0	CVE-2014-5019 DEBIAN
drupal -- drupal	The File module in Drupal 7.x before 7.29 does not properly check permissions to view files, which allows remote authenticated users with certain permissions to bypass intended restrictions and read files by attaching the file to content with a file field.	2014年07月22日	4.9	CVE-2014-5020 DEBIAN
drupal -- drupal	Cross-site scripting (XSS) vulnerability in the Ajax system in Drupal 7.x before 7.29 allows remote attackers to inject arbitrary web script or HTML via vectors involving forms with an Ajax-enabled textfield and a file field.	2014年07月22日	4.3	CVE-2014-5022 DEBIAN
e107 -- e107	Cross-site scripting (XSS) vulnerability in e107_admin/db.php in e107 2.0 alpha2 and earlier allows remote attackers to inject arbitrary web script or HTML via the type parameter.	2014年07月21日	4.3	CVE-2014-4734 MISC CONFIRM BID BUGTRAQ
emc -- recoverpoint_appliance	The default configuration of EMC RecoverPoint Appliance (RPA) 4.1 before 4.1.0.1 does not enable a firewall, which allows remote attackers to obtain potentially sensitive information about open ports, or cause a denial of service, by sending packets to many ports.	2014年07月19日	5.8	CVE-2014-2519 BUGTRAQ
entity_api_module_project -- entity_api_module	The Entity API module 7.x-1.x before 7.x-1.2 for Drupal does not properly restrict access to node comments, which allows remote authenticated users to read the comments via unspecified vectors. NOTE: this identifier was SPLIT per ADT5 due to different researcher organizations. CVE-2013-7391 was assigned for the View vector.	2014年07月19日	4.0	CVE-2013-4273 CONFIRM MLIST
entity_api_module_project -- entity_api_module	The Entity API module 7.x-1.x before 7.x-1.2 for Drupal, when using the (a) Views field or (b) area plugins, allows remote attackers to read restricted entities via the (1) field, (2) header, or (3) footer of a View. NOTE: this identifier was SPLIT from CVE-2013-4273 per ADT5 due to different researcher organizations.	2014年07月19日	5.0	CVE-2013-7391 MLIST
eterna -- bozohttpd	bozotic HTTP server (aka bozohttpd) before 20140708, as used in NetBSD, truncates paths when checking .htpasswd restrictions, which allows remote attackers to bypass the HTTP authentication scheme and access restrictions via a long path.	2014年07月24日	5.0	CVE-2014-5015 XF BID OSVDB CONFIRM MLIST
gitlist -- gitlist	Repository.php in Gitter, as used in Gitlist, allows remote attackers with commit privileges to execute arbitrary commands via shell metacharacters in a branch name, as demonstrated by a "git checkout -b" command.	2014年07月22日	6.8	CVE-2014-5023 MISC
google -- chrome	The WebContentsDelegateAndroid::OpenURLFromTab function in components/web_contents_delegate_android/web_contents_delegate_android.cc in Google Chrome before 36.0.1985.122 on Android does not properly restrict URL loading, which allows remote attackers to spoof the URL in the Omnibox via unspecified vectors.	2014年07月20日	6.4	CVE-2014-3159 CONFIRM CONFIRM
google -- chrome	Multiple unspecified vulnerabilities in Google Chrome before 36.0.1985.125 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.	2014年07月20日	5.0	CVE-2014-3162 CONFIRM
honeywell -- falcon_xlweb_linux_controller	Multiple cross-site scripting (XSS) vulnerabilities on Honeywell FALCON XLWeb Linux controller devices 2.04.01 and earlier and FALCON XLWeb XLWebExe controller devices 2.02.11 and earlier allow remote attackers to inject arbitrary web script or HTML via invalid input.	2014年07月24日	4.3	CVE-2014-3110
huawei -- e355_web_ui	Cross-site scripting (XSS) vulnerability in the web interface on the Huawei E355 CH1E355SM modem with software 21.157.37.01.910 and Web UI 11.001.08.00.03 allows remote attackers to inject arbitrary web script or HTML via an SMS message.	2014年07月24日	4.3	CVE-2014-2968
ibm -- storwize_unified_v7000_software	IBM Storwize V7000 Unified 1.3.x and 1.4.x before 1.4.3.3 allows remote authenticated users to gain privileges by leveraging access to the service account.	2014年07月19日	6.5	CVE-2014-3043
