VARIoT IoT vulnerabilities database
| VAR-201404-0199 | CVE-2014-0508 | Adobe Flash Player and Adobe AIR Vulnerable to access restrictions |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Adobe Flash Player before 11.7.700.275 and 11.8.x through 13.0.x before 13.0.0.182 on Windows and OS X and before 11.2.202.350 on Linux, Adobe AIR before 13.0.0.83 on Android, Adobe AIR SDK before 13.0.0.83, and Adobe AIR SDK & Compiler before 13.0.0.83 allow attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors.
Attackers can exploit this issue to obtain sensitive information that may aid in launching further attacks. Adobe AIR is a cross-operating system runtime environment that can be used to build and configure cross-platform desktop RIA (Rich Internet Applications) applications.
Background
==========
The Adobe Flash Player is a renderer for the SWF file format, which is
commonly used to provide interactive websites.
Please review the CVE identifiers referenced below for details. Furthermore, a remote attacker may be able to bypass
the Same Origin Policy or read the clipboard via unspecified vectors.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Adobe Flash Player users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=www-plugins/adobe-flash-11.2.202.356"
References
==========
[ 1 ] CVE-2014-0498
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0498
[ 2 ] CVE-2014-0499
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0499
[ 3 ] CVE-2014-0502
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0502
[ 4 ] CVE-2014-0503
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0503
[ 5 ] CVE-2014-0504
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0504
[ 6 ] CVE-2014-0506
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0506
[ 7 ] CVE-2014-0507
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0507
[ 8 ] CVE-2014-0508
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0508
[ 9 ] CVE-2014-0509
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0509
[ 10 ] CVE-2014-0515
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0515
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201405-04.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2014 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Critical: flash-plugin security update
Advisory ID: RHSA-2014:0380-01
Product: Red Hat Enterprise Linux Supplementary
Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-0380.html
Issue date: 2014-04-09
CVE Names: CVE-2014-0506 CVE-2014-0507 CVE-2014-0508
CVE-2014-0509
=====================================================================
1. Summary:
An updated Adobe Flash Player package that fixes multiple security issues
is now available for Red Hat Enterprise Linux 5 and 6 Supplementary.
The Red Hat Security Response Team has rated this update as having Critical
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64
3. Description:
The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash
Player web browser plug-in. These
vulnerabilities are detailed in the Adobe Security Bulletin APSB14-09,
listed in the References section.
Two flaws were found in the way flash-plugin displayed certain SWF content.
An attacker could use these flaws to create a specially crafted SWF file
that would cause flash-plugin to crash or, potentially, execute arbitrary
code when the victim loaded a page containing the malicious SWF content.
(CVE-2014-0506, CVE-2014-0507)
A flaw in flash-plugin could allow an attacker to obtain sensitive
information if a victim were tricked into visiting a specially crafted web
page. (CVE-2014-0508)
A flaw in flash-plugin could allow an attacker to conduct cross-site
scripting (XSS) attacks if a victim were tricked into visiting a specially
crafted web page.
