SB14-342: Vulnerability Summary for the Week of December 1, 2014

Title: SB14-342: Vulnerability Summary for the Week of December 1, 2014

NCCIC / US-CERT

National Cyber Awareness System:

12/08/2014 01:33 PM EST

Original release date: December 08, 2014

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0
Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9
Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

High Vulnerabilities

Primary Vendor -- Product	Description	Published	CVSS Score	Source & Patch Info
canto -- canto_curses	canto_curses/guibase.py in Canto Curses before 0.9.0 allows remote feed servers to execute arbitrary commands via shell metacharacters in a URL in a feed.	2014年12月03日	7.5	CVE-2013-7416 CONFIRM CONFIRM XF BID MLIST MLIST
cchgroup -- prosystem_fx_engagement	CCH Wolters Kluwer ProSystem fx Engagement (aka PFX Engagement) 7.1 and earlier uses weak permissions (Authenticated Users: Modify and Write) for the (1) Pfx.Engagement.WcfServices, (2) PFXEngDesktopService, (3) PFXSYNPFTService, and (4) P2EWinService service files in PFX Engagement,円 which allows local users to obtain LocalSystem privileges via a Trojan horse file.	2014年12月02日	7.2	CVE-2014-9113 MISC EXPLOIT-DB MISC
creative_minds -- cm_download_manager	The alterSearchQuery function in lib/controllers/CmdownloadController.php in the CreativeMinds CM Downloads Manager plugin before 2.0.4 for WordPress allows remote attackers to execute arbitrary PHP code via the CMDsearch parameter to cmdownloads/, which is processed by the PHP create_function function.	2014年12月05日	10.0	CVE-2014-8877 CONFIRM BID BUGTRAQ MISC MISC
fujitsu -- arrows_kiss_f-03d	FUJITSU F-12C, ARROWS Tab LTE F-01D, ARROWS Kiss F-03D, and REGZA Phone T-01D for Android allows local users to execute arbitrary commands via unspecified vectors.	2014年12月05日	7.2	CVE-2014-7253
google_doc_embedder_project -- google_doc_embedder	SQL injection vulnerability in view.php in the Google Doc Embedder plugin before 2.5.15 for WordPress allows remote attackers to execute arbitrary SQL commands via the gpid parameter.	2014年12月02日	7.5	CVE-2014-9173 CONFIRM XF EXPLOIT-DB MISC OSVDB
graphviz -- graphviz	Format string vulnerability in the yyerror function in lib/cgraph/scan.l in Graphviz allows remote attackers to have unspecified impact via format string specifiers in unknown vector, which are not properly handled in an error string.	2014年12月03日	7.5	CVE-2014-9157 CONFIRM XF BID SECUNIA MLIST MLIST
hikvision -- dvr_ds-7204_firmware	Buffer overflow in Hikvision DVR DS-7204 Firmware 2.2.10 build 131009, and other models and versions, allows remote attackers to execute arbitrary code via an RTSP PLAY request with a long Authorization header.	2014年12月08日	7.5	CVE-2014-4880 EXPLOIT-DB MISC
huawei -- p2-6011_firmware	The hx170dec device driver in Huawei P2-6011 before V100R001C00B043 allows local users to read and write to arbitrary memory locations via unspecified vectors.	2014年12月05日	7.2	CVE-2014-2273 MISC XF BID
huawei -- honor_cube_wireless_router_ws860s	Unrestricted file upload vulnerability in Huawei Honor Cube Wireless Router WS860s before V100R001C02B222 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via unspecified vectors.	2014年12月03日	10.0	CVE-2014-9134 BID
internet_initiative_japan -- seil_b1_firmware	The (1) PPP Access Concentrator (PPPAC) and (2) Dial-Up Networking Internet Initiative Japan Inc. SEIL series routers SEIL/x86 Fuji 1.00 through 3.22; SEIL/X1, SEIL/X2, and SEIL/B1 1.00 through 4.62; SEIL/Turbo 1.82 through 2.18; and SEIL/neu 2FE Plus 1.82 through 2.18 allow remote attackers to cause a denial of service (restart) via crafted (a) GRE or (b) MPPE packets.	2014年12月05日	7.8	CVE-2014-7256 JVNDB JVN
invisionpower -- invision_power_board	SQL injection vulnerability in the IPS Connect service (interface/ipsconnect/ipsconnect.php) in Invision Power Board (aka IPB or IP.Board) 3.3.x and 3.4.x through 3.4.7 before 20141114 allows remote attackers to execute arbitrary SQL commands via the id[] parameter.	2014年12月03日	7.5	CVE-2014-9239 FULLDISC
lsyncd_project -- lsyncd	default-rsyncssh.lua in Lsyncd 2.1.5 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in a filename.	2014年12月05日	7.5	CVE-2014-8990 CONFIRM CONFIRM CONFIRM BID MLIST MLIST FEDORA FEDORA
manageengine -- desktop_central	SQL injection vulnerability in the LinkViewFetchServlet servlet in ManageEngine Desktop Central (DC) and Desktop Central Managed Service Providers (MSP) edition before 9 build 90043, Password Manager Pro (PMP) and Password Manager Pro Managed Service Providers (MSP) edition before 7 build 7003, IT360 and IT360 Managed Service Providers (MSP) edition before 10.3.3 build 10330, and possibly other ManageEngine products, allows remote attackers or remote authenticated users to execute arbitrary SQL commands via the sv parameter to LinkViewFetchServlet.dat.	2014年12月05日	7.5	CVE-2014-3996 MISC MISC FULLDISC
manageengine -- it360	SQL injection vulnerability in the MetadataServlet servlet in ManageEngine Password Manager Pro (PMP) and Password Manager Pro Managed Service Providers (MSP) edition 5 through 7 build 7003, IT360 and IT360 Managed Service Providers (MSP) edition before 10.3.3 build 10330, and possibly other ManageEngine products, allows remote attackers or remote authenticated users to execute arbitrary SQL commands via the sv parameter to MetadataServlet.dat.	2014年12月05日	7.5	CVE-2014-3997 MISC MISC FULLDISC