ibm -- infosphere_master_data_management_collaboration_server	The GDS component in IBM InfoSphere Master Data Management - Collaborative Edition 10.x and 11.x before 11.0 FP4 and InfoSphere Master Data Management Server for Product Information Management 9.0 and 9.1 allows remote authenticated users to read arbitrary files via a crafted UNIX file parameter.	2014年07月19日	6.3	CVE-2014-3064 XF
limesurvey -- limesurvey	Multiple cross-site scripting (XSS) vulnerabilities in LimeSurvey 2.05+ Build 140618 allow remote attackers to inject arbitrary web script or HTML via (1) the pid attribute to the getAttribute_json function to application/controllers/admin/participantsaction.php in CPDB, (2) the sa parameter to application/views/admin/globalSettings_view.php, or (3) a crafted CSV file to the "Import CSV" functionality.	2014年07月21日	4.3	CVE-2014-5016 MISC
limesurvey -- limesurvey	Incomplete blacklist vulnerability in the autoEscape function in common_helper.php in LimeSurvey 2.05+ Build 140618 allows remote attackers to conduct cross-site scripting (XSS) attacks via the GBK charset in the loadname parameter to index.php, related to the survey resume.	2014年07月21日	4.3	CVE-2014-5018 MISC
linux -- linux_kernel	The PPPoL2TP feature in net/l2tp/l2tp_ppp.c in the Linux kernel through 3.15.6 allows local users to gain privileges by leveraging data-structure differences between an l2tp socket and an inet socket.	2014年07月19日	6.9	CVE-2014-4943 CONFIRM CONFIRM MLIST
mit -- kerberos	MIT Kerberos 5 (aka krb5) before 1.12.2 allows remote attackers to cause a denial of service (buffer over-read and application crash) by injecting invalid tokens into a GSSAPI application session.	2014年07月20日	5.0	CVE-2014-4341 CONFIRM
mit -- kerberos	MIT Kerberos 5 (aka krb5) 1.7.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (buffer over-read or NULL pointer dereference, and application crash) by injecting invalid tokens into a GSSAPI application session.	2014年07月20日	5.0	CVE-2014-4342 CONFIRM
mozilla -- firefox	Mozilla Firefox before 31.0 and Thunderbird before 31.0 do not properly implement the sandbox attribute of the IFRAME element, which allows remote attackers to bypass intended restrictions on same-origin content via a crafted web site in conjunction with a redirect.	2014年07月23日	5.8	CVE-2014-1552 CONFIRM
mozilla -- firefox	Mozilla Firefox before 31.0 and Thunderbird before 31.0 allow remote attackers to cause a denial of service (X.509 certificate parsing outage) via a crafted certificate that does not use UTF-8 character encoding in a required context, a different vulnerability than CVE-2014-1559.	2014年07月23日	4.3	CVE-2014-1558 CONFIRM
mozilla -- firefox	Mozilla Firefox before 31.0 and Thunderbird before 31.0 allow remote attackers to cause a denial of service (X.509 certificate parsing outage) via a crafted certificate that does not use UTF-8 character encoding in a required context, a different vulnerability than CVE-2014-1558.	2014年07月23日	4.3	CVE-2014-1559 CONFIRM
mozilla -- firefox	Mozilla Firefox before 31.0 and Thunderbird before 31.0 allow remote attackers to cause a denial of service (X.509 certificate parsing outage) via a crafted certificate that does not use ASCII character encoding in a required context.	2014年07月23日	4.3	CVE-2014-1560 CONFIRM
mozilla -- firefox	Mozilla Firefox before 31.0 does not properly restrict use of drag-and-drop events to spoof customization events, which allows remote attackers to alter the placement of UI icons via crafted _javascript_ code that is encountered during (1) page, (2) panel, or (3) toolbar customization.	2014年07月23日	5.8	CVE-2014-1561 CONFIRM CONFIRM
nexatechnologies -- meridian	Cross-site scripting (XSS) vulnerability in Nexa Meridian before 2014 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.	2014年07月20日	4.3	CVE-2014-3892
nextapp -- file_explorer	Directory traversal vulnerability in the NextApp File Explorer application before 2.1.0.3 for Android allows remote attackers to overwrite or create arbitrary files via a crafted filename.	2014年07月20日	5.0	CVE-2014-1973
