CVE-2014-2532CVE-2014-2532

Affected configuration(s):

cpe:/a:openbsd:openssh:6.0
cpe:/a:openbsd:openssh:6.1
cpe:/a:openbsd:openssh:6.2
cpe:/a:openbsd:openssh:6.3
cpe:/a:openbsd:openssh:6.4
cpe:/a:openbsd:openssh:6.5
cpe:/a:oracle:communications_user_data_repository:10.0.1

Date published: 2014-03-18T01:18:19.000-04:00

Date last modified: 2017-08-28T21:34:31.810-04:00

CVSS Score: 5.8

Principal attack vector: NETWORK

Complexity:  MEDIUM

Reference URL: http://advisories.mageia.org/MGASA-2014-0143.html

Summary: sshd in OpenSSH before 6.6 does not properly support wildcards on AcceptEnv lines in sshd_config, which allows remote attackers to bypass intended environment restrictions by using a substring located before a wildcard character.

CVE-2014-3576CVE-2014-3576

Affected configuration(s):

cpe:/a:apache:activemq:5.10.0
cpe:/a:oracle:business_intelligence_publisher:12.2.1.0.0
cpe:/a:oracle:fusion_middleware:8.1
cpe:/a:oracle:fusion_middleware:9.0
cpe:/a:oracle:fusion_middleware:11.1.1.7.4
cpe:/a:oracle:fusion_middleware:12.1.3.0.0

Date published: 2015-08-14T14:59:00.097-04:00

Date last modified: 2016-12-06T22:00:36.200-05:00

CVSS Score: 5.0

Principal attack vector: NETWORK

Complexity:  LOW

Reference URL: http://activemq.2283324.n4.nabble.com/About-CVE-2014-3576-tp4699628.html

Summary: The processControlCommand function in broker/TransportConnection.java in Apache ActiveMQ before 5.11.0 allows remote attackers to cause a denial of service (shutdown) via a shutdown command.

CVE-2014-9765CVE-2014-9765

Affected configuration(s):

cpe:/a:xdelta:xdelta3:3.0.8
cpe:/o:canonical:ubuntu_linux:14.04::~~lts~~~
cpe:/o:canonical:ubuntu_linux:15.10
cpe:/o:debian:debian_linux:7.0
cpe:/o:debian:debian_linux:8.0
cpe:/o:novell:opensuse:13.1
cpe:/o:novell:opensuse:13.2

Date published: 2016-04-19T17:59:01.100-04:00

Date last modified: 2017-06-30T21:29:11.577-04:00

CVSS Score: 6.8

Principal attack vector: NETWORK

Complexity:  MEDIUM

Reference URL: http://lists.opensuse.org/opensuse-updates/2016-02/msg00125.html

Summary: Buffer overflow in the main_get_appheader function in xdelta3-main.h in xdelta3 before 3.0.9 allows remote attackers to execute arbitrary code via a crafted input file.

CVE-2014-9655CVE-2014-9655

Affected configuration(s):

cpe:/a:remotesensing:libtiff:4.0.6
cpe:/o:debian:debian_linux:7.0
cpe:/o:debian:debian_linux:8.0

Date published: 2016-04-13T13:59:00.113-04:00

Date last modified: 2017-11-03T21:29:01.677-04:00

CVSS Score: 4.3

Principal attack vector: NETWORK

Complexity:  MEDIUM

Reference URL: http://openwall.com/lists/oss-security/2015/02/07/5

Summary: The (1) putcontig8bitYCbCr21tile function in tif_getimage.c or (2) NeXTDecode function in tif_next.c in LibTIFF allows remote attackers to cause a denial of service (uninitialized memory access) via a crafted TIFF image, as demonstrated by libtiff-cvs-1.tif and libtiff-cvs-2.tif.

CVE-2014-6276CVE-2014-6276

Affected configuration(s):

cpe:/a:roundup-tracker:roundup:1.5.0
cpe:/o:debian:debian_linux:7.0
cpe:/o:debian:debian_linux:8.0

Date published: 2016-04-13T10:59:00.140-04:00

Date last modified: 2016-04-20T13:24:22.203-04:00

CVSS Score: 4.0

Principal attack vector: NETWORK

Complexity:  LOW

Reference URL: http://hg.code.sf.net/p/roundup/code/rev/a403c29ffaf9

Summary: schema.py in Roundup before 1.5.1 does not properly limit attributes included in default user permissions, which might allow remote authenticated users to obtain sensitive user information by viewing user details.

CVE-2014-9766CVE-2014-9766

Affected configuration(s):

cpe:/a:pixman:pixman:0.32.5
cpe:/o:canonical:ubuntu_linux:12.04::~~lts~~~
cpe:/o:canonical:ubuntu_linux:14.04::~~lts~~~

Date published: 2016-04-13T10:59:01.267-04:00

Date last modified: 2016-12-02T22:02:14.157-05:00

CVSS Score: 7.5

Principal attack vector: NETWORK

Complexity:  LOW

Reference URL: http://www.debian.org/security/2016/dsa-3525

Summary: Integer overflow in the create_bits function in pixman-bits-image.c in Pixman before 0.32.6 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via large height and stride values.

CVE-2014-9759CVE-2014-9759

Affected configuration(s):

cpe:/a:mantisbt:mantisbt:1.3.0:rc1

Date published: 2016-04-11T17:59:00.163-04:00

Date last modified: 2016-12-02T22:02:12.987-05:00

CVSS Score: 5.0

Principal attack vector: NETWORK

Complexity:  LOW

Reference URL: http://sourceforge.net/p/mantisbt/mailman/message/32948048/

Summary: Incomplete blacklist vulnerability in the config_is_private function in config_api.php in MantisBT 1.3.x before 1.3.0 allows remote attackers to obtain sensitive master salt configuration information via a SOAP API request.

CVE-2014-5361CVE-2014-5361

Affected configuration(s):

cpe:/a:landesk:landesk_management_suite:9.6

Date published: 2015-04-21T11:59:00.090-04:00

Date last modified: 2016-04-07T09:37:59.197-04:00

CVSS Score: 6.8

Principal attack vector: NETWORK

Complexity:  MEDIUM

Reference URL: http://packetstormsecurity.com/files/131496/Landesk-Management-Suite-9.5-RFI-CSRF.html

Summary: Multiple cross-site request forgery (CSRF) vulnerabilities in Landesk Management Suite 9.6 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) start, (2) stop, or (3) restart services via a request to remote/serverServices.aspx.