-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------
VMware Security Advisory
Advisory ID: VMSA-2015-0003.2
Synopsis: VMware product updates address critical information
disclosure issue in JRE.
Issue date: 2015-04-02
Updated on: 2015-04-13
CVE number: CVE-2014-6593, for other CVEs see JRE reference
- ------------------------------------------------------------------------
1. Summary
VMware product updates address critical information disclosure
issue in JRE.
2. Relevant Releases
Horizon View 6.x or 5.x
Horizon Workspace Portal Server 2.1 or 2.0
Horizon DaaS Platform 6.1.4 or 5.4.5
vRealize Operations Manager 6.0
vCenter Operations Manager 5.8.x or 5.7.x
vRealize Application Services 6.2 or 6.1
vCloud Application Director 6.0
vRealize Automation 6.2 or 6.1
vCloud Automation Center 6.0.1
vSphere Replication prior to 5.8.0.2 or 5.6.0.3
vRealize Automation 6.2.x or 6.1.x
vRealize Code Stream 1.1 or 1.0
vRealize Hyperic 5.8.x, 5.7.x or 5.0.x
vSphere AppHA Prior to 1.1.x
vCenter Chargeback Manager 2.7 or 2.6
vRealize Business Adv/Ent 8.1 or 8.0
vRealize Business Standard prior to 1.1.x or 1.0.x
NSX for Multi-Hypervisor prior to 4.2.4
vCloud Director prior to 5.5.3
vCloud Director Service Providers prior to 5.6.4.1
vRealize Configuration Manager 5.7.x or 5.6.x
vRealize Infrastructure 5.8 or 5.7
vRealize Log Insight 2.5, 2.0, 1.5 or 1.0
3. Problem Description
a. Oracle JRE Update
Oracle JRE is updated in VMware products to address a
critical security issue that existed in earlier releases of
Oracle JRE.
VMware products running JRE 1.7 Update 75 or newer and
JRE 1.6 Update 91 or newer are not vulnerable to CVE-2014-6593,
as documented in the Oracle Java SE Critical Patch Update
Advisory of January 2015.
This advisory also includes the other security issues that
are addressed in JRE 1.7 Update 75 and JRE 1.6 Update 91. The
References section provides a link to the JRE advisory.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the identifier CVE-2014-6593 to this issue. This
issue is also known as "SKIP" or "SKIP-TLS".
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch**
============= ======= ======= =================
Horizon View 6.x any 6.1
Horizon View 5.x any 5.3.4
Horizon Workspace Portal 2.1 ,2.0 any 2.1.1
Server
Horizon DaaS Platform 6.1 any 6.1.4
Horizon DaaS Platform 6.0 any patch pending
Horizon DaaS Platform 5.4 any 5.4.5
vCloud Networking and Security 5.5 any patch pending*
vCloud Connector 2.7 any patch pending*
vCloud Usage Meter 3.3 any patch pending*
vCenter Site Recovery Manager 5.5.x any patch pending***
vCenter Site Recovery Manager 5.1.x any patch pending***
vCenter Site Recovery Manager 5.0.x any patch pending***
vCenter Server 6.0 any patch pending
vCenter Server 5.5 any patch pending
vCenter Server 5.1 any patch pending
vCenter Server 5.0 any patch pending
vRealize Operations Manager 6.0 any KB2112028
vCenter Operations Manager 5.8.x any KB2111172
vCenter Operations Manager 5.7.x any KB2111172
vCenter Support Assistant 5.5.1.x any patch pending