octavocms -- octavocms	Cross-site scripting (XSS) vulnerability in admin/viewer.php in OctavoCMS allows remote attackers to inject arbitrary web script or HTML via the src parameter.	2014年07月19日	4.3	CVE-2014-4331 BID BUGTRAQ VIM
omeka -- omeka	Multiple cross-site request forgery (CSRF) vulnerabilities in Omeka before 2.2.1 allow remote attackers to hijack the authentication of administrators for requests that (1) add a new super user account via a request to admin/users/add, (2) insert cross-site scripting (XSS) sequences via the api_key_label parameter to admin/users/api-keys/1, or (3) disable file validation via a request to admin/settings/edit-security.	2014年07月25日	6.8	CVE-2014-5100 XF XF MISC MISC BID EXPLOIT-DB MISC
omron -- ns10_hmi_terminal	Cross-site request forgery (CSRF) vulnerability in the web application on Omron NS5, NS8, NS10, NS12, and NS15 HMI terminals 8.1xx through 8.68x allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors.	2014年07月24日	6.0	CVE-2014-2369
openstack -- neutron	OpenStack Neutron before 2013年2月4日, 2014.x before 2014年1月2日, and Juno before Juno-2 allows remote authenticated users to cause a denial of service (crash or long firewall rule updates) by creating a large number of allowed address pairs.	2014年07月23日	4.0	CVE-2014-3555 MISC BID MLIST
php_kobo -- multifunctional_mailform_free	Cross-site scripting (XSS) vulnerability in PHP Kobo Multifunctional MailForm Free 2014年1月28日 and earlier allows remote attackers to inject arbitrary web script or HTML via an HTTP Referer header.	2014年07月20日	4.3	CVE-2014-3894
phpmyadmin -- phpmyadmin	server_user_groups.php in phpMyAdmin 4.1.x before 4.1.14.2 and 4.2.x before 4.2.6 allows remote authenticated users to bypass intended access restrictions and read the MySQL user list via a viewUsers request.	2014年07月20日	4.0	CVE-2014-4987 CONFIRM
polarssl -- polarssl	The ssl_decrypt_buf function in library/ssl_tls.c in PolarSSL before 1.2.11 and 1.3.x before 1.3.8 allows remote attackers to cause a denial of service (crash) via vectors related to the GCM ciphersuites, as demonstrated using the Codenomicon Defensics toolkit.	2014年07月22日	5.0	CVE-2014-4911 DEBIAN
redhat -- enterprise_mrg	Cumin (aka MRG Management Console), as used in Red Hat Enterprise MRG 2.5, allows attackers with certain database privileges to cause a denial of service (inaccessible page) via a non-ASCII character in the name of a link.	2014年07月19日	5.0	CVE-2012-2682 CONFIRM
redhat -- jboss_enterprise_application_platform	jmx-remoting.sar in JBoss Remoting, as used in Red Hat JBoss Enterprise Application Platform (JEAP) 5.2.0, Red Hat JBoss BRMS 5.3.1, Red Hat JBoss Portal Platform 5.2.2, and Red Hat JBoss SOA Platform 5.3.1, does not properly implement the JSR 160 specification, which allows remote attackers to execute arbitrary code via unspecified vectors.	2014年07月22日	6.8	CVE-2014-3518
reviewboard -- review_board	Cross-site scripting (XSS) vulnerability in Review Board 1.7.x before 1.7.27 and 2.0.x before 2.0.4 allows remote attackers to inject arbitrary web script or HTML via a query parameter to a diff fragment page.	2014年07月25日	4.3	CVE-2014-5027 BID MLIST MLIST
siemens -- simatic_pcs7	The WebNavigator server in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows remote attackers to obtain sensitive information via an HTTP request.	2014年07月24日	5.0	CVE-2014-4682
siemens -- simatic_pcs7	The WebNavigator server in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows remote authenticated users to gain privileges via a (1) HTTP or (2) HTTPS request.	2014年07月24日	4.9	CVE-2014-4683
siemens -- simatic_pcs7	The database server in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows remote authenticated users to gain privileges via a request to TCP port 1433.	2014年07月24日	6.0	CVE-2014-4684
siemens -- simatic_pcs7	Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows local users to gain privileges by leveraging weak system-object access control.	2014年07月24日	4.6	CVE-2014-4685
