VARIoT IoT vulnerabilities database
| VAR-201407-0600 | CVE-2014-4671 | Adobe Flash Player and Adobe AIR Vulnerable to cross-site request forgery attacks |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
Adobe Flash Player before 13.0.0.231 and 14.x before 14.0.0.145 on Windows and OS X and before 11.2.202.394 on Linux, Adobe AIR before 14.0.0.137 on Android, Adobe AIR SDK before 14.0.0.137, and Adobe AIR SDK & Compiler before 14.0.0.137 do not properly restrict the SWF file format, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks against JSONP endpoints, and obtain sensitive information, via a crafted OBJECT element with SWF content satisfying the character-set requirements of a callback API. Adobe Flash Player and Adobe AIR are prone to an unspecified security vulnerability.
Note: The impact of this issue is currently unknown. We will update this BID when more information emerges. The vulnerability stems from the fact that the program does not restrict the SWF file format.
Background
==========
The Adobe Flash Player is a renderer for the SWF file format, which is
commonly used to provide interactive websites.
Please review the CVE identifiers referenced below for details.
Impact
======
A remote attacker could possibly execute arbitrary code with the
privileges of the process, or cause a Denial of Service condition.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Adobe Flash Player users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=www-plugins/adobe-flash-11.2.202.394"
References
==========
[ 1 ] CVE-2014-0537
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0537
[ 2 ] CVE-2014-0539
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0539
[ 3 ] CVE-2014-4671
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4671
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201407-02.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2014 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Critical: flash-plugin security update
Advisory ID: RHSA-2014:0860-01
Product: Red Hat Enterprise Linux Supplementary
Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-0860.html
Issue date: 2014-07-09
CVE Names: CVE-2014-0537 CVE-2014-0539 CVE-2014-4671
=====================================================================
1. Summary:
An updated Adobe Flash Player package that fixes three security issues is
now available for Red Hat Enterprise Linux 5 and 6 Supplementary.
The Red Hat Security Response Team has rated this update as having Critical
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64
3. Description:
The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash
Player web browser plug-in. These
vulnerabilities are detailed in the Adobe Security Bulletin APSB14-17,
listed in the References section.
Multiple flaws were found in the way flash-plugin displayed certain SWF
content. An attacker could use these flaws to create a specially crafted
SWF file that would cause flash-plugin to crash or, potentially, execute
arbitrary code when the victim loaded a page containing the malicious SWF
content. (CVE-2014-0537, CVE-2014-0539)
This update also fixes a flaw that would lead to Cross-Site Request Forgery
(CSRF) attacks. (CVE-2014-4671)
All users of Adobe Flash Player should install this updated package, which
upgrades Flash Player to version 11.2.202.394.
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the
Red Hat Network to apply this update are available at
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1117586 - CVE-2014-0537 CVE-2014-0539 flash-plugin: security protection bypass (APSB14-17)
1117588 - CVE-2014-4671 flash-plugin: vulnerable JSONP callback APIs issue (APSB14-17)
6. Package List:
Red Hat Enterprise Linux Desktop Supplementary (v. 5):
i386:
flash-plugin-11.2.202.394-1.el5.i386.rpm
x86_64:
flash-plugin-11.2.202.394-1.el5.i386.rpm
Red Hat Enterprise Linux Server Supplementary (v. 5):
i386:
flash-plugin-11.2.202.394-1.el5.i386.rpm
x86_64:
flash-plugin-11.2.202.394-1.el5.i386.rpm
Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386:
flash-plugin-11.2.202.394-1.el6.i686.rpm
x86_64:
flash-plugin-11.2.202.394-1.el6.i686.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386:
flash-plugin-11.2.202.394-1.el6.i686.rpm
x86_64:
flash-plugin-11.2.202.394-1.el6.i686.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386:
flash-plugin-11.2.202.394-1.el6.i686.rpm
x86_64:
flash-plugin-11.2.202.394-1.el6.i686.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package
7. References:
https://www.redhat.com/security/data/cve/CVE-2014-0537.html
https://www.redhat.com/security/data/cve/CVE-2014-0539.html
https://www.redhat.com/security/data/cve/CVE-2014-4671.html
https://access.redhat.com/security/updates/classification/#critical
https://helpx.adobe.com/security/products/flash-player/apsb14-17.html
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2014 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFTvWIcXlSAg2UNWIIRArr2AJwJyNpz/+Ec1y8LhYAkqBKM1ZZXBACfZtYB
gBDt4W/WHbfPbMm4yjzv5Qk=
=+esp
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
| VAR-201407-0069 | CVE-2014-0539 | Adobe Flash Player and Adobe AIR Vulnerable to access restrictions |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
Adobe Flash Player before 13.0.0.231 and 14.x before 14.0.0.145 on Windows and OS X and before 11.2.202.394 on Linux, Adobe AIR before 14.0.0.137 on Android, Adobe AIR SDK before 14.0.0.137, and Adobe AIR SDK & Compiler before 14.0.0.137 allow attackers to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2014-0537. This vulnerability CVE-2014-0537 Is a different vulnerability.An attacker may be able to bypass access restrictions.