mybb -- mybb	SQL injection vulnerability in member.php in MyBB (aka MyBulletinBoard) 1.8.x before 1.8.2 allows remote attackers to execute arbitrary SQL commands via the question_id parameter in a do_register action.	2014年12月03日	7.5	CVE-2014-9240 MISC
openvas -- openvas_manager	SQL injection vulnerability in OpenVAS Manager before 4.0.6 and 5.x before 5.0.7 allows remote attackers to execute arbitrary SQL commands via the timezone parameter in a modify_schedule OMP command.	2014年12月02日	7.5	CVE-2014-9220 MLIST
ossec -- ossec	host-deny.sh in OSSEC before 2.8.1 writes to temporary files with predictable filenames without verifying ownership, which allows local users to modify access restrictions in hosts.deny and gain root privileges by creating the temporary files before automatic IP blocking is performed.	2014年12月01日	7.2	CVE-2014-5284 EXPLOIT-DB MISC
pbboard -- pbboard	SQL injection vulnerability in the CheckEmail function in includes/functions.class.php in PBBoard 3.0.1 before 20141128 allows remote attackers to execute arbitrary SQL commands via the email parameter in the register page to index.php. NOTE: the email parameter in the forget page vector is already covered by CVE-2012-4034.2.	2014年12月05日	7.5	CVE-2014-9215 MISC BUGTRAQ MISC
proticaret -- proticaret	SQL injection vulnerability in Proticaret E-Commerce 3.0 allows remote attackers to execute arbitrary SQL commands via a tem:Code element in a SOAP request.	2014年12月03日	7.5	CVE-2014-9237 FULLDISC MISC
services_project -- services	The Services module 7.x-3.x before 7.x-3.10 for Drupal does not properly limit the rate of authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force attack on the administrative password.	2014年12月01日	7.5	CVE-2014-9151
services_project -- services	The _user_resource_create function in the Services module 7.x-3.x before 7.x-3.10 for Drupal uses a password of 1 when creating new user accounts, which makes it easier for remote attackers to guess the password via a brute force attack.	2014年12月01日	7.5	CVE-2014-9152
smartypantsplugins -- sp_project_&_document_manager	Multiple SQL injection vulnerabilities in classes/ajax.php in the Smarty Pants Plugins SP Project & Document Manager plugin (sp-client-document-manager) 2.4.1 and earlier for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) vendor_email[] parameter in the email_vendor function or id parameter in the (2) download_project, (3) download_archive, or (4) remove_cat function.	2014年12月02日	7.5	CVE-2014-9178 XF BUGTRAQ MISC EXPLOIT-DB MISC
subex -- roc_fraud_management_system	SQL injection vulnerability in the login page (login/login) in Subex ROC Fraud Management (aka Fraud Management System and FMS) 7.4 and earlier allows remote attackers to execute arbitrary SQL commands via the ranger_user[name] parameter.	2014年12月02日	7.5	CVE-2014-8728 EXPLOIT-DB
technicolor -- td5130_router_firmware	Technicolor Router TD5130 with firmware 2.05.C29GV allows remote attackers to execute arbitrary commands via shell metacharacters in the ping field (setobject_ip parameter).	2014年12月05日	7.5	CVE-2014-9144 BUGTRAQ EXPLOIT-DB MISC
thomsonreuters -- fixed_assets_cs	The installer in Thomson Reuters Fixed Assets CS 13.1.4 and earlier uses weak permissions for connectbgdl.exe, which allows local users to execute arbitrary code by modifying this program.	2014年12月02日	7.2	CVE-2014-9141 MISC
websitebaker -- websitebaker	SQL injection vulnerability in admin/pages/modify.php in WebsiteBaker 2.8.3 allows remote attackers to execute arbitrary SQL commands via the page_id parameter.	2014年12月03日	7.5	CVE-2014-9242 FULLDISC MISC
wpdatatables -- wpdatatables	SQL injection vulnerability in wpdatatables.php in the wpDataTables plugin 1.5.3 and earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the table_id parameter in a get_wdtable action to wp-admin/admin-ajax.php.	2014年12月02日	7.5	CVE-2014-9175 XF BID MISC EXPLOIT-DB MISC
zohocorp -- manageengine_opmanager	Directory traversal vulnerability in the FileCollector servlet in ZOHO ManageEngine OpManager 11.4, 11.3, and earlier allows remote attackers to write and execute arbitrary files via a .. (dot dot) in the FILENAME parameter.	2014年12月04日	7.5	CVE-2014-6035 MISC FULLDISC
zohocorp -- manageengine_it360	SQL injection vulnerability in the com.manageengine.opmanager.servlet.UpdateProbeUpgradeStatus servlet in ZOHO ManageEngine OpManager 11.3 and 11.4, IT360 10.3 and 10.4, and Social IT Plus 11.0 allows remote attackers or remote authenticated users to execute arbitrary SQL commands via the probeName parameter.	2014年12月04日	7.5	CVE-2014-7867
zohocorp -- manageengine_it360	Multiple SQL injection vulnerabilities in ZOHO ManageEngine OpManager 11.3 and 11.4, IT360 10.3 and 10.4, and Social IT Plus 11.0 allow remote attackers or remote authenticated users to execute arbitrary SQL commands via the (1) OPM_BVNAME parameter in a Delete operation to the APMBVHandler servlet or (2) query parameter in a compare operation to the DataComparisonServlet servlet.	2014年12月04日	7.5	CVE-2014-7868 MISC FULLDISC
zte -- zxdsl	ZTE ZXDSL 831CII has a default password of admin for the admin account, which allows remote attackers to gain administrator privileges.	2014年12月02日	10.0	CVE-2014-9183 MISC