siemens -- simatic_pcs7	The Project administration application in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, has a hardcoded encryption key, which allows remote attackers to obtain sensitive information by extracting this key from another product installation and then employing this key during the sniffing of network traffic on TCP port 1030.	2014年07月24日	6.8	CVE-2014-4686
sophos -- anti-virus	Multiple cross-site scripting (XSS) vulnerabilities in the web UI in Sophos Anti-Virus for Linux before 9.6.1 allow local users to inject arbitrary web script or HTML via the (1) newListList:ExcludeFileOnExpression, (2) newListList:ExcludeFilesystems, or (3) newListList:ExcludeMountPaths parameter to exclusion/configure or (4) text:EmailServer or (5) newListList:Email parameter to notification/configure.	2014年07月22日	4.3	CVE-2014-2385 MISC SECTRACK FULLDISC
tenable -- nessus	The /server/properties resource in Tenable Web UI before 2.3.5 for Nessus 5.2.3 through 5.2.7 allows remote attackers to obtain sensitive information via the token parameter.	2014年07月23日	5.0	CVE-2014-4980 SECTRACK BID BUGTRAQ OSVDB MISC MISC
ubnt -- unifi_video	The default Flash cross-domain policy (crossdomain.xml) in Ubiquiti Networks UniFi Video (formerly AirVision aka AirVision Controller) before 3.0.1 does not restrict access to the application, which allows remote attackers to bypass the Same Origin Policy via a crafted SWF file.	2014年07月25日	6.0	CVE-2014-2227 BID MISC FULLDISC
webmin -- usermin	Cross-site scripting (XSS) vulnerability in Usermin before 1.600 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this might overlap CVE-2014-3924.	2014年07月20日	4.3	CVE-2014-3884
webmin -- webmin	Cross-site scripting (XSS) vulnerability in Webmin before 1.690 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. NOTE: this might overlap CVE-2014-3924.	2014年07月20日	4.3	CVE-2014-3885
x -- xf86-video-intel	Directory traversal vulnerability in tools/backlight_helper.c in X.Org xf86-video-intel 2.99.911 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in the interface name.	2014年07月24日	4.6	CVE-2014-4910 XF MLIST MLIST OSVDB MLIST

Low Vulnerabilities

Primary Vendor -- Product	Description	Published	CVSS Score	Source & Patch Info
apple -- cups	The web interface in CUPS before 1.7.4 allows local users in the lp group to read arbitrary files via a symlink attack on a file in /var/cache/cups/rss/.	2014年07月23日	1.2	CVE-2014-3537 CONFIRM UBUNTU SECTRACK CONFIRM SECUNIA FEDORA
cybozu -- garoon	Cross-site scripting (XSS) vulnerability in the Messages functionality in Cybozu Garoon 3.1.x, 3.5.x, and 3.7.x before 3.7 SP4 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.	2014年07月20日	3.5	CVE-2014-1992
cybozu -- garoon	Cross-site scripting (XSS) vulnerability in the Notices portlet in Cybozu Garoon 2.x and 3.x before 3.7 SP4 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.	2014年07月20日	3.5	CVE-2014-1994
cybozu -- garoon	Cross-site scripting (XSS) vulnerability in the Map search functionality in Cybozu Garoon 2.x and 3.x before 3.7 SP4 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.	2014年07月20日	3.5	CVE-2014-1995
d-bus_project -- d-bus	dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6, when running on Linux 2.6.37-rc4 or later, allows local users to cause a denial of service (system-bus disconnect of other services or applications) by sending a message containing a file descriptor, then exceeding the maximum recursion depth before the initial message is forwarded.	2014年07月19日	2.1	CVE-2014-3532 DEBIAN SECUNIA MLIST
d-bus_project -- d-bus	dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6 allows local users to cause a denial of service (disconnect) via a certain sequence of crafted messages that cause the dbus-daemon to forward a message containing an invalid file descriptor.	2014年07月19日	2.1	CVE-2014-3533 CONFIRM DEBIAN SECUNIA MLIST
drupal -- drupal	Cross-site scripting (XSS) vulnerability in the Form API in Drupal 6.x before 6.32 and possibly 7.x before 7.29 allows remote authenticated users with the "administer taxonomy" permission to inject arbitrary web script or HTML via an option group label.	2014年07月22日	2.1	CVE-2014-5021 DEBIAN