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/site/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1085581 - CVE-2014-0506 CVE-2014-0507 flash-plugin: two flaws leading to code execution (APSB14-09)
1085585 - CVE-2014-0508 flash-plugin: information disclosure flaw (APSB14-09)
1085586 - CVE-2014-0509 flash-plugin: cross-site scripting flaw (APSB14-09)
6. Package List:
Red Hat Enterprise Linux Desktop Supplementary (v. 5):
i386:
flash-plugin-11.2.202.350-1.el5.i386.rpm
x86_64:
flash-plugin-11.2.202.350-1.el5.i386.rpm
Red Hat Enterprise Linux Server Supplementary (v. 5):
i386:
flash-plugin-11.2.202.350-1.el5.i386.rpm
x86_64:
flash-plugin-11.2.202.350-1.el5.i386.rpm
Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386:
flash-plugin-11.2.202.350-1.el6.i686.rpm
x86_64:
flash-plugin-11.2.202.350-1.el6.i686.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386:
flash-plugin-11.2.202.350-1.el6.i686.rpm
x86_64:
flash-plugin-11.2.202.350-1.el6.i686.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386:
flash-plugin-11.2.202.350-1.el6.i686.rpm
x86_64:
flash-plugin-11.2.202.350-1.el6.i686.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package
7. References:
https://www.redhat.com/security/data/cve/CVE-2014-0506.html
https://www.redhat.com/security/data/cve/CVE-2014-0507.html
https://www.redhat.com/security/data/cve/CVE-2014-0508.html
https://www.redhat.com/security/data/cve/CVE-2014-0509.html
https://access.redhat.com/security/updates/classification/#critical
https://helpx.adobe.com/security/products/flash-player/apsb14-09.html
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2014 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFTRQk9XlSAg2UNWIIRAksjAKCbnm4UGitMzrcZoEuifY3AS5L9hQCdH2Ou
CgUxC7S1jhlSSEYdIzvdiL8=
=tqNu
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
| VAR-201404-0198 | CVE-2014-0507 | Adobe Flash Player and Adobe AIR Vulnerable to buffer overflow |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
Buffer overflow in Adobe Flash Player before 11.7.700.275 and 11.8.x through 13.0.x before 13.0.0.182 on Windows and OS X and before 11.2.202.350 on Linux, Adobe AIR before 13.0.0.83 on Android, Adobe AIR SDK before 13.0.0.83, and Adobe AIR SDK & Compiler before 13.0.0.83 allows attackers to execute arbitrary code via unspecified vectors. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the usage of regular expressions in ActionScript where an expression could overflow a data structure on the stack. An attacker can leverage this vulnerability to execute code under the context of the current process. Failed exploit attempts likely result in denial-of-service conditions. Adobe AIR is a cross-operating system runtime environment that can be used to build and configure cross-platform desktop RIA (Rich Internet Applications) applications.
Background
==========
The Adobe Flash Player is a renderer for the SWF file format, which is
commonly used to provide interactive websites.
Please review the CVE identifiers referenced below for details. Furthermore, a remote attacker may be able to bypass
the Same Origin Policy or read the clipboard via unspecified vectors.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Adobe Flash Player users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=www-plugins/adobe-flash-11.2.202.356"
References
==========
[ 1 ] CVE-2014-0498
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0498
[ 2 ] CVE-2014-0499
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0499
[ 3 ] CVE-2014-0502
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0502
[ 4 ] CVE-2014-0503
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0503
[ 5 ] CVE-2014-0504
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0504
[ 6 ] CVE-2014-0506
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0506
[ 7 ] CVE-2014-0507
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0507
[ 8 ] CVE-2014-0508
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0508
[ 9 ] CVE-2014-0509
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0509
[ 10 ] CVE-2014-0515
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0515
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201405-04.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2014 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Critical: flash-plugin security update
Advisory ID: RHSA-2014:0380-01
Product: Red Hat Enterprise Linux Supplementary
Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-0380.html
Issue date: 2014-04-09
CVE Names: CVE-2014-0506 CVE-2014-0507 CVE-2014-0508
CVE-2014-0509
=====================================================================
1. Summary:
An updated Adobe Flash Player package that fixes multiple security issues
is now available for Red Hat Enterprise Linux 5 and 6 Supplementary.
The Red Hat Security Response Team has rated this update as having Critical
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64
3. These
vulnerabilities are detailed in the Adobe Security Bulletin APSB14-09,
listed in the References section.
Two flaws were found in the way flash-plugin displayed certain SWF content.
An attacker could use these flaws to create a specially crafted SWF file
that would cause flash-plugin to crash or, potentially, execute arbitrary
code when the victim loaded a page containing the malicious SWF content.
(CVE-2014-0506, CVE-2014-0507)
A flaw in flash-plugin could allow an attacker to obtain sensitive
information if a victim were tricked into visiting a specially crafted web
page. (CVE-2014-0508)
A flaw in flash-plugin could allow an attacker to conduct cross-site
scripting (XSS) attacks if a victim were tricked into visiting a specially
crafted web page.