vRealize Application Services 6.2 any KB2111981
vRealize Application Services 6.1 any KB2111981
vCloud Application Director 6.0 any KB2111981
vCloud Application Director 5.2 any KB2111981
vRealize Automation 6.2 any KB2111658
vRealize Automation 6.1 any KB2111658
vCloud Automation Center 6.0.1 any KB2111658
vRealize Code Stream 1.1 any KB2111658
vRealize Code Stream 1.0 any KB2111658
vPostgres 9.3.x any patch pending
vPostgres 9.2.x any patch pending
vPostgres 9.1.x any patch pending
vSphere Replication 5.8.1 any patch pending
vSphere Replication 5.8.0 any 5.8.0.2
vSphere Replication 5.6.0 any 5.6.0.3
vSphere Replication 5.1 any patch pending
vSphere Storage Appliance 5.x any patch pending*
vRealize Hyperic 5.8 any KB2111337
vRealize Hyperic 5.7 any KB2111337
vRealize Hyperic 5.0 any KB2111337
vSphere AppHA 1.1 any KB2111336
vSphere Big Data Extensions 2.1 any patch pending*
vSphere Big Data Extensions 2.0 any patch pending*
vSphere Data Protection 6.0 any patch pending*
vSphere Data Protection 5.8 any patch pending*
vSphere Data Protection 5.5 any patch pending*
vSphere Data Protection 5.1 any patch pending*
vCenter Chargeback Manager 2.7 any KB2112011*
vCenter Chargeback Manager 2.6 any KB2113178*
vRealize Business Adv/Ent 8.1 any KB2112258*
vRealize Business Adv/Ent 8.0 any KB2112258*
vRealize Business Standard 6.0 any KB2111802
vRealize Business Standard 1.1 any KB2111802
vRealize Business Standard 1.0 any KB2111802
NSX for vSphere 6.1 any patch pending*
NSX for Multi-Hypervisor 4.2 any 4.2.4*
vCloud Director 5.5.x any 5.5.3*
vCloud Director For 5.6.4 any 5.6.4.1*
Service Providers
vCenter Application Discovery 7.0 any patch pending*
Manager
vRealize Configuration Manager 5.7.x any KB2111670
vRealize Configuration Manager 5.6 any KB2111670
vRealize Infrastructure 5.8 any 5.8.4
Navigator
vRealize Infrastructure 5.7 any KB2111334*
Navigator
vRealize Orchestrator 6.0 any patch pending*
vRealize Orchestrator 5.2 any patch pending*
vRealize Orchestrator 5.1 any patch pending*
vShield 5.5 any patch pending*
vRealize Log Insight 2.5 any KB2113235*
vRealize Log Insight 2.0 any KB2113235*
vRealize Log Insight 1.5 any KB2113235*
vRealize Log Insight 1.0 any KB2113235*
vSphere Management Assistant 5.x any patch pending
vSphere Update Manager 6.0 any patch pending*
vSphere Update Manager 5.5 any patch pending*
vSphere Update Manager 5.1 any patch pending*
vSphere Update Manager 5.0 any patch pending*
* The severity of critical is lowered to important for this product
as is not considered Internet facing
** Knowledge Base (KB) articles provides details of the patches and
how to install them.
*** vCenter Site Recovery Manager 5.0, 5.1, and 5.5 itself do not
include JRE but they include the vSphere Replication appliance
which has JRE. vCenter Site Recovery 5.8 and 6.0 do not include
JRE nor the vSphere Replication appliance.
4. Solution
Please review the patch/release notes for your product and
version and verify the checksum of your downloaded file.