Attackers can exploit this issue to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks. Security flaws exist in several Adobe products.
Background
==========
The Adobe Flash Player is a renderer for the SWF file format, which is
commonly used to provide interactive websites.
Please review the CVE identifiers referenced below for details.
Impact
======
A remote attacker could possibly execute arbitrary code with the
privileges of the process, or cause a Denial of Service condition.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Adobe Flash Player users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=www-plugins/adobe-flash-11.2.202.394"
References
==========
[ 1 ] CVE-2014-0537
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0537
[ 2 ] CVE-2014-0539
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0539
[ 3 ] CVE-2014-4671
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4671
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201407-02.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2014 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Critical: flash-plugin security update
Advisory ID: RHSA-2014:0860-01
Product: Red Hat Enterprise Linux Supplementary
Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-0860.html
Issue date: 2014-07-09
CVE Names: CVE-2014-0537 CVE-2014-0539 CVE-2014-4671
=====================================================================
1. Summary:
An updated Adobe Flash Player package that fixes three security issues is
now available for Red Hat Enterprise Linux 5 and 6 Supplementary.
The Red Hat Security Response Team has rated this update as having Critical
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64
3. These
vulnerabilities are detailed in the Adobe Security Bulletin APSB14-17,
listed in the References section.
Multiple flaws were found in the way flash-plugin displayed certain SWF
content. An attacker could use these flaws to create a specially crafted
SWF file that would cause flash-plugin to crash or, potentially, execute
arbitrary code when the victim loaded a page containing the malicious SWF
content. (CVE-2014-0537, CVE-2014-0539)
This update also fixes a flaw that would lead to Cross-Site Request Forgery
(CSRF) attacks. (CVE-2014-4671)
All users of Adobe Flash Player should install this updated package, which
upgrades Flash Player to version 11.2.202.394.
