Posted on

CVE-2014-2651 (openscape_desk_phone_ip_35g_eco_firmware, openscape_desk_phone_ip_35g_firmware, openscape_desk_phone_ip_55g_firmware, openstage_15_firmware, openstage_15_g_firmware, openstage_20_e_firmware, openstage_20_firmware, openstage_20_g_firmware, openstage_40_firmware, openstage_40_g_firmware, openstage_60_firmware, openstage_60_g_firmware, openstage_80_firmware, openstage_80_g_firmware)

Unify OpenStage/OpenScape Desk Phone IP SIP before V3 R3.11.0 has an authentication bypass in the default mode of the Workpoint Interface

Posted on

CVE-2014-2271 (p2-6011_firmware, wps_office)

cn.wps.moffice.common.beans.print.CloudPrintWebView in Kingsoft Office 5.3.1, as used in Huawei P2 devices before V100R001C00B043, falls back to HTTP when the HTTPS connection to the registry fails, which allows man-in-the-middle attackers to conduct downgrade attacks and execute arbitrary Java code by leveraging a network position between the client and the registry to block HTTPS traffic.

Posted on

CVE-2012-3490 (condor)

The (1) my_popenv_impl and (2) my_spawnv functions in src/condor_utils/my_popen.cpp and the (3) systemCommand function in condor_vm-gahp/vmgahp_common.cpp in Condor 7.6.x before 7.6.10 and 7.8.x before 7.8.4 does not properly check the return value of setuid calls, which might cause a subprocess to be created with root privileges and allow remote attackers to gain privileges via unspecified vectors.