Horizon View 6.1, 5.3.4:
========================
Downloads:
https://my.vmware.com/web/vmware/details?downloadGroup=VIEW-610-GA&productI
d=492
https://my.vmware.com/web/vmware/details?downloadGroup=VIEW-534-PREMIER&pro
ductId=396
VMware Workspace Portal 2.1.1
=============================
Download:
https://my.vmware.com/web/vmware/details?downloadGroup=HZNWS211&productId=5
01&rPId=7586
Documentation:
https://www.vmware.com/support/horizon_workspace/doc/wp_release_notes_211.h
tml
Horizon DaaS Platform 6.1.4
===========================
Download:
https://my.vmware.com/web/vmware/details?downloadGroup=HORIZON-DAAS-610-BIN
&productId=405&rPId=6527
Horizon DaaS Platform 5.4.5
===========================
Download:
https://my.vmware.com/web/vmware/details?downloadGroup=HORIZON-DAAS-ONPREM-
540&productId=398&rPId=5214
vRealize Operations Manager 6.0.1
=================================
Downloads and Documentation: http://kb.vmware.com/kb/2112028
vRealize Application Services 6.2, 6.1
======================================
Downloads and Documentation: http://kb.vmware.com/kb/2111981
vCloud Application Director 6.0
======================================
Downloads and Documentation: http://kb.vmware.com/kb/2111981
vCloud Director for Service Providers 5.6.4.1
=============================================
Downloads and Documentation:
https://www.vmware.com/support/pubs/vcd_sp_pubs.html
vCenter Operations Manager 6.0, 5.8.5, 5.7.4
=======================================
Downloads and Documentation: http://kb.vmware.com/kb/2111172
vCloud Automation Center 6.0.1.2
================================
Downloads and Documentation: http://kb.vmware.com/kb/2111685
vSphere Replication 5.8.0.2, 5.6.0.3
====================================
Downloads:
https://my.vmware.com/web/vmware/get-download?downloadGroup=VR5802
https://my.vmware.com/web/vmware/get-download?downloadGroup=VR5603
Documentation:
http://kb.vmware.com/kb/2112025
http://kb.vmware.com/kb/2112022
vRealize Automation 6.2.1, 6.1.1
================================
Downloads and Documentation: http://kb.vmware.com/kb/2111658
vRealize Code Stream 1.1, 1.0
=============================
Downloads and Documentation: http://kb.vmware.com/kb/2111685
vRealize Hyperic 5.8.4, 5.7.2, 5.0.3
====================================
Downloads and Documentation: http://kb.vmware.com/kb/KB2111337
vSphere AppHA 1.1.1
===================
Downloads and Documentation: http://kb.vmware.com/kb/2111336
vCenter Chargeback Manager 2.7
====================================
Downloads and Documentation: http://kb.vmware.com/kb/2112011
vCenter Chargeback Manager 2.6
====================================
Downloads and Documentation: http://kb.vmware.com/kb/2113178
vRealize Business Adv/Ent 8.1, 8.0
====================================
Downloads and Documentation: http://kb.vmware.com/kb/2112258
vRealize Business Standard 6.0, 1.1 , 1.0
=======================================
Downloads and Documentation: http://kb.vmware.com/kb/2111802
vRealize Configuration Manager 5.7.3
===================================
Downloads and Documentation: http://kb.vmware.com/kb/2111670
vRealize Infrastructure Navigator 5.8.4
=======================================
Download:
https://my.vmware.com/web/vmware/details?downloadGroup=VIN_584&productId=47
6
vRealize Infrastructure Navigator 5.7
=====================================
Downloads and Documentation: http://kb.vmware.com/kb/2111334
5. References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6593
JRE
Oracle Java SE Critical Patch Update Advisory of January 2015
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
- ------------------------------------------------------------------------
6. Change log
2015-04-02 VMSA-2015-0003
Initial security advisory in conjunction with the release of VMware
Horizon View 6.1, 5.3.4; vCenter Operations Manager 5.8.5;
vCenter Operations Manager 5.7.4; vCloud Automation Center
6.0.1.2; vSphere Replication 5.8.0.2, 5.6.0.3; vRealize
Automation 6.2.1, 6.1.1; vRealize Code Stream 1.1, 1.0;
vRealize Hyperic 5.8.4, 5.7.2, 5.0.3; vSphere AppHA 1.1.1;
vRealize Business Standard 1.1.1, 1.0.1; vRealize Configuration
Manager prior to 5.7.3; vRealize Infrastructure 5.7, 5.8.4 Patches
released on 2015-04-02.
2015-04-09 VMSA-2015-0003.1
Updated Security advisory in conjunction with the release of VMware
Horizon DaaS Platform 6.1.4, 5.4.5; vRealize Operations Manager 6.0;
vRealize Application Services 6.2; vRealize Application Services 6.1;
vCloud Application Director 6.0; vCenter Chargeback Manager 2.7, 2.6;
vCloud Director For Service Providers 5.6.4.1;
vRealize Log Insight 2.5, 2.0, 1.5, 1.0 Patches
released on 2015-04-09.