Medium Vulnerabilities

Primary Vendor -- Product	Description	Published	CVSS Score	Source & Patch Info
ad-manager_project -- ad-manager	Open redirect vulnerability in track-click.php in the Ad-Manager plugin 1.1.2 for WordPress allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the out parameter.	2014年12月02日	4.3	CVE-2014-8754 XF MISC FULLDISC MISC
adobe -- acrobat	Race condition in the MoveFileEx call hook feature in Adobe Reader and Acrobat 11.x before 11.0.09 on Windows allows attackers to bypass a sandbox protection mechanism, and consequently write to files in arbitrary locations, via an NTFS junction attack, a similar issue to CVE-2014-0568.	2014年11月29日	6.4	CVE-2014-9150 MISC
ait-pro -- bulletproof_security	Server-side request forgery (SSRF) vulnerability in admin/htaccess/bpsunlock.php in the BulletProof Security plugin before .51.1 for WordPress allows remote attackers to trigger outbound requests that authenticate to arbitrary databases via the dbhost parameter.	2014年12月01日	5.0	CVE-2014-8749 FULLDISC
altitude -- altitude_unified_customer_interaction	Multiple cross-site scripting (XSS) vulnerabilities in Altitude uAgent in Altitude uCI (Unified Customer Interaction) 7.5 allow remote attackers to inject arbitrary web script or HTML via (1) an email hyperlink or the (2) style parameter in the image attribute section.	2014年12月05日	4.3	CVE-2014-9212 MISC
anchorcms -- anchor_cms	models/comment.php in Anchor CMS 0.9.2 and earlier allows remote attackers to inject arbitrary headers into mail messages via a crafted Host: header.	2014年12月02日	4.3	CVE-2014-9182 MISC
antiword_project -- antiword	Buffer overflow in the bGetPPS function in wordole.c in Antiword 0.37 allows remote attackers to cause a denial of service (crash) via a crafted document.	2014年12月05日	5.0	CVE-2014-8123 BID MLIST MLIST
apache -- hadoop	The YARN NodeManager daemon in Apache Hadoop 0.23.0 through 0.23.11 and 2.x before 2.5.2, when using Kerberos authentication, allows remote cluster users to change the permissions of certain files to world-readable via a symlink attack in a public tar archive, which is not properly handled during localization, related to distributed cache.	2014年12月05日	5.0	CVE-2014-3627 SECUNIA SECUNIA
avatar_uploader_project -- avatar_uploader	Directory traversal vulnerability in the Avatar Uploader module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.0-beta6 for Drupal allows remote authenticated users to read arbitrary files via a .. (dot dot) in the path of a cropped picture in the uploader panel.	2014年12月01日	4.0	CVE-2014-9155
clamav -- clamav	Heap-based buffer overflow in the cli_scanpe function in libclamav/pe.c in ClamAV before 0.95.4 allows remote attackers to cause a denial of service (crash) via a crafted y0da Crypter PE file.	2014年12月01日	5.0	CVE-2014-9050 CONFIRM BID MLIST SECUNIA SECUNIA FEDORA
creative_minds -- cm_download_manager	Cross-site request forgery (CSRF) vulnerability in the CreativeMinds CM Downloads Manager plugin before 2.0.7 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the addons_title parameter in the CMDM_admin_settings page to wp-admin/admin.php.	2014年12月05日	6.8	CVE-2014-9129 BID BUGTRAQ MISC
d-link -- dcs-2103_hd_cube_network_camera_firmware	Directory traversal vulnerability in cgi-bin/sddownload.cgi in D-link IP camera DCS-2103 with firmware 1.0.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.	2014年12月03日	5.0	CVE-2014-9234 FULLDISC MISC
d-link -- dcs-2103_hd_cube_network_camera_firmware	D-link IP camera DCS-2103 with firmware 1.0.0 allows remote attackers to obtain the installation path via the file parameter to cgi-bin/sddownload.cgi, as demonstrated by a / (forward slash) character.	2014年12月03日	5.0	CVE-2014-9238 FULLDISC MISC
eleanor-cms -- eleanor_cms	Open redirect vulnerability in go.php in Eleanor CMS allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the QUERY_STRING.	2014年12月02日	5.0	CVE-2014-9180 MISC
emc -- rsa_adaptive_authentication_on-premise	RSA Adaptive Authentication (On-Premise) 6.0.2.1 through 7.1 P3, when using device binding in a Challenge SOAP call or using the RSA Adaptive Authentication Integration Adapters with Out-of-Band Phone (Authentify) functionality, conducts permanent device binding even when authentication fails, which allows remote attackers to bypass authentication.	2014年12月08日	5.0	CVE-2014-4631 XF SECTRACK BID BUGTRAQ
f5 -- big-ip	Cross-site scripting (XSS) vulnerability in the tree view (pl_tree.php) feature in Application Security Manager (ASM) in F5 BIG-IP 11.3.0 allows remote attackers to inject arbitrary web script or HTML by accessing a crafted URL during automatic policy generation.	2014年12月08日	4.3	CVE-2014-9342 BUGTRAQ
fasttoggle_project -- fasttoggle	The Fasttoggle module 7.x-1.3 and 7.x-1.4 for Drupal allows remote attackers to block or unblock an account via a crafted user status link.	2014年12月01日	5.8	CVE-2014-5268
filefield_project -- filefield	The FileField module 6.x-3.x before 6.x-3.13 for Drupal does not properly check permissions to view files, which allows remote authenticated users with permission to create or edit content to read private files by attaching an uploaded file.	2014年12月01日	4.0	CVE-2014-9156
fujitsu -- arrows_tab_lte_f-01d	Multiple unspecified vulnerabilities in the Syslink driver for Texas Instruments OMAP mobile processor, as used on NTT DOCOMO ARROWS Tab LTE F-01D, ARROWS X LTE F-05D, Disney Mobile on docomo F-08D, REGZA Phone T-01D, and PRADA phone by LG L-02D; and SoftBank SHARP handsets 102SH allow local users to execute arbitrary code or read kernel memory via unknown vectors related to userland data and "improper data validation."	2014年12月05日	4.6	CVE-2014-7252 JVNDB JVN MISC MISC