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/site/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1085581 - CVE-2014-0506 CVE-2014-0507 flash-plugin: two flaws leading to code execution (APSB14-09)
1085585 - CVE-2014-0508 flash-plugin: information disclosure flaw (APSB14-09)
1085586 - CVE-2014-0509 flash-plugin: cross-site scripting flaw (APSB14-09)
6. Package List:
Red Hat Enterprise Linux Desktop Supplementary (v. 5):
i386:
flash-plugin-11.2.202.350-1.el5.i386.rpm
x86_64:
flash-plugin-11.2.202.350-1.el5.i386.rpm
Red Hat Enterprise Linux Server Supplementary (v. 5):
i386:
flash-plugin-11.2.202.350-1.el5.i386.rpm
x86_64:
flash-plugin-11.2.202.350-1.el5.i386.rpm
Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386:
flash-plugin-11.2.202.350-1.el6.i686.rpm
x86_64:
flash-plugin-11.2.202.350-1.el6.i686.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386:
flash-plugin-11.2.202.350-1.el6.i686.rpm
x86_64:
flash-plugin-11.2.202.350-1.el6.i686.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386:
flash-plugin-11.2.202.350-1.el6.i686.rpm
x86_64:
flash-plugin-11.2.202.350-1.el6.i686.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package
7. References:
https://www.redhat.com/security/data/cve/CVE-2014-0506.html
https://www.redhat.com/security/data/cve/CVE-2014-0507.html
https://www.redhat.com/security/data/cve/CVE-2014-0508.html
https://www.redhat.com/security/data/cve/CVE-2014-0509.html
https://access.redhat.com/security/updates/classification/#critical
https://helpx.adobe.com/security/products/flash-player/apsb14-09.html
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2014 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFTRQk9XlSAg2UNWIIRAksjAKCbnm4UGitMzrcZoEuifY3AS5L9hQCdH2Ou
CgUxC7S1jhlSSEYdIzvdiL8=
=tqNu
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
| VAR-201404-0195 | CVE-2014-0509 | Adobe Flash Player and Adobe AIR Vulnerable to cross-site scripting |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 11.7.700.275 and 11.8.x through 13.0.x before 13.0.0.182 on Windows and OS X and before 11.2.202.350 on Linux, Adobe AIR before 13.0.0.83 on Android, Adobe AIR SDK before 13.0.0.83, and Adobe AIR SDK & Compiler before 13.0.0.83 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
An attacker may leverage this issue to execute arbitrary script code in an unsuspecting user's browser in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. Adobe AIR is a cross-operating system runtime environment that can be used to build and configure cross-platform desktop RIA (Rich Internet Applications) applications. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML.
Background
==========
The Adobe Flash Player is a renderer for the SWF file format, which is
commonly used to provide interactive websites.
Please review the CVE identifiers referenced below for details. Furthermore, a remote attacker may be able to bypass
the Same Origin Policy or read the clipboard via unspecified vectors.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Adobe Flash Player users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=www-plugins/adobe-flash-11.2.202.356"
References
==========
[ 1 ] CVE-2014-0498
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0498
[ 2 ] CVE-2014-0499
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0499
[ 3 ] CVE-2014-0502
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0502
[ 4 ] CVE-2014-0503
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0503
[ 5 ] CVE-2014-0504
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0504
[ 6 ] CVE-2014-0506
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0506
[ 7 ] CVE-2014-0507
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0507
[ 8 ] CVE-2014-0508
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0508
[ 9 ] CVE-2014-0509
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0509
[ 10 ] CVE-2014-0515
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0515
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201405-04.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2014 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Critical: flash-plugin security update
Advisory ID: RHSA-2014:0380-01
Product: Red Hat Enterprise Linux Supplementary
Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-0380.html
Issue date: 2014-04-09
CVE Names: CVE-2014-0506 CVE-2014-0507 CVE-2014-0508
CVE-2014-0509
=====================================================================
1. Summary:
An updated Adobe Flash Player package that fixes multiple security issues
is now available for Red Hat Enterprise Linux 5 and 6 Supplementary.
The Red Hat Security Response Team has rated this update as having Critical
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64
3. These
vulnerabilities are detailed in the Adobe Security Bulletin APSB14-09,
listed in the References section.
Two flaws were found in the way flash-plugin displayed certain SWF content.
An attacker could use these flaws to create a specially crafted SWF file
that would cause flash-plugin to crash or, potentially, execute arbitrary
code when the victim loaded a page containing the malicious SWF content.
(CVE-2014-0506, CVE-2014-0507)
A flaw in flash-plugin could allow an attacker to obtain sensitive
information if a victim were tricked into visiting a specially crafted web
page. (CVE-2014-0508)
A flaw in flash-plugin could allow an attacker to conduct cross-site
scripting (XSS) attacks if a victim were tricked into visiting a specially
crafted web page. (CVE-2014-0509)
All users of Adobe Flash Player should install this updated package, which
upgrades Flash Player to version 11.2.202.350.