2015-04-13 VMSA-2015-0003.2
Updated Security advisory in conjunction with the release of
vRealize Business Adv/Ent 8.1, 8.0 Patches released
on 2015-04-13.
- ------------------------------------------------------------------------
7. Contact
E-mail list for product security notifications and announcements:
http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce
This Security Advisory is posted to the following lists:
security-announce at lists.vmware.com
bugtraq at securityfocus.com
fulldisclosure at seclists.org
E-mail: security at vmware.com
PGP key at: http://kb.vmware.com/kb/1055
VMware Security Advisories
http://www.vmware.com/security/advisories
Consolidated list of VMware Security Advisories
http://kb.vmware.com/kb/2078735
VMware Security Response Policy
https://www.vmware.com/support/policies/security_response.html
VMware Lifecycle Support Phases
https://www.vmware.com/support/policies/lifecycle.html
Twitter
https://twitter.com/VMwareSRC
Copyright 2015 VMware Inc. All rights reserved.
-----BEGIN PGP SIGNATURE-----
Version: Encryption Desktop 10.3.0 (Build 8741)
Charset: utf-8
wj8DBQFVLBMgDEcm8Vbi9kMRAvaaAKDrax6e77WldoyNU0b+OEym+b1tfgCfamxh
gjaTHulE0WVOGNNLpjHZ4jk=
=L8TV
-----END PGP SIGNATURE-----
Monthly Archives: April 2015
No Ransom: The National High Tech Crime Unit of the Netherlands’ police and Kaspersky Lab help victims to escape from CoinVault ransomware
Adaptive Defense 1.5, the enterprise solution that seeks security against advanced and targeted attacks
Panda Security announces Adaptive Defense 1.5, the new version of the managed service that ensures security against Advanced Persistent Threats (APTs) and targeted attacks in enterprise environments. Adaptive Defense has a disruptive approach compared to traditional blacklist-based malware detection systems.
The major new features of Adaptive Defense 1.5 include the disinfection service, the ability to view the status of endpoints in real-time and the ability to manage the settings from a single Web console.
Protection against targeted and zero-day attacks
An APT (Advanced Persistent Threats) is new generation malware that uses multiple infection vectors at the same time and for an extended period of time, remaining hidden on the computer, and whose main objectives are industrial espionage and data theft.
Traditional antivirus solutions are not capable of detecting these types of attacks, nor of disinfecting the computers infected by them. Adaptive Defense, however, proposes a new security model based on supervision, control and classification of the behavior and nature of every application run in order to provide robust and complete protection, only allowing legitimate applications (goodware) to run.
In addition, the ability to incorporate it into the customer’s existing infrastructure, coexisting with traditional antivirus solutions and with the SIEM solution used by the company, coupled with its disinfection capabilities, make Adaptive Defense the complete and definitive enterprise tool against all types of malware, including targeted and zero-day attacks.
“With the blocking modes of Adaptive Defense 1.5, we can ensure complete and robust protection for all companies. These modes only allow applications classified as goodware to run, making it the ideal solution for companies that require a ‘Zero Risk’ security policy”, explains Josu Franco, VP Corporate Development at Panda Security.
Real-time audit service
Adaptive Defense 1.5 constantly scans the applications that try to run, and automatically classifies all applications using Machine Learning techniques in Big Data environments under the supervision of specialized PandaLabs technicians. If malware is identified, the user receives instant warnings with a comprehensive report detailing the locations, infected machines and the actions performed by the malware. The execution graphs allow the administrator to view the events triggered by the malware, providing clear and thorough information about the actions performed by malware, the recipients of the messages and the files created. Furthermore, the new version of Adaptive Defense identifies software with known vulnerabilities installed on the network.
The post Adaptive Defense 1.5, the enterprise solution that seeks security against advanced and targeted attacks appeared first on MediaCenter Panda Security.
SB15-103: Vulnerability Summary for the Week of April 6, 2015
Original release date: April 13, 2015
The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.
The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
-
High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0
-
Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9
-
Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9
Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.
High Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| antlabs — inngate | The ANTlabs InnGate firmware on IG 3100, IG 3101, InnGate 3.00 E, InnGate 3.01 E, InnGate 3.02 E, InnGate 3.10 E, InnGate 3.01 G, and InnGate 3.10 G devices does not require authentication for rsync sessions, which allows remote attackers to read or write to arbitrary files via TCP traffic on port 873. | 2015-04-04 | 10.0 | CVE-2015-0932 CERT-VN CONFIRM MISC MISC |
| apache — subversion | The mod_dav_svn server in Subversion 1.8.0 through 1.8.11 allows remote attackers to cause a denial of service (memory consumption) via a large number of REPORT requests, which trigger the traversal of FSFS repository nodes. | 2015-04-08 | 7.8 | CVE-2015-0202 MANDRIVA CONFIRM |
| apache — cassandra | The default configuration in Apache Cassandra 1.2.0 through 1.2.19, 2.0.0 through 2.0.13, and 2.1.0 through 2.1.3 binds an unauthenticated JMX/RMI interface to all network interfaces, which allows remote attackers to execute arbitrary Java code via an RMI request. | 2015-04-03 | 7.5 | CVE-2015-0225 BUGTRAQ MLIST MISC |
| apple — apple_tv | IOHIDFamily in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted HID device. | 2015-04-10 | 7.2 | CVE-2015-1095 CONFIRM CONFIRM CONFIRM APPLE APPLE APPLE |
| apple — apple_tv | The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 does not properly handle TCP headers, which allows man-in-the-middle attackers to cause a denial of service via unspecified vectors. | 2015-04-10 | 7.1 | CVE-2015-1102 CONFIRM CONFIRM CONFIRM APPLE APPLE APPLE |
| apple — apple_tv | The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 makes routing changes in response to ICMP_REDIRECT messages, which allows remote attackers to cause a denial of service (network outage) or obtain sensitive packet-content information via a crafted ICMP packet. | 2015-04-10 | 7.5 | CVE-2015-1103 CONFIRM CONFIRM CONFIRM APPLE APPLE APPLE |
| apple — mac_os_x | The XPC implementation in Admin Framework in Apple OS X before 10.10.3 allows local users to bypass authentication and obtain admin privileges via unspecified vectors. | 2015-04-10 | 7.2 | CVE-2015-1130 CONFIRM APPLE |
| apple — mac_os_x | fontd in Apple Type Services (ATS) in Apple OS X before 10.10.3 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-1132, CVE-2015-1133, CVE-2015-1134, and CVE-2015-1135. | 2015-04-10 | 7.2 | CVE-2015-1131 CONFIRM APPLE |
| apple — mac_os_x | fontd in Apple Type Services (ATS) in Apple OS X before 10.10.3 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-1131, CVE-2015-1133, CVE-2015-1134, and CVE-2015-1135. | 2015-04-10 | 10.0 | CVE-2015-1132 CONFIRM APPLE |
| apple — mac_os_x | fontd in Apple Type Services (ATS) in Apple OS X before 10.10.3 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-1131, CVE-2015-1132, CVE-2015-1134, and CVE-2015-1135. | 2015-04-10 | 7.2 | CVE-2015-1133 CONFIRM APPLE |
| apple — mac_os_x | fontd in Apple Type Services (ATS) in Apple OS X before 10.10.3 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-1131, CVE-2015-1132, CVE-2015-1133, and CVE-2015-1135. | 2015-04-10 | 7.2 | CVE-2015-1134 CONFIRM APPLE |
| apple — mac_os_x | fontd in Apple Type Services (ATS) in Apple OS X before 10.10.3 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-1131, CVE-2015-1132, CVE-2015-1133, and CVE-2015-1134. | 2015-04-10 | 7.2 | CVE-2015-1135 CONFIRM APPLE |
