CVE-2014-4039 (enterprise_linux_server, linux_enterprise_server, ppc64-diag)

CVE-2014-4039 (enterprise_linux_server, linux_enterprise_server, ppc64-diag)

ppc64-diag 2.6.1 uses 0775 permissions for /tmp/diagSEsnap and does not properly restrict permissions for /tmp/diagSEsnap/snapH.tar.gz, which allows local users to obtain sensitive information by reading files in this archive, as demonstrated by /var/log/messages and /etc/yaboot.conf.

Source: CVE-2014-4039 (enterprise_linux_server, linux_enterprise_server, ppc64-diag)

CVE-2014-3994 (djblets, reviewboard)

CVE-2014-3994 (djblets, reviewboard)

Cross-site scripting (XSS) vulnerability in util/templatetags/djblets_js.py in Djblets before 0.7.30 and 0.8.x before 0.8.3 for Django, as used in Review Board, allows remote attackers to inject arbitrary web script or HTML via a JSON object, as demonstrated by the name field when changing a user name.

Source: CVE-2014-3994 (djblets, reviewboard)

CVE-2014-2176 (asr_9001, asr_9006, asr_9010, asr_9904, asr_9912, asr_9922, ios_xr)

CVE-2014-2176 (asr_9001, asr_9006, asr_9010, asr_9904, asr_9912, asr_9922, ios_xr)

Cisco IOS XR 4.1.2 through 5.1.1 on ASR 9000 devices, when a Trident-based line card is used, allows remote attackers to cause a denial of service (NP chip and line card reload) via malformed IPv6 packets, aka Bug ID CSCun71928.

Source: CVE-2014-2176 (asr_9001, asr_9006, asr_9010, asr_9904, asr_9912, asr_9922, ios_xr)

CVE-2014-2776 (internet_explorer)

CVE-2014-2776 (internet_explorer)

Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1769, CVE-2014-1782, CVE-2014-1785, CVE-2014-2753, CVE-2014-2755, CVE-2014-2760, CVE-2014-2761, and CVE-2014-2772.

Source: CVE-2014-2776 (internet_explorer)

CVE-2014-2775 (internet_explorer)

CVE-2014-2775 (internet_explorer)

Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1773, CVE-2014-1783, CVE-2014-1784, CVE-2014-1786, CVE-2014-1795, CVE-2014-1805, CVE-2014-2758, CVE-2014-2759, CVE-2014-2765, and CVE-2014-2766.

Source: CVE-2014-2775 (internet_explorer)

CVE-2014-1795 (internet_explorer)

CVE-2014-1795 (internet_explorer)

Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1773, CVE-2014-1783, CVE-2014-1784, CVE-2014-1786, CVE-2014-1805, CVE-2014-2758, CVE-2014-2759, CVE-2014-2765, CVE-2014-2766, and CVE-2014-2775.

Source: CVE-2014-1795 (internet_explorer)