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/site/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1085581 - CVE-2014-0506 CVE-2014-0507 flash-plugin: two flaws leading to code execution (APSB14-09)
1085585 - CVE-2014-0508 flash-plugin: information disclosure flaw (APSB14-09)
1085586 - CVE-2014-0509 flash-plugin: cross-site scripting flaw (APSB14-09)
6. Package List:
Red Hat Enterprise Linux Desktop Supplementary (v. 5):
i386:
flash-plugin-11.2.202.350-1.el5.i386.rpm
x86_64:
flash-plugin-11.2.202.350-1.el5.i386.rpm
Red Hat Enterprise Linux Server Supplementary (v. 5):
i386:
flash-plugin-11.2.202.350-1.el5.i386.rpm
x86_64:
flash-plugin-11.2.202.350-1.el5.i386.rpm
Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386:
flash-plugin-11.2.202.350-1.el6.i686.rpm
x86_64:
flash-plugin-11.2.202.350-1.el6.i686.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386:
flash-plugin-11.2.202.350-1.el6.i686.rpm
x86_64:
flash-plugin-11.2.202.350-1.el6.i686.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386:
flash-plugin-11.2.202.350-1.el6.i686.rpm
x86_64:
flash-plugin-11.2.202.350-1.el6.i686.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package
7. References:
https://www.redhat.com/security/data/cve/CVE-2014-0506.html
https://www.redhat.com/security/data/cve/CVE-2014-0507.html
https://www.redhat.com/security/data/cve/CVE-2014-0508.html
https://www.redhat.com/security/data/cve/CVE-2014-0509.html
https://access.redhat.com/security/updates/classification/#critical
https://helpx.adobe.com/security/products/flash-player/apsb14-09.html
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2014 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFTRQk9XlSAg2UNWIIRAksjAKCbnm4UGitMzrcZoEuifY3AS5L9hQCdH2Ou
CgUxC7S1jhlSSEYdIzvdiL8=
=tqNu
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
| VAR-201404-0465 | CVE-2014-0347 | Websense Triton Unified Security Center 7.7.3 information disclosure vulnerability |
CVSS V2: 3.5 CVSS V3: - Severity: LOW |
The Settings module in Websense Triton Unified Security Center 7.7.3 before Hotfix 31, Web Filter 7.7.3 before Hotfix 31, Web Security 7.7.3 before Hotfix 31, Web Security Gateway 7.7.3 before Hotfix 31, and Web Security Gateway Anywhere 7.7.3 before Hotfix 31 allows remote authenticated users to read cleartext passwords by replacing type="password" with type="text" in an INPUT element in the (1) Log Database or (2) User Directories component. Websense Provided by TRITON Unified Security Center Contains an information disclosure vulnerability. CWE-200: Information Exposure http://cwe.mitre.org/data/definitions/200.htmlA user who has some account of the product may obtain the authentication information of other users. are all products of American Websense. A remote attacker can exploit this vulnerability to read plaintext passwords by replacing type='password'
| VAR-201404-0576 | CVE-2014-2139 | Cisco ONS 15454 Service operation interruption in controller card software (DoS) Vulnerabilities |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Cisco ONS 15454 controller cards with software 9.6 and earlier allow remote attackers to cause a denial of service (flash write outage) via a TCP FIN attack that triggers file-descriptor exhaustion, aka Bug ID CSCug97315. Cisco ONS 15454 Controller card software does not interfere with service operation ( Stop flash programming ) There are vulnerabilities that are put into a state. Cisco ONS 15454 System Software is prone to a denial-of-service vulnerability.
An attacker can exploit this issue to prevent system write access to the flash memory.