fujitsu -- arrows_me_f-11d	Unspecified vulnerability in ARROWS Me F-11D allows physically proximate attackers to read or modify flash memory via unknown vectors.	2014年12月05日	4.6	CVE-2014-7254 JVNDB JVN MISC
gleamtech -- filevista	GleamTech FileVista before 6.1 allows remote authenticated users to obtain sensitive information via a crafted path when saving a zip file, which reveals the installation path in an error message.	2014年12月02日	4.0	CVE-2014-8788 CONFIRM FULLDISC MISC
gleamtech -- filevista	GleamTech FileVista before 6.1 allows remote authenticated users to create arbitrary files and possibly execute arbitrary code via a crafted path in a zip archive, which is not properly handled during extraction.	2014年12月02日	6.5	CVE-2014-8789 CONFIRM FULLDISC MISC
gnu -- glibc	iconvdata/ibm930.c in GNU C Library (aka glibc) before 2.16 allows context-dependent attackers to cause a denial of service (out-of-bounds read) via a multibyte character value of "0xffff" to the iconv function when converting IBM930 encoded data to UTF-8.	2014年12月05日	5.0	CVE-2012-6656 CONFIRM CONFIRM BID MLIST MLIST MANDRIVA
gnu -- glibc	GNU C Library (aka glibc) before 2.20 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via a multibyte character value of "0xffff" to the iconv function when converting (1) IBM933, (2) IBM935, (3) IBM937, (4) IBM939, or (5) IBM1364 encoded data to UTF-8.	2014年12月05日	5.0	CVE-2014-6040 CONFIRM CONFIRM BID MLIST MLIST MANDRIVA
gnu -- cpio	Heap-based buffer overflow in the process_copy_in function in GNU Cpio 2.11 allows remote attackers to cause a denial of service via a large block value in a cpio archive.	2014年12月02日	5.0	CVE-2014-9112 MISC MLIST MLIST MLIST SECUNIA FULLDISC
ibm -- java	Unspecified vulnerability in IBM Java Runtime Environment (JRE) 7 R1 before SR2 (7.1.2.0), 7 before SR8 (7.0.8.0), 6 R1 before SR8 FP2 (6.1.8.2), 6 before SR16 FP2 (6.0.16.2), and before SR16 FP8 (5.0.16.8) allows local users to execute arbitrary code via vectors related to the shared classes cache.	2014年12月01日	6.9	CVE-2014-3065 CONFIRM BID REDHAT REDHAT REDHAT REDHAT REDHAT
ibm -- java	IBM Java Runtime Environment (JRE) 7 R1 before SR1 FP1 (7.1.1.1), 7 before SR7 FP1 (7.0.7.1), 6 R1 before SR8 FP1 (6.1.8.1), 6 before SR16 FP1 (6.0.16.1), and before 5.0 SR16 FP7 (5.0.16.7) allows attackers to obtain the private key from a Certificate Management System (CMS) keystore via a brute force attack.	2014年12月01日	6.4	CVE-2014-3068 CONFIRM XF
icecast -- icecast	Icecast before 2.4.1 transmits the output of the on-connect script, which might allow remote attackers to obtain sensitive information, related to shared file descriptors.	2014年12月03日	5.0	CVE-2014-9018 CONFIRM CONFIRM XF BID MLIST MLIST MANDRIVA CONFIRM
infoware -- mapsuite	Absolute path traversal vulnerability in the MapAPI in Infoware MapSuite before 1.0.36 and 1.1.x before 1.1.49 allows remote attackers to read arbitrary files via unspecified vectors.	2014年12月01日	5.0	CVE-2014-2232 MISC
infoware -- mapsuite	Server-side request forgery (SSRF) vulnerability in the MapAPI in Infoware MapSuite before 1.0.36 and 1.1.x before 1.1.49 allows remote attackers to trigger requests to intranet servers via unspecified vectors.	2014年12月01日	5.0	CVE-2014-2233 MISC
instasqueeze -- sexy_squeeze_pages	Cross-site scripting (XSS) vulnerability in the InstaSqueeze Sexy Squeeze Pages plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the id parameter to lp/index.php.	2014年12月02日	4.3	CVE-2014-9176 XF MISC MISC
internet_initiative_japan -- seil_b1_firmware	Internet Initiative Japan Inc. SEIL Series routers SEIL/X1 2.50 through 4.62, SEIL/X2 2.50 through 4.62, SEIL/B1 2.50 through 4.62, and SEIL/x86 Fuji 1.70 through 3.22 allow remote attackers to cause a denial of service (CPU and traffic consumption) via a large number of NTP requests within a short time, which causes unnecessary NTP responses to be sent.	2014年12月05日	5.0	CVE-2014-7255 JVNDB JVN
kde -- kde-runtime	Multiple cross-site scripting (XSS) vulnerabilities in KDE-Runtime 4.14.3 and earlier, kwebkitpart 1.3.4 and earlier, and kio-extras 5.1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via a crafted URI using the (1) zip, (2) trash, (3) tar, (4) thumbnail, (5) smtps, (6) smtp, (7) smb, (8) remote, (9) recentdocuments, (10) nntps, (11) nntp, (12) network, (13) mbox, (14) ldaps, (15) ldap, (16) fonts, (17) file, (18) desktop, (19) cgi, (20) bookmarks, or (21) ar scheme, which is not properly handled in an error message.	2014年12月08日	4.3	CVE-2014-8600 MISC BID FULLDISC
kennziffer -- ke_questionnaire	The ke_questionnaire extension 2.5.2 and earlier for TYPO3 uses predictable names for the questionnaire answer forms, which makes it easier for remote attackers to obtain sensitive information via a direct request.	2014年12月02日	5.0	CVE-2014-8874 MISC BUGTRAQ FULLDISC
kent-web -- clip_board	Cross-site scripting (XSS) vulnerability in KENT-WEB Clip Board 2.91 and earlier, when running certain versions of Internet Explorer, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.	2014年12月05日	4.3	CVE-2014-7258 CONFIRM JVNDB JVN
lg_electronics -- l-03e	LG Electronics Mobile WiFi router L-09C, L-03E, and L-04D does not restrict access to the web administration interface, which allows remote attackers to obtain sensitive information via unspecified vectors.	2014年12月05日	5.0	CVE-2014-7243 JVNDB JVN MISC
