Monthly Archives: April 2015

NVD

CVE-2015-0693 (web_security_appliance)

Cisco Web Security Appliance (WSA) devices with software 8.5.0-ise-147 do not properly restrict use of the pickle Python module during certain tunnel-status checks, which allows local users to execute arbitrary Python code and gain privileges via a crafted pickle file, aka Bug ID CSCut39259.

NVD

CVE-2015-0696 (telepresence_tc_software)

Cross-site scripting (XSS) vulnerability in the login page in Cisco TC Software before 7.1.0 on Cisco TelePresence Collaboration Desk and Room Endpoints devices allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCuq94977.

NVD

CVE-2015-0697 (telepresence_tc_software)

Open redirect vulnerability in the login page in Cisco TC Software before 6.3-26 and 7.x before 7.3.0 on Cisco TelePresence Collaboration Desk and Room Endpoints devices allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka Bug ID CSCuq94980.

NVD

CVE-2015-0698 (web_security_appliance)

Multiple cross-site scripting (XSS) vulnerabilities in filter search forms in admin web pages on Cisco Web Security Appliance (WSA) devices with software 8.5.0-497 allow remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCut39213.

US-CERT

Adobe Releases Security Updates for Flash Player, ColdFusion and Flex

Original release date: April 15, 2015

Adobe has released three security updates to address multiple vulnerabilities in Flash Player, ColdFusion, and Flex. Exploitation of these vulnerabilities could potentially allow an attacker to take control of the affected system, or lead to a reflected cross-site scripting attack.

Users and administrators are encouraged to review Adobe Security Bulletins APSB15-06, APSB15-07, and APSB15-08 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.