This issue is being tracked by Cisco bug ID CSCug97315. Cisco ONS 15454 is a set of optical network multi-service transmission platform of American Cisco (Cisco). The platform leverages optical transport technologies such as Resilient Packet Ring (RPR), SDH, and DWDM/CWDM to integrate Ethernet, IP, storage, and TDM services to deliver next-generation voice, data services, and more. Controller Cards is one of the control cards
| VAR-201404-0577 | CVE-2014-2140 | Cisco ONS 15454 Service operation interruption in controller card software (DoS) Vulnerabilities |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Cisco ONS 15454 controller cards with software 9.6 and earlier allow remote attackers to cause a denial of service (card reset) via a TCP FIN attack that triggers file-descriptor exhaustion and a failure to open a CAL pipe, aka Bug ID CSCug97348. Cisco ONS 15454 Controller card software does not interfere with service operation ( Reset card ) There are vulnerabilities that are put into a state. Cisco ONS 15454 System Software is prone to a denial-of-service vulnerability.
An attacker can exploit this issue to cause the control card to reset, denying service to legitimate users.
This issue is being tracked by Cisco bug ID CSCug97348. Cisco ONS 15454 is a set of optical network multi-service transmission platform of American Cisco (Cisco). The platform leverages optical transport technologies such as Resilient Packet Ring (RPR), SDH, and DWDM/CWDM to integrate Ethernet, IP, storage, and TDM services to deliver next-generation voice, data services, and more. Controller Cards is one of the control cards
| VAR-201404-0579 | CVE-2014-2142 | Cisco ONS 15454 Service operation interruption in controller card software (DoS) Vulnerabilities |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Cisco ONS 15454 controller cards with software 10.0 and earlier allow remote attackers to cause a denial of service (card reload) via a crafted HTTP URI, aka Bug ID CSCun06870. Cisco ONS 15454 System Software is prone to a denial-of-service vulnerability.
An attacker can exploit this issue to cause the control card to reset, denying service to legitimate users.
This issue is being tracked by Cisco bug ID CSCun06870. Cisco ONS 15454 is a set of optical network multi-service transmission platform of American Cisco (Cisco). The platform leverages optical transport technologies such as Resilient Packet Ring (RPR), SDH, and DWDM/CWDM to integrate Ethernet, IP, storage, and TDM services to deliver next-generation voice, data services, and more. Controller Cards is one of the control cards
| VAR-201404-0578 | CVE-2014-2141 | Cisco ONS 15454 Service disruption in controller card session termination function (DoS) Vulnerabilities |
CVSS V2: 4.0 CVSS V3: - Severity: MEDIUM |
The session-termination functionality on Cisco ONS 15454 controller cards with software 9.6 and earlier does not initialize an unspecified pointer, which allows remote authenticated users to cause a denial of service (card reset) via crafted session-close actions, aka Bug ID CSCug97416. Cisco ONS 15454 The controller card's session termination function does not initialize unspecified pointers. ( Card reset ) There are vulnerabilities that are put into a state. Cisco ONS 15454 System Software is prone to a denial-of-service vulnerability.
An attacker can exploit this issue to cause the control card to reset, denying service to legitimate users.
This issue is being tracked by Cisco bug ID CSCug97416. Cisco ONS 15454 is a set of optical network multi-service transmission platform of American Cisco (Cisco). The platform leverages optical transport technologies such as Resilient Packet Ring (RPR), SDH, and DWDM/CWDM to integrate Ethernet, IP, storage, and TDM services to deliver next-generation voice, data services, and more. Controller Cards is one of the control cards. The vulnerability is caused by the fact that the program does not have an initialization pointer
| VAR-201404-0740 | No CVE | Comtrend CT-5361T ADSL Router 'password.cgi' Password Disclosure Vulnerability |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
Comtrend CT-5361T ADSL Router is an ADSL router product of Comtrend.
A password leak vulnerability exists in the Comtrend CT-5361T ADSL Router, which is due to a design error. An attacker could use this vulnerability to obtain sensitive information. The Comtrend CT-5361T using A111-312SSG-T02_R01 firmware has vulnerabilities, and other versions may also be affected. Successfully exploiting this issue may lead to other attacks
| VAR-201404-0716 | No CVE | Halon Security Router Multiple Security Vulnerabilities |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Halon Security Router is a router product from Halon Security, USA.