| apple — mac_os_x | The NVIDIA graphics driver in Apple OS X before 10.10.3 allows local users to gain privileges or cause a denial of service (NULL pointer dereference) via an unspecified IOService userclient type. | 2015-04-10 | 7.2 | CVE-2015-1137 CONFIRM APPLE |
| apple — mac_os_x | Buffer overflow in IOHIDFamily in Apple OS X before 10.10.3 allows local users to gain privileges via unspecified vectors. | 2015-04-10 | 7.2 | CVE-2015-1140 CONFIRM APPLE |
| apple — mac_os_x | LaunchServices in Apple OS X before 10.10.3 allows local users to gain privileges via a crafted localized string, related to a “type confusion” issue. | 2015-04-10 | 7.2 | CVE-2015-1143 CONFIRM APPLE |
| apple — mac_os_x | Buffer overflow in the UniformTypeIdentifiers component in Apple OS X before 10.10.3 allows local users to gain privileges via a crafted Uniform Type Identifier. | 2015-04-10 | 7.2 | CVE-2015-1144 CONFIRM APPLE |
| apple — xcode | Integer overflow in the simulator in Swift in Apple Xcode before 6.3 allows context-dependent attackers to cause a denial of service or possibly have unspecified other impact by triggering an incorrect result of a type conversion. | 2015-04-10 | 7.5 | CVE-2015-1149 CONFIRM APPLE |
| arj_software — arj_archiver | Buffer overflow in Open-source ARJ archiver 3.10.22 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ARJ archive. | 2015-04-08 | 7.5 | CVE-2015-2782 MLIST MLIST DEBIAN |
| c-board_moyuku_project — c-board_moyuku | Unrestricted file upload vulnerability in app/lib/mlf.pl in C-BOARD Moyuku before 1.03b3 allows remote attackers to execute arbitrary code by uploading a file with a character in its name. | 2015-04-05 | 7.5 | CVE-2015-0877 CONFIRM JVNDB JVN |
| ca — spectrum | CA Spectrum 9.2.x and 9.3.x before 9.3 H02 does not properly validate serialized Java objects, which allows remote authenticated users to obtain administrative privileges via crafted object data. | 2015-04-07 | 9.0 | CVE-2015-2828 CONFIRM |
| cisco — unity_connection | The Connection Conversation Manager (aka CuCsMgr) process in Cisco Unity Connection 8.5 before 8.5(1)SU6, 8.6 before 8.6(2a)SU4, and 9.x before 9.1(2)SU2, when SIP trunk integration is enabled, allows remote attackers to cause a denial of service (SIP outage) via a crafted UDP packet, aka Bug ID CSCuh25062. | 2015-04-03 | 7.1 | CVE-2015-0612 SECTRACK CISCO |
| cisco — unity_connection | The Connection Conversation Manager (aka CuCsMgr) process in Cisco Unity Connection 8.5 before 8.5(1)SU7, 8.6 before 8.6(2a)SU4, 9.x before 9.1(2)SU2, and 10.0 before 10.0(1)SU1, when SIP trunk integration is enabled, allows remote attackers to cause a denial of service (core dump and restart) via crafted SIP INVITE messages, aka Bug ID CSCul20444. | 2015-04-03 | 7.1 | CVE-2015-0613 SECTRACK CISCO |
| cisco — unity_connection | The Connection Conversation Manager (aka CuCsMgr) process in Cisco Unity Connection 8.5 before 8.5(1)SU7, 8.6 before 8.6(2a)SU4, 9.x before 9.1(2)SU2, and 10.0 before 10.0(1)SU1, when SIP trunk integration is enabled, allows remote attackers to cause a denial of service (core dump and restart) via crafted SIP INVITE messages, aka Bug ID CSCul26267. | 2015-04-03 | 7.1 | CVE-2015-0614 SECTRACK CISCO |
| cisco — unity_connection | The call-handling implementation in Cisco Unity Connection 8.5 before 8.5(1)SU7, 8.6 before 8.6(2a)SU4, 9.x before 9.1(2)SU2, and 10.0 before 10.0(1)SU1, when SIP trunk integration is enabled, allows remote attackers to cause a denial of service (port consumption) by improperly terminating SIP sessions, aka Bug ID CSCul28089. | 2015-04-03 | 7.1 | CVE-2015-0615 SECTRACK CISCO |