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the
Red Hat Network to apply this update are available at
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1117586 - CVE-2014-0537 CVE-2014-0539 flash-plugin: security protection bypass (APSB14-17)
1117588 - CVE-2014-4671 flash-plugin: vulnerable JSONP callback APIs issue (APSB14-17)
6. Package List:
Red Hat Enterprise Linux Desktop Supplementary (v. 5):
i386:
flash-plugin-11.2.202.394-1.el5.i386.rpm
x86_64:
flash-plugin-11.2.202.394-1.el5.i386.rpm
Red Hat Enterprise Linux Server Supplementary (v. 5):
i386:
flash-plugin-11.2.202.394-1.el5.i386.rpm
x86_64:
flash-plugin-11.2.202.394-1.el5.i386.rpm
Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386:
flash-plugin-11.2.202.394-1.el6.i686.rpm
x86_64:
flash-plugin-11.2.202.394-1.el6.i686.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386:
flash-plugin-11.2.202.394-1.el6.i686.rpm
x86_64:
flash-plugin-11.2.202.394-1.el6.i686.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386:
flash-plugin-11.2.202.394-1.el6.i686.rpm
x86_64:
flash-plugin-11.2.202.394-1.el6.i686.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package
7. References:
https://www.redhat.com/security/data/cve/CVE-2014-0537.html
https://www.redhat.com/security/data/cve/CVE-2014-0539.html
https://www.redhat.com/security/data/cve/CVE-2014-4671.html
https://access.redhat.com/security/updates/classification/#critical
https://helpx.adobe.com/security/products/flash-player/apsb14-17.html
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2014 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFTvWIcXlSAg2UNWIIRArr2AJwJyNpz/+Ec1y8LhYAkqBKM1ZZXBACfZtYB
gBDt4W/WHbfPbMm4yjzv5Qk=
=+esp
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
| VAR-201407-0068 | CVE-2014-0537 | Adobe Flash Player and Adobe AIR Vulnerable to access restrictions |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
Adobe Flash Player before 13.0.0.231 and 14.x before 14.0.0.145 on Windows and OS X and before 11.2.202.394 on Linux, Adobe AIR before 14.0.0.137 on Android, Adobe AIR SDK before 14.0.0.137, and Adobe AIR SDK & Compiler before 14.0.0.137 allow attackers to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2014-0539. This vulnerability CVE-2014-0539 Is a different vulnerability.An attacker may be able to bypass access restrictions.
Attackers can exploit this issue to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks. Security flaws exist in several Adobe products.
Background
==========
The Adobe Flash Player is a renderer for the SWF file format, which is
commonly used to provide interactive websites.
Please review the CVE identifiers referenced below for details.
Impact
======
A remote attacker could possibly execute arbitrary code with the
privileges of the process, or cause a Denial of Service condition.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Adobe Flash Player users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=www-plugins/adobe-flash-11.2.202.394"
References
==========
[ 1 ] CVE-2014-0537
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0537
[ 2 ] CVE-2014-0539
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0539
[ 3 ] CVE-2014-4671
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4671
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201407-02.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2014 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Critical: flash-plugin security update
Advisory ID: RHSA-2014:0860-01
Product: Red Hat Enterprise Linux Supplementary
Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-0860.html
Issue date: 2014-07-09
CVE Names: CVE-2014-0537 CVE-2014-0539 CVE-2014-4671
=====================================================================
1. Summary:
An updated Adobe Flash Player package that fixes three security issues is
now available for Red Hat Enterprise Linux 5 and 6 Supplementary.
The Red Hat Security Response Team has rated this update as having Critical
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64
3. These
vulnerabilities are detailed in the Adobe Security Bulletin APSB14-17,
listed in the References section.
Multiple flaws were found in the way flash-plugin displayed certain SWF
content. An attacker could use these flaws to create a specially crafted
SWF file that would cause flash-plugin to crash or, potentially, execute
arbitrary code when the victim loaded a page containing the malicious SWF
content. (CVE-2014-0537, CVE-2014-0539)
This update also fixes a flaw that would lead to Cross-Site Request Forgery
(CSRF) attacks. (CVE-2014-4671)
All users of Adobe Flash Player should install this updated package, which
upgrades Flash Player to version 11.2.202.394.
