CVE-2014-1796
published 2014-06-11CVE-2014-1796: Microsoft Internet Explorer 6 and 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted…
PriorityP259critical9.3CVSS 2.0
AVNACMAuNCCICAC
EXPLOIT
EPSS
20.69%
97.2th percentile
Microsoft Internet Explorer 6 and 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | internet_explorer | — | — |
| microsoft | internet_explorer | — | — |
| microsoft | internet_explorer | — | — |
| microsoft | internet_explorer | — | — |
| microsoft | internet_explorer | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Unit42
Palo Alto Networks Identifies 21 New Critical Vulnerabilities in Internet Explorer
blogs_unit42·2014-06-10·CVSS 9.3
[CRITICAL] Palo Alto Networks Identifies 21 New Critical Vulnerabilities in Internet Explorer
Today, Microsoft patched 59 Internet Explorer vulnerabilities, 21 of them discovered by Palo Alto Networks researchers. Palo Alto Networks is committed not only to detecting attacks, but preventing them as well.
Our internal research team discovered each of these 21 vulnerabilities and reported them to Microsoft so they could begin building and testing patches. Microsoft has already credited our team with 14 previous IE vulnerabilities in 2014, bringing our total for the year up to 35. We want to acknowledge Palo Alto Networks researchers Bo Qu, Hui Gao, Royce Lu, Xin Ouyang and the entire IPS team for all of the hard work they’ve put into discovering and validating these vulnerabilities.
### Here’s what you need to know
- All 21 vulnerabilities are rated Critical because they allow for
Unit42
Palo Alto Networks Identifies 21 New Critical Vulnerabilities in Internet Explorer
blogs_unit42·2014-06-10·CVSS 9.3
[CRITICAL] Palo Alto Networks Identifies 21 New Critical Vulnerabilities in Internet Explorer
## Palo Alto Networks Identifies 21 New Critical Vulnerabilities in Internet Explorer
Ryan Olson
Published: June 10, 2014
Threat Research
Vulnerabilities
Internet Explorer
Microsoft
Microsoft Security Bulletin
Patch Tuesday
Today, Microsoft patched 59 Internet Explorer vulnerabilities, 21 of them discovered by Palo Alto Networks researchers. Palo Alto Networks is committed not only to detecting attacks, but preventing them as well.
Our internal research team discovered each of these 21 vulnerabilities and reported them to Microsoft so they could begin building and testing patches. Microsoft has already credited our team with 14 previous IE vulnerabilities in 2014, bringing our total for the year up to 35. We want to acknowledge Palo Alto Networks researchers Bo Qu, Hui Gao, Royc
Bugzilla
CVE-2014-3674 OpenShift Enterprise: gears fail to properly isolate network traffic
bugzilla·2014-09-30·CVSS 7.5
CVE-2014-3674 [HIGH] CVE-2014-3674 OpenShift Enterprise: gears fail to properly isolate network traffic
CVE-2014-3674 OpenShift Enterprise: gears fail to properly isolate network traffic
It was reported that OpenShift Enterprise fails to properly restrict access to
network resources between different gears. This could allow an attacker to
access an unprotected network resource running in another users gear.
Discussion:
Verified and pass on OSE-2.2
oo-gear-firewall was kick off to fix the security issue.
For new installation, new security rules have been enabled.
For exist instance, oo-gear-firewall should be run to fix the security issue
---
This issue has been addressed in the following products:
RHEL 6 Version of OpenShift Enterprise 2.2
Via RHSA-2014:1796 https://rhn.redhat.com/errata/RHSA-2014-1796.html
---
IssueDescription:
It was found that OpenShift Enterprise 2.1 did not pr
Bugzilla
CVE-2014-3602 OpenShift: /proc/net/tcp information disclosure
bugzilla·2014-08-19·CVSS 2.1
CVE-2014-3602 [LOW] CVE-2014-3602 OpenShift: /proc/net/tcp information disclosure
CVE-2014-3602 OpenShift: /proc/net/tcp information disclosure
OpenShift fails to restrict access to /proc/net/tcp which allows local users
to view all listening connections and connected sockets. This can result in
remote systems IP/port numbers in use being exposed which may be useful for
further targeted attacks. Please note that for local listeners OpenShift
restricts connections to within the cartridge by default, so even with the
knowledge of the local port and ip the attacker will not be able to connect.
Discussion:
*** Bug 817596 has been marked as a duplicate of this bug. ***
---
*** Bug 1147598 has been marked as a duplicate of this bug. ***
---
This issue has been addressed in the following products:
RHEL 6 Version of OpenShift Enterprise 2.2
Via RHSA-2014:1796 https://r
http://www.securityfocus.com/bid/67889http://www.securitytracker.com/id/1030370https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-035http://www.securityfocus.com/bid/67889http://www.securitytracker.com/id/1030370https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-035
2014-06-11
Published