libksba_project -- libskba	Integer underflow in the ksba_oid_to_str function in Libksba before 1.3.2, as used in GnuPG, allows remote attackers to cause a denial of service (crash) via a crafted OID in a (1) S/MIME message or (2) ECC based OpenPGP data, which triggers a buffer overflow.	2014年12月01日	5.0	CVE-2014-9087 MISC SECUNIA SECUNIA SECUNIA MLIST
linux -- linux_kernel	Race condition in arch/x86/kvm/x86.c in the Linux kernel before 2.6.38 allows L2 guest OS users to cause a denial of service (L1 guest OS crash) via a crafted instruction that triggers an L2 emulation failure report, a similar issue to CVE-2014-7842.	2014年11月29日	4.9	CVE-2010-5313 CONFIRM
linux -- linux_kernel	The SCTP implementation in the Linux kernel before 3.17.4 allows remote attackers to cause a denial of service (memory consumption) by triggering a large number of chunks in an association's output queue, as demonstrated by ASCONF probes, related to net/sctp/inqueue.c and net/sctp/sm_statefuns.c.	2014年11月29日	5.0	CVE-2014-3688 CONFIRM CONFIRM UBUNTU UBUNTU MLIST CONFIRM DEBIAN CONFIRM
linux -- linux_kernel	The sctp_process_param function in net/sctp/sm_make_chunk.c in the SCTP implementation in the Linux kernel before 3.17.4, when ASCONF is used, allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via a malformed INIT chunk.	2014年11月29日	5.0	CVE-2014-7841 CONFIRM CONFIRM MLIST CONFIRM CONFIRM
linux -- linux_kernel	Race condition in arch/x86/kvm/x86.c in the Linux kernel before 3.17.4 allows guest OS users to cause a denial of service (guest OS crash) via a crafted application that performs an MMIO transaction or a PIO transaction to trigger a guest userspace emulation error report, a similar issue to CVE-2010-5313.	2014年11月29日	4.9	CVE-2014-7842 MLIST
linux -- linux_kernel	The __clear_user function in arch/arm64/lib/clear_user.S in the Linux kernel before 3.17.4 on the ARM64 platform allows local users to cause a denial of service (system crash) by reading one byte beyond a /dev/zero page boundary.	2014年11月29日	4.9	CVE-2014-7843 MLIST
linux -- linux_kernel	Stack-based buffer overflow in the ttusbdecfe_dvbs_diseqc_send_master_cmd function in drivers/media/usb/ttusb-dec/ttusbdecfe.c in the Linux kernel before 3.17.4 allows local users to cause a denial of service (system crash) or possibly gain privileges via a large message length in an ioctl call.	2014年11月29日	6.1	CVE-2014-8884 CONFIRM CONFIRM MLIST CONFIRM CONFIRM
linux -- linux_kernel	The Linux kernel through 3.17.4 does not properly restrict dropping of supplemental group memberships in certain namespace scenarios, which allows local users to bypass intended file permissions by leveraging a POSIX ACL containing an entry for the group category that is more restrictive than the entry for the other category, aka a "negative groups" issue, related to kernel/groups.c, kernel/uid16.c, and kernel/user_namespace.c.	2014年11月29日	4.6	CVE-2014-8989 MLIST CONFIRM
linux -- linux_kernel	The do_double_fault function in arch/x86/kernel/traps.c in the Linux kernel through 3.17.4 does not properly handle faults associated with the Stack Segment (SS) segment register, which allows local users to cause a denial of service (panic) via a modify_ldt system call, as demonstrated by sigreturn_32 in the linux-clock-tests test suite.	2014年11月29日	4.9	CVE-2014-9090 MLIST
modx -- modx_revolution	MODX Revolution 2.x before 2.2.15 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism by (1) omitting the CSRF token or via a (2) long string in the CSRF token parameter.	2014年12月03日	6.8	CVE-2014-8773 MISC CONFIRM
modx -- modx_revolution	Cross-site scripting (XSS) vulnerability in manager/index.php in MODX Revolution 2.x before 2.2.15 allows remote attackers to inject arbitrary web script or HTML via the context_key parameter.	2014年12月03日	4.3	CVE-2014-8774 MISC CONFIRM
modx -- modx_revolution	MODX Revolution 2.x before 2.2.15 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.	2014年12月03日	5.0	CVE-2014-8775 MISC CONFIRM
mutt -- mutt	The write_one_header function in mutt 1.5.23 does not properly handle newline characters at the beginning of a header, which allows remote attackers to cause a denial of service (crash) via a header with an empty body, which triggers a heap-based buffer overflow in the mutt_substrdup function.	2014年12月02日	5.0	CVE-2014-9116 CONFIRM CONFIRM SECTRACK BID MLIST MLIST CONFIRM
mybb -- mybb	Multiple cross-site scripting (XSS) vulnerabilities in MyBB (aka MyBulletinBoard) 1.8.x before 1.8.2 allow remote attackers to inject arbitrary web script or HTML via the (1) type parameter to report.php, (2) signature parameter in a do_editsig action to usercp.php, or (3) title parameter in the style-templates module in an edit_template action or (4) file parameter in the config-languages module in an edit action to admin/index.php.	2014年12月03日	4.3	CVE-2014-9241 MISC
nextendweb -- nextend_facebook_connect	Cross-site scripting (XSS) vulnerability in nextend-facebook-settings.php in the Nextend Facebook Connect plugin before 1.5.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the fb_login_button parameter in a newfb_update_options action.	2014年12月05日	4.3	CVE-2014-8800 EXPLOIT-DB MISC OSVDB
notify_project -- notify	The Notify module 7.x-1.x before 7.x-1.1 for Drupal does not properly restrict access to (1) new or (2) modified nodes or (3) their fields, which allows remote authenticated users to obtain node titles, teasers, and fields by reading a notification email.	2014年12月01日	4.0	CVE-2014-9154