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the
Red Hat Network to apply this update are available at
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1117586 - CVE-2014-0537 CVE-2014-0539 flash-plugin: security protection bypass (APSB14-17)
1117588 - CVE-2014-4671 flash-plugin: vulnerable JSONP callback APIs issue (APSB14-17)
6. Package List:
Red Hat Enterprise Linux Desktop Supplementary (v. 5):
i386:
flash-plugin-11.2.202.394-1.el5.i386.rpm
x86_64:
flash-plugin-11.2.202.394-1.el5.i386.rpm
Red Hat Enterprise Linux Server Supplementary (v. 5):
i386:
flash-plugin-11.2.202.394-1.el5.i386.rpm
x86_64:
flash-plugin-11.2.202.394-1.el5.i386.rpm
Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386:
flash-plugin-11.2.202.394-1.el6.i686.rpm
x86_64:
flash-plugin-11.2.202.394-1.el6.i686.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386:
flash-plugin-11.2.202.394-1.el6.i686.rpm
x86_64:
flash-plugin-11.2.202.394-1.el6.i686.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386:
flash-plugin-11.2.202.394-1.el6.i686.rpm
x86_64:
flash-plugin-11.2.202.394-1.el6.i686.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package
7. References:
https://www.redhat.com/security/data/cve/CVE-2014-0537.html
https://www.redhat.com/security/data/cve/CVE-2014-0539.html
https://www.redhat.com/security/data/cve/CVE-2014-4671.html
https://access.redhat.com/security/updates/classification/#critical
https://helpx.adobe.com/security/products/flash-player/apsb14-17.html
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2014 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFTvWIcXlSAg2UNWIIRArr2AJwJyNpz/+Ec1y8LhYAkqBKM1ZZXBACfZtYB
gBDt4W/WHbfPbMm4yjzv5Qk=
=+esp
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
| VAR-201407-0714 | No CVE | SYAC TB DigiEye 3G product backdoor unauthorized access vulnerability |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
SYAC TB DigiEye 3G is a 3G wireless solution device.
SYAC TB DigiEye 3G includes a backdoor service that listens to TCP port 7339. TECHBOARD SYAC TB DigiEye 3G Products is a set of digital security management system that provides remote management, alarm and communication for video and audio of Italian TECHBOARD company.
An unauthorized access vulnerability exists in TECHBOARD SYAC TB DigiEye 3G Products. A remote attacker could use this vulnerability to execute arbitrary commands on the affected device with root privileges. This may aid in further attacks
| VAR-201407-0492 | CVE-2014-3888 |
Yokogawa Multiple products 'BKFSim_vhfd.exe' Buffer Overflow Vulnerability
Related entries in the VARIoT exploits database: VAR-E-201407-0158 |
CVSS V2: 8.3 CVSS V3: - Severity: HIGH |
Stack-based buffer overflow in BKFSim_vhfd.exe in Yokogawa CENTUM CS 1000, CENTUM CS 3000 R3.09.50 and earlier, CENTUM VP R5.03.20 and earlier, Exaopc R3.72.00 and earlier, B/M9000CS R5.05.01 and earlier, and B/M9000 VP R7.03.01 and earlier, when FCS/Test Function is enabled, allows remote attackers to execute arbitrary code via a crafted packet. Integrated production control system provided by Yokogawa Electric Corporation CENTUM Including multiple YOKOGAWA The product contains a buffer overflow vulnerability. This vulnerability JVNVU#98181377 Is different. JVNVU#98181377 http://jvn.jp/vu/JVNVU98181377/index.htmlIf a specially crafted packet is processed while the extended test function is running, the process may stop. In some cases, arbitrary code may be executed with the privileges of the user running the product. Yokogawa Corporation (YOKOGAWA) is a world-renowned leader in measurement, industrial automation control, and information systems. There are buffer overflow vulnerabilities in Yokogawa's multiple products 'BKFSim_vhfd.exe'. Since the sub_403E10\" (IDA notation) function in multiple YOKOGAWA products \"BKFSim_vhfd.exe\" service is used for logging functions, the function uses user controllable data to create logs. Using similar vsprintf and memcpy functions can cause an attacker to trigger a buffer overflow, which can crash an application or execute arbitrary code in the context of an application. Multiple Yokogawa Products are prone to a stack-based buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data before copying it into an insufficiently sized buffer. Failed attempts will likely cause a denial-of-service condition. Yokogawa CENTUM CS, etc. are all products of Japan's Yokogawa Electric (Yokogawa) company. Yokogawa CENTUM CS and CENTUM VP are large-scale production control systems. Exaopc is an OPC data access server
| VAR-201407-0439 | CVE-2014-2969 | Netgear GS105PE Prosafe Plus Switch contains hard-coded login credentials |