ibm -- infosphere_master_data_management_collaboration_server	Cross-site scripting (XSS) vulnerability in the GDS component in IBM InfoSphere Master Data Management - Collaborative Edition 10.x and 11.x before 11.0 FP4 and InfoSphere Master Data Management Server for Product Information Management 9.0 and 9.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.	2014年07月19日	3.5	CVE-2014-0967 XF
ibm -- infosphere_master_data_management_collaboration_server	Cross-site scripting (XSS) vulnerability in the GDS component in IBM InfoSphere Master Data Management - Collaborative Edition 10.x and 11.x before 11.0 FP4 and InfoSphere Master Data Management Server for Product Information Management 9.0 and 9.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL for an MHTML document.	2014年07月19日	3.5	CVE-2014-0968 XF
ibm -- infosphere_master_data_management_collaboration_server	The GDS component in IBM InfoSphere Master Data Management - Collaborative Edition 10.x and 11.x before 11.0 FP4 and InfoSphere Master Data Management Server for Product Information Management 9.0 and 9.1 allows remote authenticated users to inject links via unspecified vectors.	2014年07月19日	3.5	CVE-2014-0970 XF
ibm -- scale_out_network_attached_storage	IBM Scale Out Network Attached Storage (SONAS) 1.3.x and 1.4.x before 1.4.3.3 places an administrative password in the shell history upon use of the -p option to chuser, which allows local users to obtain sensitive information by leveraging root access.	2014年07月19日	1.7	CVE-2014-3045
micropact -- icomplaints	Cross-site scripting (XSS) vulnerability in AddStdLetter.jsp in MicroPact iComplaints before 8.0.2.1.8.8014 allows remote authenticated users to inject arbitrary web script or HTML via the description parameter.	2014年07月24日	3.5	CVE-2014-2971
omron -- ns10_hmi_terminal	Cross-site scripting (XSS) vulnerability in the web application on Omron NS5, NS8, NS10, NS12, and NS15 HMI terminals 8.1xx through 8.68x allows remote authenticated users to inject arbitrary web script or HTML via crafted data.	2014年07月24日	3.5	CVE-2014-2370
phpmyadmin -- phpmyadmin	Cross-site scripting (XSS) vulnerability in the PMA_getHtmlForActionLinks function in libraries/structure.lib.php in phpMyAdmin 4.2.x before 4.2.6 allows remote authenticated users to inject arbitrary web script or HTML via a crafted table comment that is improperly handled during construction of a database structure page.	2014年07月20日	3.5	CVE-2014-4954 CONFIRM
phpmyadmin -- phpmyadmin	Cross-site scripting (XSS) vulnerability in the PMA_TRI_getRowForList function in libraries/rte/rte_list.lib.php in phpMyAdmin 4.0.x before 4.0.10.1, 4.1.x before 4.1.14.2, and 4.2.x before 4.2.6 allows remote authenticated users to inject arbitrary web script or HTML via a crafted trigger name that is improperly handled on the database triggers page.	2014年07月20日	3.5	CVE-2014-4955 CONFIRM
phpmyadmin -- phpmyadmin	Multiple cross-site scripting (XSS) vulnerabilities in js/functions.js in phpMyAdmin 4.0.x before 4.0.10.1, 4.1.x before 4.1.14.2, and 4.2.x before 4.2.6 allow remote authenticated users to inject arbitrary web script or HTML via a crafted (1) table name or (2) column name that is improperly handled during construction of an AJAX confirmation message.	2014年07月20日	3.5	CVE-2014-4986 CONFIRM
webmin -- webmin	Cross-site scripting (XSS) vulnerability in Webmin before 1.690, when referrer checking is disabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this might overlap CVE-2014-3924.	2014年07月20日	2.6	CVE-2014-3886

This product is provided subject to this Notification and this Privacy & Use policy.

OTHER RESOURCES:

STAY CONNECTED:

SUBSCRIBER SERVICES:
Manage Preferences | Unsubscribe | Help

This email was sent to linux-security@xxxxxxxxxxx using GovDelivery, on behalf of: United States Computer Emergency Readiness Team (US-CERT) · 245 Murray Lane SW Bldg 410 · Washington, DC 20598 · (703) 235-5110 Powered by GovDelivery