open-xchange -- open-xchange_appsuite	Server-side request forgery (SSRF) vulnerability in the documentconverter component in Open-Xchange (OX) AppSuite before 7.4.2-rev10 and 7.6.x before 7.6.0-rev10 allows remote attackers to trigger requests to arbitrary servers and embed arbitrary images via a URL in an embedded image in a Text document, which is not properly handled by the image preview.	2014年12月01日	4.3	CVE-2014-5237 BUGTRAQ CONFIRM MISC
openvpn -- openvpn	OpenVPN 2.x before 2.0.11, 2.1.x, 2.2.x before 2.2.3, and 2.3.x before 2.3.6 allows remote authenticated users to cause a denial of service (server crash) via a small control channel packet.	2014年12月03日	6.8	CVE-2014-8104 CONFIRM UBUNTU
phpmyadmin -- phpmyadmin	Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.6, 4.1.x before 4.1.14.7, and 4.2.x before 4.2.12 allow remote authenticated users to inject arbitrary web script or HTML via a crafted (1) database, (2) table, or (3) column name that is improperly handled during rendering of the table browse page; a crafted ENUM value that is improperly handled during rendering of the (4) table print view or (5) zoom search page; or (6) a crafted pma_fontsize cookie that is improperly handled during rendering of the home page.	2014年11月30日	4.3	CVE-2014-8958
phpmyadmin -- phpmyadmin	Directory traversal vulnerability in libraries/gis/GIS_Factory.class.php in the GIS editor in phpMyAdmin 4.0.x before 4.0.10.6, 4.1.x before 4.1.14.7, and 4.2.x before 4.2.12 allows remote authenticated users to include and execute arbitrary local files via a crafted geometry-type parameter.	2014年11月30日	6.5	CVE-2014-8959 CONFIRM
phpmyadmin -- phpmyadmin	Directory traversal vulnerability in libraries/error_report.lib.php in the error-reporting feature in phpMyAdmin 4.1.x before 4.1.14.7 and 4.2.x before 4.2.12 allows remote authenticated users to obtain potentially sensitive information about a file's line count via a crafted parameter.	2014年11月30日	4.0	CVE-2014-8961
phpmyadmin -- phpmyadmin	libraries/common.inc.php in phpMyAdmin 4.0.x before 4.0.10.7, 4.1.x before 4.1.14.8, and 4.2.x before 4.2.13.1 allows remote attackers to cause a denial of service (resource consumption) via a long password.	2014年12月08日	5.0	CVE-2014-9218 CONFIRM CONFIRM CONFIRM XF CONFIRM
phpmyadmin -- phpmyadmin	Cross-site scripting (XSS) vulnerability in the redirection feature in url.php in phpMyAdmin 4.2.x before 4.2.13.1 allows remote attackers to inject arbitrary web script or HTML via the url parameter.	2014年12月08日	4.3	CVE-2014-9219 CONFIRM XF
plex -- plex_media_server	Multiple directory traversal vulnerabilities in Plex Media Server before 0.9.9.3 allow remote attackers to read arbitrary files via a .. (dot dot) in the URI to (1) manage/ or (2) web/ or remote authenticated users to read arbitrary files via a .. (dot dot) in the URI to resources/.	2014年12月02日	5.0	CVE-2014-9181 MISC BUGTRAQ
redhat -- packstack	OpenStack PackStack 2012年2月1日, when the Open vSwitch (OVS) monolithic plug-in is not used, does not properly set the libvirt_vif_driver configuration option when generating the nova.conf configuration, which causes the firewall to be disabled and allows remote attackers to bypass intended access restrictions.	2014年12月01日	5.0	CVE-2014-3703
redhat -- tcpdump	Buffer overflow in the ppp_hdlc function in print-ppp.c in tcpdump 4.6.2 and earlier allows remote attackers to cause a denial of service (crash) cia a crafted PPP packet.	2014年12月05日	5.0	CVE-2014-9140 CONFIRM MLIST
services_project -- services	Cross-site scripting (XSS) vulnerability in the Services module 7.x-3.x before 7.x-3.10 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via the callback parameter in a JSONP response.	2014年12月01日	4.3	CVE-2014-9153
springshare -- libcal	Multiple cross-site scripting (XSS) vulnerabilities in api_events.php in Springshare LibCal 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) m or (2) cid parameter.	2014年12月01日	4.3	CVE-2014-7291 XF MISC FULLDISC
square_enix_co_ltd -- kaku_san_sei_million_aruthur	SQUARE ENIX Co., Ltd. Kaku-San-Sei Million Arthur before 2.25 for Android stores "product credentials" on the SD card, which allows attackers to gain privileges via a crafted application.	2014年12月05日	5.0	CVE-2014-7259 JVNDB JVN
sunhater -- kcfinder	Cross-site scripting (XSS) vulnerability in index.php in SunHater KCFinder 3.11 and earlier allows remote attackers to inject arbitrary web script or HTML via (1) file or (2) directory (folder) name of an uploaded file.	2014年12月02日	4.3	CVE-2014-3988 CONFIRM
supportezzy_ticket_system_project -- supportezzy_ticket_system	Cross-site scripting (XSS) vulnerability in the SupportEzzy Ticket System plugin 1.2.5 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the "URL (optional)" field in a new ticket.	2014年12月02日	4.0	CVE-2014-9179 MISC
svnlabs -- html5_mp3_player_with_playlist_free	The HTML5 MP3 Player with Playlist Free plugin before 2.7 for WordPress allows remote attackers to obtain the installation path via a request to html5plus/playlist.php.	2014年12月02日	5.0	CVE-2014-9177 XF MISC MISC
technicolor -- td5130_router_firmware	Cross-site scripting (XSS) vulnerability in Technicolor Router TD5130 with firmware 2.05.C29GV allows remote attackers to inject arbitrary web script or HTML via the failrefer parameter.	2014年12月05日	4.3	CVE-2014-9142 BUGTRAQ EXPLOIT-DB MISC
technicolor -- td5130_router_firmware	Open redirect vulnerability in Technicolor Router TD5130 with firmware 2.05.C29GV allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the failrefer parameter.	2014年12月05日	4.3	CVE-2014-9143 BUGTRAQ EXPLOIT-DB MISC