CVSS V2: 8.3 CVSS V3: - Severity: HIGH |
NETGEAR GS108PE Prosafe Plus switches with firmware 1.2.0.5 have a hardcoded password of debugpassword for the ntgruser account, which allows remote attackers to upload firmware or read or modify memory contents, and consequently execute arbitrary code, via a request to (1) produce_burn.cgi, (2) register_debug.cgi, or (3) bootcode_update.cgi. Netgear GS105PE Prosafe Plus Switch firmware version 1.2.0.5 contains hard-coded credentials. (CWE-798). An attacker could exploit this vulnerability to bypass the authentication mechanism and access the affected device without authorization. This may aid in further attacks. The vulnerability is caused by the use of a hard-coded password (debugpassword) for the ntgruser account
| VAR-201407-0372 | CVE-2014-3308 | Cisco IOS XR Software Static Punt Policer Denial of Service Vulnerability |
CVSS V2: 6.4 CVSS V3: - Severity: MEDIUM |
Cisco IOS XR on Trident line cards in ASR 9000 devices lacks a static punt policer, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted packets, aka Bug ID CSCun83985. Vendors have confirmed this vulnerability Bug ID CSCun83985 It is released as.A third party can send a large number of crafted packets to disrupt service operations. (CPU Resource consumption ) There is a possibility of being put into a state. Cisco IOS is the interconnected network operating system used on most Cisco system routers and network switches. On the Trident line card of the Cisco ASR 9000 series router, there is a security hole in the implementation of punt-police. Cisco IOS XR is prone to a remote denial-of-service vulnerability.
Attackers can exploit this issue to cause denial-of-service conditions.
This issue is being tracked by Cisco Bug ID CSCun83985. The vulnerability stems from the lack of a static punt policer in the software
| VAR-201912-1656 | CVE-2014-3136 | D-Link DWR-113 Firmware vulnerable to cross-site request forgery |
CVSS V2: 6.8 CVSS V3: 8.8 Severity: HIGH |
Cross-site request forgery (CSRF) vulnerability in D-Link DWR-113 (Rev. Ax) with firmware before 2.03b02 allows remote attackers to hijack the authentication of administrators for requests that change the admin password via unspecified vectors. D-Link DWR-113 Contains a cross-site request forgery vulnerability.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. The D-link DWR-113 Wireless Router is a wireless router. D-link DWR-113 Wireless Router has a cross-site request forgery vulnerability that allows remote attackers to build malicious URIs, entice users to resolve, and perform malicious operations in the target user context, such as modifying configurations.
Exploiting this issue may allow a remote attacker to perform certain unauthorized actions. This may lead to further attacks.
D-Link DWR-113 running firmware 2.02 is vulnerable; other versions may also be affected
| VAR-201407-0509 | CVE-2014-2197 | Cisco Unified CDM Application Software of Cisco Unified Communications Domain Manager Vulnerabilities that change administrator credentials |
CVSS V2: 9.0 CVSS V3: - Severity: HIGH |
The Administration GUI in the web framework in Cisco Unified Communications Domain Manager (CDM) in Unified CDM Application Software before 8.1.4 does not properly implement access control, which allows remote authenticated users to modify administrative credentials via a crafted URL, aka Bug ID CSCun49862. Vendors report this vulnerability Bug ID CSCun49862 Published as.Crafted by a remotely authenticated user URL Via, the administrator credentials may be changed.
An attacker can leverage this issue to escalate privileges and gain administrative access on an affected computer.
This issue is being tracked by Cisco Bug ID CSCun49862. This component features scalable, distributed, and highly available enterprise Voice over IP call processing. The vulnerability is caused by the incorrect implementation of access control in the program. A remote attacker could exploit this vulnerability by submitting a specially crafted URL to modify administrative credentials
| VAR-201407-0510 | CVE-2014-2198 | Cisco Unified CDM Platform Software of Cisco Unified Communications Domain Manager Vulnerabilities that gain access |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Cisco Unified Communications Domain Manager (CDM) in Unified CDM Platform Software before 4.4.2 has a hardcoded SSH private key, which makes it easier for remote attackers to obtain access to the support and root accounts by extracting this key from a binary file found in a different installation of the product, aka Bug ID CSCud41130.