There are multiple security vulnerabilities in Halon Security Router 3.2-winter-r1 and earlier versions: 1. Cross-site scripting vulnerability 2. Cross-site request forgery vulnerability 3. Open redirection vulnerability. When a user browses an affected website, their browser executes arbitrary script code provided by the attacker. This could lead to attackers stealing cookie-based authentication, performing unauthorized operations, or redirecting users to malicious websites. Other attacks are also possible
| VAR-201404-0334 | CVE-2014-2384 | Windows Run on VMware Workstation and VMware Player of vmx86.sys Service disruption in (DoS) Vulnerabilities |
CVSS V2: 4.9 CVSS V3: - Severity: MEDIUM |
vmx86.sys in VMware Workstation 10.0.1 build 1379776 and VMware Player 6.0.1 build 1379776 on Windows might allow local users to cause a denial of service (read access violation and system crash) via a crafted buffer in an IOCTL call. NOTE: the researcher reports "Vendor rated issue as non-exploitable.". VMware Player is a free software that allows PC users to easily run virtual machines on Windows or Linux PCs. VMWare Workstation is a popular virtual machine application. Allows a local attacker to cause a blue screen, causing the system to crash.
Local attackers with access to a guest operating system can exploit this issue to crash the host operating system, effectively denying service to legitimate users.
The Blue Screen is triggered because the vulnerable function doesn\x92t
check if a pointer to a memory page is valid or not, thus causing a
memory access violation by trying to read from an unallocated memory page.
Further details at:
https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2384/
Copyright:
Copyright (c) Portcullis Computer Security Limited 2014, All rights
reserved worldwide. Permission is hereby granted for the electronic
redistribution of this information. It is not to be edited or altered in
any way without the express written consent of Portcullis Computer
Security Limited.
Disclaimer:
The information herein contained may change without notice. Use of this
information constitutes acceptance for use in an AS IS condition. There
are NO warranties, implied or otherwise, with regard to this information
or its use. Any use of this information is at the user's risk. In no
event shall the author/distributor (Portcullis Computer Security
Limited) be held liable for any damages whatsoever arising out of or in
connection with the use or spread of this information
| VAR-201404-0447 | CVE-2014-2925 | ASUS RT-AC68U And other RT Series router firmware Advanced_Wireless_Content.asp Vulnerable to cross-site scripting |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
Cross-site scripting (XSS) vulnerability in Advanced_Wireless_Content.asp in ASUS RT-AC68U and other RT series routers with firmware before 3.0.0.4.374.5047 allows remote attackers to inject arbitrary web script or HTML via the current_page parameter to apply.cgi. ASUS RT-AC68U is a router device. A remote attacker can exploit a vulnerability to build a malicious URI, entice a user to resolve, obtain sensitive cookies, hijack a session, or perform malicious operations on the client.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. The vulnerability stems from the fact that the apply.cgi script does not filter the 'current_page' parameter correctly
| VAR-201404-0581 | CVE-2014-2144 | Cisco IOS XR Software ICMPv6 Processing Denial of Service Vulnerability |
CVSS V2: 6.1 CVSS V3: - Severity: MEDIUM |
Cisco IOS XR does not properly throttle ICMPv6 redirect packets, which allows remote attackers to cause a denial of service (IPv4 and IPv6 transit outage) via crafted redirect messages, aka Bug ID CSCum14266. Cisco IOS is the interconnected network operating system used on most Cisco system routers and network switches. A denial of service vulnerability exists in Cisco IOS XR.
Attackers can exploit this issue to cause all or most of the IPv4 and IPv6 traffic to fail while being processed on an affected device, denying service to legitimate users.
This issue is being tracked by Cisco Bug ID CSCum14266. The vulnerability is caused by the program not properly managing ICMPv6 redirected packets
| VAR-201404-0582 | CVE-2014-2145 | Cisco Unity Connection Messaging API Vulnerable to directory traversal |
CVSS V2: 4.0 CVSS V3: - Severity: MEDIUM |
Directory traversal vulnerability in the messaging API in Cisco Unity Connection allows remote authenticated users to read arbitrary files via vectors related to unenforced access constraints for .wav files and the audio/x-wav MIME type, aka Bug ID CSCun91071. Cisco Unity Connection is prone to a directory-traversal vulnerability.
Exploiting this issue can allow an attacker to gain access to arbitrary files. Information harvested may aid in launching further attacks.