torch_gmbh -- graylog2	Graylog2 before 0.92 allows remote attackers to bypass LDAP authentication via crafted wildcards.	2014年12月08日	5.0	CVE-2014-9217
tuleap -- tuleap	project/register.php in Tuleap before 7.7, when sys_create_project_in_one_step is disabled, allows remote authenticated users to conduct PHP object injection attacks and execute arbitrary PHP code via the data parameter.	2014年12月01日	6.0	CVE-2014-8791 BID BUGTRAQ FULLDISC MISC MISC
undertow_project -- undertow	Directory traversal vulnerability in JBoss Undertow 1.0.x before 1.0.17, 1.1.x before 1.1.0.CR5, and 1.2.x before 1.2.0.Beta3, when running on Windows, allows remote attackers to read arbitrary files via a .. (dot dot) in a resource URI.	2014年12月01日	5.0	CVE-2014-7816 BID MLIST
vmware -- vcenter_server_appliance	Cross-site scripting (XSS) vulnerability in VMware vCenter Server Appliance (vCSA) 5.1 before Update 3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.	2014年12月08日	4.3	CVE-2014-3797 BUGTRAQ FULLDISC
vmware -- vcenter_server_appliance	VMware vCenter Server Appliance (vCSA) 5.5 before Update 2, 5.1 before Update 3, and 5.0 before Update 3c does not properly validate certificates when connecting to a CIM Server on an ESXi host, which allows man-in-the-middle attackers to spoof CIM servers via a crafted certificate.	2014年12月08日	4.3	CVE-2014-8371 BUGTRAQ FULLDISC
websitebaker -- websitebaker	Multiple cross-site scripting (XSS) vulnerabilities in WebsiteBaker 2.8.3 allow remote attackers to inject arbitrary web script or HTML via the (1) QUERY_STRING to wb/admin/admintools/tool.php or (2) section_id parameter to edit_module_files.php, (3) news/add_post.php, (4) news/modify_group.php, (5) news/modify_post.php, or (6) news/modify_settings.php in wb/modules/.	2014年12月03日	4.3	CVE-2014-9243 FULLDISC MISC
x3cms -- x3_cms	Multiple cross-site request forgery (CSRF) vulnerabilities in the admin area in X3 CMS 0.5.1 and 0.5.1.1 allow remote attackers to hijack the authentication of administrators via unspecified vectors.	2014年12月03日	6.8	CVE-2014-8771 MISC
xen -- xen	The compatibility mode hypercall argument translation in Xen 3.3.x through 4.4.x, when running on a 64-bit hypervisor, allows local 32-bit HVM guests to cause a denial of service (host crash) via vectors involving altering the high halves of registers while in 64-bit mode.	2014年12月01日	4.9	CVE-2014-8866 BID SECUNIA
xen -- xen	The acceleration support for the "REP MOVS" instruction in Xen 4.4.x, 3.2.x, and earlier lacks properly bounds checking for memory mapped I/O (MMIO) emulated in the hypervisor, which allows local HVM guests to cause a denial of service (host crash) via unspecified vectors.	2014年12月01日	4.9	CVE-2014-8867 BID SECUNIA
yoast -- google_analytics	Cross-site scripting (XSS) vulnerability in the Google Analytics by Yoast (google-analytics-for-wordpress) plugin before 5.1.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the "Manually enter your UA code" (manual_ua_code_field) field in the General Settings.	2014年12月02日	4.3	CVE-2014-9174 MISC CONFIRM BID
zohocorp -- manageengine_it360	Multiple absolute path traversal vulnerabilities in ZOHO ManageEngine Netflow Analyzer 8.6 through 10.2 and IT360 10.3 allow remote attackers or remote authenticated users to read arbitrary files via a full pathname in the schFilePath parameter to the (1) CSVServlet or (2) CReportPDFServlet servlet.	2014年12月04日	5.0	CVE-2014-5445 CONFIRM MISC MISC XF BID BUGTRAQ BUGTRAQ FULLDISC
zohocorp -- manageengine_it360	Directory traversal vulnerability in the DisplayChartPDF servlet in ZOHO ManageEngine Netflow Analyzer 8.6 through 10.2 and IT360 10.3 allows remote attackers and remote authenticated users to read arbitrary files via a .. (dot dot) in the filename parameter.	2014年12月04日	5.0	CVE-2014-5446 MISC XF BID BUGTRAQ BUGTRAQ FULLDISC MISC
zohocorp -- manageengine_it360	Directory traversal vulnerability in the com.me.opmanager.extranet.remote.communication.fw.fe.FileCollector servlet in ZOHO ManageEngine OpManager 8.8 through 11.3, Social IT Plus 11.0, and IT360 10.4 and earlier allows remote attackers or remote authenticated users to write to and execute arbitrary WAR files via a .. (dot dot) in the regionID parameter.	2014年12月04日	5.0	CVE-2014-6034 MISC FULLDISC
zohocorp -- manageengine_it360	Directory traversal vulnerability in the multipartRequest servlet in ZOHO ManageEngine OpManager 11.3 and earlier, Social IT Plus 11.0, and IT360 10.3, 10.4, and earlier allows remote attackers or remote authenticated users to delete arbitrary files via a .. (dot dot) in the fileName parameter.	2014年12月04日	6.4	CVE-2014-6036 MISC FULLDISC
zoph -- zoph	Multiple SQL injection vulnerabilities in Zoph (aka Zoph Organizes Photos) 0.9.1 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) _action parameter to group.php or (2) user.php or the (3) location_id parameter to photos.php in php/.	2014年12月03日	6.5	CVE-2014-9235 FULLDISC MISC
zoph -- zoph	Cross-site scripting (XSS) vulnerability in php/edit_photos.php in Zoph (aka Zoph Organizes Photos) 0.9.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) photographer_id or (2) _crumb parameter.	2014年12月03日	4.3	CVE-2014-9236 FULLDISC MISC
zte -- zxdsl	ZTE ZXDSL 831CII allows remote attackers to bypass authentication via a direct request to (1) main.cgi, (2) adminpasswd.cgi, (3) userpasswd.cgi, (4) upload.cgi, (5) conprocess.cgi, or (6) connect.cgi.	2014年12月02日	5.0	CVE-2014-9184 MISC