Successfully exploiting this issue may allow an attacker to access the system with the privileges of the root user that may aid in further attacks.
This issue is being tracked by Cisco Bug ID CSCud41130. This component features scalable, distributed, and highly available enterprise Voice over IP call processing
| VAR-201407-0365 | CVE-2014-3300 | Cisco Unified CDM Application Software of Cisco Unified Communications Domain Manager Vulnerability in changing user information |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
The BVSMWeb portal in the web framework in Cisco Unified Communications Domain Manager (CDM) in Unified CDM Application Software before 10 does not properly implement access control, which allows remote attackers to modify user information via a crafted URL, aka Bug ID CSCum77041. Vendors have confirmed this vulnerability Bug ID CSCum77041 It is released as.Skillfully crafted by a third party URL Via, user information may be changed.
Successfully exploiting this issue may allow an attacker to bypass certain security restrictions and perform unauthorized actions.
This issue is being tracked by Cisco Bug ID CSCum77041. This component features scalable, distributed, and highly available enterprise Voice over IP call processing
| VAR-201407-0493 | CVE-2014-3889 | SX-2000WG vulnerable to denial-of-service (DoS) |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
silex SX-2000WG devices with firmware before 1.5.4 allow remote attackers to cause a denial of service (connectivity outage) via crafted data in the Options field of a TCP header, a different vulnerability than CVE-2014-3890. SX-2000WG provided by silex technology, Inc. is a product that provides wireless connectivity for USB devices such as printers and hard disk drives (HDD). SX-2000WG contains an issue in the processing of TCP Option header, which may cause a denial-of-service (DoS). Note that this vulnerability is different from JVN#35998716. Network Security Class Students, Teaching Assistants, and Mentors of Security Camp 2013 reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.A remote attacker may cause the product to stop responding. Silex SX-2000WG is a USB print server from China's Silex. A denial of service vulnerability exists in Silex SX-2000WG. Sx-2000Wg Firmware is prone to a denial-of-service vulnerability
| VAR-201407-0494 | CVE-2014-3890 | SX-2000WG vulnerable to denial-of-service (DoS) |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
silex SX-2000WG devices with firmware before 1.5.4 allow remote attackers to cause a denial of service (connectivity outage) via a crafted IP packet, a different vulnerability than CVE-2014-3889. SX-2000WG provided by silex technology, Inc. is a product that provides wireless connectivity for USB devices such as printers and hard disk drives (HDD). SX-2000WG contains an issue in the processing of IP packets, which may cause a denial-of-service (DoS). Note that this vulnerability is different from JVN#85571806. Network Security Class Students, Teaching Assistants, and Mentors of Security Camp 2013 reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.A remote attacker may cause the product to stop responding. Sx-2000Wg Firmware is prone to a remote security vulnerability. Silex SX-2000WG is a USB print server produced by China Silex Company
| VAR-201704-0456 | CVE-2014-3887 | I-O DATA DEVICE RockDisk Cross-Site Scripting Vulnerability |
CVSS V2: 3.5 CVSS V3: 5.4 Severity: MEDIUM |
Cross-site scripting (XSS) vulnerability in I-O DATA DEVICE RockDisk with firmware before 1.05e1-2.0.5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. NOTE: This vulnerability exists because of an incomplete fix for CVE-2013-4713. RockDisk provided by I-O DATA DEVICE, INC. are LAN connectable hard disk drives. RockDisk contains a cross-site scripting vulnerability. Yuji Tounai of bogus.jp reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. An arbitrary script may be executed on the user's web browser. I-ODATADEVICERockDisk is a network storage (NAS) device from I-ODATADEVICE, Japan
| VAR-201407-0363 | CVE-2014-3297 | Cisco Cloud Portal of Cisco Intelligent Automation for Cloud Vulnerability in which important information is obtained |
CVSS V2: 4.0 CVSS V3: - Severity: MEDIUM |
Cisco Intelligent Automation for Cloud in Cisco Cloud Portal does not properly restrict the content of MyServices action URLs, which allows remote authenticated users to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history, aka Bug IDs CSCui36937, CSCui37004, and CSCui36927.