This issue is being tracked by Cisco Bug ID CSCun91071. The platform can use voice commands to make calls or listen to messages "hands-free"
| VAR-201404-0476 | CVE-2014-0331 | Fortinet FortiADC D-series contains a cross-site scripting vulnerability |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
Cross-site scripting (XSS) vulnerability in the web administration interface in FortiADC with firmware before 3.2.1 allows remote attackers to inject arbitrary web script or HTML via the locale parameter to gui_partA/. (CWE-79). Fortinet Provided by FortiADC Contains a cross-site scripting vulnerability. Fortinet Provided by FortiADC Is /FortiADC/gui_partA/?locale=en of locale There is a problem with parameter processing and cross-site scripting (CWE-79) Vulnerabilities exist.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.
FortiADC versions 3.2.0 and prior are vulnerable. FortiADC is an application delivery controller from Fortinet, which optimizes network availability, user experience, mobile performance and cloud-based enterprise application control, and enhances server efficiency and reduces data center network complexity. and cost. The vulnerability is due to the fact that the gui_partA/ URI does not adequately filter the 'locale' parameter
| VAR-201404-0565 | CVE-2014-2114 | Cisco Emergency Responder Cross-Site Scripting Vulnerability |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
Cross-site scripting (XSS) vulnerability in UserServlet in Cisco Emergency Responder (ER) 8.6 and earlier allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCun24384. It ensures that Cisco Callmanager can transfer emergency calls directly to the appropriate Public Safety Answering Point (PSAP).
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
This issue is being tracked by Cisco Bug ID CSCun24384. The software provides features such as real-time location tracking database and caller's location
| VAR-201404-0566 | CVE-2014-2115 | Cisco Emergency Responder Cross-Site Request Forgery Vulnerability |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
Multiple cross-site request forgery (CSRF) vulnerabilities in CERUserServlet pages in Cisco Emergency Responder (ER) 8.6 and earlier allow remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCun24250. This vulnerability Bug ID CSCun24250 It is released as.A third party may be able to hijack the authentication of any user. It ensures that Cisco Callmanager can transfer emergency calls directly to the appropriate Public Safety Answering Point (PSAP).
Exploiting the issue may allow a remote attacker to perform certain unauthorized actions. This may lead to further attacks.
This issue is being tracked by Cisco Bug ID CSCun24250. The software provides features such as real-time location tracking database and caller's location
| VAR-201404-0567 | CVE-2014-2116 | Cisco Emergency Responder In Web Page insertion vulnerability |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
Cisco Emergency Responder (ER) 8.6 and earlier allows remote attackers to inject web pages and modify dynamic content via unspecified parameters, aka Bug ID CSCun37882. The Cisco Emergency Responder (ER) enhances the emergency call capabilities of Cisco CallManager. It ensures that Cisco Callmanager can transfer emergency calls directly to the appropriate Public Safety Answering Point (PSAP).
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
These issues are being tracked by Cisco Bug ID CSCun37882. The software provides features such as real-time location tracking database and caller's location
| VAR-201404-0568 | CVE-2014-2117 | Cisco Emergency Responder Open redirect vulnerability |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
Multiple open redirect vulnerabilities in Cisco Emergency Responder (ER) 8.6 and earlier allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified parameters, aka Bug ID CSCun37909. Cisco Emergency Responder (ER) Contains an open redirect vulnerability. It ensures that Cisco Callmanager can transfer emergency calls directly to the appropriate Public Safety Answering Point (PSAP).
An attacker can leverage this issue by constructing a crafted URI and enticing a user to follow it. When an unsuspecting victim follows the link, they may be redirected to an attacker-controlled site; this may aid in phishing attacks. Other attacks are possible.
This issue is being tracked by Cisco Bug ID CSCun37909. The software provides features such as real-time location tracking database and caller's location
| VAR-201404-0580 | CVE-2014-2143 | Cisco IOS and IOS XE of IKE Service disruption in implementations (DoS) Vulnerabilities |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
The IKE implementation in Cisco IOS 15.4(1)T and earlier and IOS XE allows remote attackers to cause a denial of service (security-association drop) via crafted Main Mode packets, aka Bug ID CSCun31021. Cisco IOS is the interconnected network operating system used on most Cisco system routers and network switches. The fake IKE Main Mode packet was not processed correctly due to the program. This allows unauthenticated remote attackers to remove security associations that have already been established on the affected device.
This issue is being tracked by Cisco Bug ID CSCun31021