Low Vulnerabilities

Primary Vendor -- Product	Description	Published	CVSS Score	Source & Patch Info
clamav -- clamav	clamscan in ClamAV before 0.98.5, when using -a option, allows remote attackers to cause a denial of service (crash) as demonstrated by the jwplayer.js file.	2014年12月01日	2.1	CVE-2013-6497 CONFIRM XF UBUNTU BID MLIST MLIST MANDRIVA SECUNIA SECUNIA FEDORA FEDORA
fedup_project -- fedup	fedup 0.9.0 in Fedora 19, 20, and 21 uses a temporary directory with a static name for its download cache, which allows local users to cause a denial of service (prevention of system updates).	2014年12月01日	2.1	CVE-2013-6494 BID FEDORA
nagios -- nagios	The check_dhcp plugin in Nagios Plugins before 2.0.2 allows local users to obtain sensitive information from INI configuration files via the extra-opts flag, a different vulnerability than CVE-2014-4702.	2014年12月05日	2.1	CVE-2014-4701 SUSE MLIST EXPLOIT-DB SECUNIA SECUNIA FULLDISC MISC
nagios -- nagios	The check_icmp plugin in Nagios Plugins before 2.0.2 allows local users to obtain sensitive information from INI configuration files via the extra-opts flag, a different vulnerability than CVE-2014-4701.	2014年12月05日	2.1	CVE-2014-4702 SUSE MLIST SECUNIA SECUNIA
nagios -- nagios	lib/parse_ini.c in Nagios Plugins 2.0.2 allows local users to obtain sensitive information via a symlink attack on the configuration file in the extra-opts flag. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-4701.	2014年12月05日	2.1	CVE-2014-4703 MLIST FULLDISC
phpmyadmin -- phpmyadmin	Cross-site scripting (XSS) vulnerability in libraries/error_report.lib.php in the error-reporting feature in phpMyAdmin 4.1.x before 4.1.14.7 and 4.2.x before 4.2.12 allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename.	2014年11月30日	3.5	CVE-2014-8960 CONFIRM
redhat -- enterprise_virtualization	The rhevm-log-collector package in Red Hat Enterprise Virtualization 3.4 uses the PostgreSQL database password on the command line when calling sosreport, which allows local users to obtain sensitive information by listing the processes.	2014年12月05日	2.1	CVE-2014-3561 XF SECTRACK
x3cms -- x3_cms	Cross-site scripting (XSS) vulnerability in the search_controller in X3 CMS 0.5.1 and 0.5.1.1 allows remote authenticated users to inject arbitrary web script or HTML via the search parameter.	2014年12月03日	3.5	CVE-2014-8772 MISC

This product is provided subject to this Notification and this Privacy & Use policy.

OTHER RESOURCES:

STAY CONNECTED:

SUBSCRIBER SERVICES:
Manage Preferences | Unsubscribe | Help

This email was sent to linux-security@xxxxxxxxxxx using GovDelivery, on behalf of: United States Computer Emergency Readiness Team (US-CERT) · 245 Murray Lane SW Bldg 410 · Washington, DC 20598 · (703) 235-5110 Powered by GovDelivery