An attacker can exploit these issues to gain access to sensitive information that may aid in further attacks.
These issues is being tracked by Cisco BugIds CSCui36937, CSCui37004 and CSCui36927. The solution provides effective IT management in cloud environments and supports all cloud models as well as virtual and physical infrastructures
| VAR-201407-0364 | CVE-2014-3298 | Cisco Cloud Portal of Cisco Intelligent Automation for Cloud of Form Data Viewer Vulnerability in which important information is obtained |
CVSS V2: 4.0 CVSS V3: - Severity: MEDIUM |
Form Data Viewer in Cisco Intelligent Automation for Cloud in Cisco Cloud Portal places passwords in form data, which allows remote authenticated users to obtain sensitive information by reading HTML source code, aka Bug ID CSCui36976. Cisco Cloud Portal is prone to multiple information-disclosure vulnerabilities.
An attacker can exploit these issues to gain access to passwords that may aid in further attacks.
These issues are being tracked by Cisco BugId CSCui36976. The solution provides effective IT management in cloud environments and supports all cloud models as well as virtual and physical infrastructures
| VAR-201407-0371 | CVE-2014-3307 | Cisco Small Cell Run on product Universal Small Cell Firmware DHCP Arbitrary command execution vulnerability in client implementation |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
The DHCP client implementation in Universal Small Cell firmware on Cisco Small Cell products allows remote attackers to execute arbitrary commands via crafted DHCP messages, aka Bug ID CSCup47513. Vendors have confirmed this vulnerability Bug ID CSCup47513 It is released as. Supplementary information : CWE Vulnerability type by CWE-77: Improper Neutralization of Special Elements used in a Command ( Command injection ) Has been identified. http://cwe.mitre.org/data/definitions/77.htmlSkillfully crafted by a third party DHCP Arbitrary commands may be executed via messages.
An attacker can exploit this issue to execute arbitrary commands and completely compromise the affected device
| VAR-201409-1257 | No CVE | Multiple TP-LINK Router Input Validation Vulnerabilities |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
TP-Link is a well-known supplier of network and communication equipment. Multiple TP-LINK routers have request forgery, cross-site scripting, and HTML injection vulnerabilities due to insufficient filtering of user-supplied input. An attacker could exploit this vulnerability to perform certain unauthorized actions, execute arbitrary scripts or HTML code, or steal cookie-based authentication certificates in the affected site's uninformed user's browser. Other attacks are also possible
| VAR-202002-0805 | CVE-2014-3919 | Netgear CG3100 Cross-site scripting vulnerabilities in devices |
CVSS V2: 4.3 CVSS V3: 9.3 Severity: CRITICAL |
A vulnerability exists in Netgear CG3100 devices before 3.9.2421.13.mp3 V0027 via an embed malicious script in an unspecified page, which could let a malicious user obtain sensitive information. Netgear CG3100 A cross-site scripting vulnerability exists in the device.Information may be obtained and tampered with. The NETGEAR CG3100 Wireless Gigabit Gateway provides the ultimate in network performance for home and small businesses. NETGEAR CG3100 '/goform/VooControle' has a cross-site request forgery vulnerability, HTTP send request / goform / VooControle does not require multiple steps, explicit confirmation, or unique tags when performing sensitive operations. Allows context-sensitive attackers to initiate cross-site request forgery attacks by enticing users to use specially crafted links
| VAR-201407-0108 | CVE-2014-1365 | Apple Used in products WebKit Vulnerable to arbitrary code execution |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple TV before 6.1.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-06-30-1, APPLE-SA-2014-06-30-3, and APPLE-SA-2014-06-30-4. Apple iOS , Apple Safari and Apple TV Used in etc. WebKit is prone to multiple unspecified memory-corruption vulnerabilities.
