Weekly Update: a new vulnerability is published on the National Vulnerability Database (16 items)

New vulnerabilities from the NVD: CVE-2013-7245 The Backup Server component in SAP Sybase ASE 15.7 before SP51 allows remote attackers to bypass access restrictions and perform database dumps by leveraging failure to validate credentials, aka SAP Security Note 1927859. Published at: April 24, 2018 at 11:29PM View on website April 25, 2018 at 02:15AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2013-3947 Buffer overflow in MedCoreD.sys in AhnLab V3 Internet Security 8.0.7.5 (Build 1373) allows local users to gain privileges via a crafted 0xA3350014 IOCTL call. Published at: April 24, 2018 at 11:29PM View on website April 25, 2018 at 02:15AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2014-5014 The WordPress Flash Uploader plugin before 3.1.3 for WordPress allows remote attackers to execute arbitrary commands via vectors related to invalid characters in image_magic_path. Published at: April 25, 2018 at 08:29PM View on website April 25, 2018 at 10:15PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2014-0882 Integrated Management Module II (IMM2) on IBM Flex System, NeXtScale, System x3xxx, and System x iDataPlex systems might allow remote authenticated users to obtain sensitive account information via vectors related to generated Service Advisor data (FFDC). IBM X-Force ID: 91149. Published at: April 25, 2018 at 11:29PM View on website April 26, 2018 at 02:15AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2014-0881 The TPM on Integrated Management Module II (IMM2) on IBM Flex System x222 servers with firmware 1.00 through 3.56 allows remote attackers to obtain sensitive key information or cause a denial of service by leveraging an incorrect configuration. IBM X-Force ID: 91146. Published at: April 25, 2018 at 11:29PM View on website April 26, 2018 at 02:15AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2014-0872 The installation process in IBM Security Key Lifecycle Manager 2.5 stores unencrypted credentials, which might allow local users to obtain sensitive information by leveraging root access. IBM X-Force ID: 90988. Published at: April 25, 2018 at 11:29PM View on website April 26, 2018 at 02:15AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2015-1857 The odl-mdsal-apidocs feature in OpenDaylight Helium allow remote attackers to obtain sensitive information by leveraging missing AAA restrictions. Published at: April 27, 2018 at 07:29PM View on website April 27, 2018 at 11:03PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2014-2552 Brookins Consulting (BC) Collected Information Export extension for eZ Publish 1.1.0 does not properly restrict access, which allows remote attackers to gain access to sensitive data. Published at: April 27, 2018 at 07:29PM View on website April 27, 2018 at 11:03PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2014-1846 Enlightenment before 0.17.6 might allow local users to gain privileges via vectors involving the gdb method. Published at: April 27, 2018 at 07:29PM View on website April 27, 2018 at 11:03PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2014-1845 An unspecified setuid root helper in Enlightenment before 0.17.6 allows local users to gain privileges by leveraging failure to properly sanitize the environment. Published at: April 27, 2018 at 07:29PM View on website April 27, 2018 at 11:03PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2014-0841 IBM Rational Focal Point 6.4.0, 6.4.1, 6.5.1, 6.5.2, and 6.6.0 use a weak algorithm to hash passwords, which makes it easier for context-dependent attackers to obtain cleartext values via a brute-force attack. IBM X-Force ID: 90704. Published at: April 27, 2018 at 07:29PM View on website April 27, 2018 at 11:03PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2013-7202 The WebHybridClient class in PayPal 5.3 and earlier for Android allows remote attackers to execute arbitrary JavaScript on the system. Published at: April 27, 2018 at 07:29PM View on website April 27, 2018 at 11:03PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2013-7201 WebHybridClient.java in PayPal 5.3 and earlier for Android ignores SSL errors, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information. Published at: April 27, 2018 at 07:29PM View on website April 27, 2018 at 11:03PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2013-6739 IBM SPSS Modeler before 16 on UNIX allows remote authenticated users to bypass intended access restrictions via an SSO token. IBM X-Force ID: 89855. Published at: April 27, 2018 at 07:29PM View on website April 27, 2018 at 11:03PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2013-5461 IBM Endpoint Manager for Remote Control 9.0.0 and 9.0.1 and Tivoli Remote Control 5.1.2 store multiple hashes of partial passwords, which make it easier for remote attackers to decrypt passwords by leveraging access to the hashes. IBM X-Force ID: 88309. Published at: April 27, 2018 at 07:29PM View on website April 27, 2018 at 11:03PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2013-5391 IBM Worklight Consumer and Enterprise Editions 5.0.x before 5.0.6 Fix Pack 2 and 6.0.x before 6.0.0 Fix Pack 2, and Mobile Foundation Consumer and Enterprise Editions 5.0.x before 5.0.6 Fix Pack 2 and 6.0.0 Fix Pack 2 make it easier for attackers to defeat cryptographic protection mechanisms by leveraging improper initialization of the pseudo random number generator (PRNG) in Android and use the Java Cryptography Architecture (JCA) by a Worklight program. IBM X-Force ID: 87128. Published at: April 27, 2018 at 07:29PM View on website April 27, 2018 at 11:03PM via National Vulnerability Database