An attacker may exploit these issues by enticing victims into viewing a malicious webpage.
Successful exploits may allow attackers to execute arbitrary code in the context of the affected browser or cause denial-of-service conditions; other attacks may also be possible. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2014-06-30-1 Safari 6.1.5 and Safari 7.0.5
Safari 6.1.5 and Safari 7.0.5 are now available and address the
following:
WebKit
Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,
OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.3
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: Multiple memory corruption issues existed in WebKit.
These issues were addressed through improved memory handling.
CVE-ID
CVE-2014-1325 : Apple
CVE-2014-1340 : Apple
CVE-2014-1362 : Apple, miaubiz
CVE-2014-1363 : Apple
CVE-2014-1364 : Apple
CVE-2014-1365 : Apple, Google Chrome Security Team
CVE-2014-1366 : Apple
CVE-2014-1367 : Apple
CVE-2014-1368 : Wushi of Keen Team (Research Team of Keen Cloud Tech)
CVE-2014-1382 : Renata Hodovan of University of Szeged / Samsung
Electronics
WebKit
Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,
OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.3
Impact: Dragging a URL from a maliciously crafted website to another
window could lead to the disclosure of local file content
Description: Dragging a URL from a maliciously crafted website to
another window could have allowed the malicious site to access a
file:// URL. This issue was addressed through improved validation of
dragged resources.
CVE-ID
CVE-2014-1369 : Aaron Sigel of vtty.com
WebKit
Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,
OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.3
Impact: A maliciously crafted website may be able to spoof its
domain name in the address bar
Description: A spoofing issue existed in the handling of URLs. This
issue was addressed through improved encoding of URLs.
CVE-ID
CVE-2014-1345 : Erling Ellingsen of Facebook
For OS X Mavericks and OS X Mountain Lion systems, Safari 7.0.5
and Safari 6.1.5 may be obtained from Mac App Store.
For OS X Lion systems Safari 6.1.5 is available via the Apple
Software Update application.
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - http://gpgtools.org
iQIcBAEBAgAGBQJTsaPHAAoJEBcWfLTuOo7taK8P/0tThtNLog6ssE+iBRlBRtlu
pdjDkqF5N5b71I00+DWhpxasEmsrmc7j5XXzbqaH/I3eWx9rRSHYTxon3gXHv8xY
K4N1eUb/taHUaSJDH9mfzTvmxZf8x1EGsBQDmDpotXVtwW5h3uYxYsjAoG6g/MZO
i74ggPKp3XnjSa/DPEJIXXZTTZrYDCBnDOE1By/vOVBshUy6/M8pWNd56gjYrYm9
VqJjeR9ZRc7RTkmbpJGOphjJ9/N/5oLinDV9cpObPktFhrG/RO90gGLorvtqG4NJ
i9iOw2XHnX59TvmELjWHDJKD4NbGDSSl9eOW1iHQfLb5rt6yr7eNPfQDJMqYQKYh
oViKYvhyRlOM5W56Xs6d39IJuHy43UkjPHU6frh5hrR+08WaVYfwNEhGf7iUzkPG
Ln6quTg8hvQivHsmBnQ1fgYwcCc09QkAI9BtiLJqW+9Nk4KxKDB6ZBUFvp1z/ELZ
SHRyb52FAo0yukNDjYqdp9l7QjhCzYpHdwZZGpgVmnroQPdBa+sJqBGiNRQd6Qun
1K5Rn3CaPAIft21L5aCju0uIouo8g56SBo9+bXCdDPpMmV3CSCRtU/aWfHWOE9D7
/MN0FCa6EQXKz15zBRMCmHY6QWAexM//gdrnLBx8ndLS1y59+hL/fz7PJ1pGtJa9
9Q6eqCFTMNIRoGCOsp8M
=Hhsf
-----END PGP SIGNATURE-----