| cisco — unity_connection | The Connection Conversation Manager (aka CuCsMgr) process in Cisco Unity Connection 8.5 before 8.5(1)SU7, 8.6 before 8.6(2a)SU4, and 9.x before 9.1(2)SU2, when SIP trunk integration is enabled, allows remote attackers to cause a denial of service (core dump and restart) by improperly terminating SIP TCP connections, aka Bug ID CSCul69819. | 2015-04-03 | 7.1 | CVE-2015-0616 SECTRACK CISCO |
| cisco — prime_data_center_network_manager | Directory traversal vulnerability in the fmserver servlet in Cisco Prime Data Center Network Manager (DCNM) before 7.1(1) allows remote attackers to read arbitrary files via a crafted pathname, aka Bug ID CSCus00241. | 2015-04-03 | 7.8 | CVE-2015-0666 SECTRACK CISCO |
| cisco — ios_xe | Cisco IOS XE 3.10.2S on an ASR 1000 device with an Embedded Services Processor (ESP) module, when NAT is enabled, allows remote attackers to cause a denial of service (module crash) via malformed H.323 packets, aka Bug ID CSCup21070. | 2015-04-03 | 7.1 | CVE-2015-0688 SECTRACK CISCO |
| gnu — glibc | The ADDW macro in stdio-common/vfscanf.c in the GNU C Library (aka glibc or libc6) before 2.21 does not properly consider data-type size during memory allocation, which allows context-dependent attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a long line containing wide characters that are improperly handled in a wscanf call. | 2015-04-08 | 7.5 | CVE-2015-1472 MLIST CONFIRM MLIST |
| hidemaru — editor | Buffer overflow in Saitoh Kikaku Maruo Editor 8.51 and earlier allows remote attackers to execute arbitrary code via a crafted .hmbook file. | 2015-04-03 | 7.5 | CVE-2015-0903 JVNDB JVN CONFIRM |
| ibm — rational_clearcase | The MSCAPI/MSCNG interface implementation in GSKit in IBM Rational ClearCase 7.1.2.x before 7.1.2.17, 8.0.0.x before 8.0.0.14, and 8.0.1.x before 8.0.1.7 does not properly generate random numbers, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors. | 2015-04-05 | 9.4 | CVE-2014-6221 CONFIRM SECTRACK |
| ibm — domino | The LDAP Server in IBM Domino 8.5.x before 8.5.3 FP6 IF6 and 9.x before 9.0.1 FP3 IF1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, aka SPR KLYH9SLRGM. | 2015-04-05 | 10.0 | CVE-2015-0117 CONFIRM SECTRACK |
| ibm — tivoli_storage_manager_fastback | FastBack Mount in IBM Tivoli Storage Manager FastBack 6.1.x before 6.1.11.1 allows remote attackers to execute arbitrary code by connecting to the Mount port. | 2015-04-05 | 7.5 | CVE-2015-0119 CONFIRM |
| ibm — domino | Buffer overflow in the SSLv2 implementation in IBM Domino 8.5.x before 8.5.1 FP5 IF3, 8.5.2 before FP4 IF3, 8.5.3 before FP6 IF6, 9.0 before IF7, and 9.0.1 before FP2 IF3 allows remote attackers to execute arbitrary code via unspecified vectors. | 2015-04-05 | 10.0 | CVE-2015-0134 CONFIRM SECTRACK |
| ibm — domino | Notes System Diagnostic (NSD) in IBM Domino 8.5.x before 8.5.3 FP6 IF6 and 9.x before 9.0.1 FP3 IF1 allows local users to obtain the System privilege via unspecified vectors, aka SPR TCHL9SST8V. | 2015-04-05 | 7.2 | CVE-2015-0179 CONFIRM SECTRACK |
| linux — linux_kernel | The IPv4 implementation in the Linux kernel before 3.18.8 does not properly consider the length of the Read-Copy Update (RCU) grace period for redirecting lookups in the absence of caching, which allows remote attackers to cause a denial of service (memory consumption or system crash) via a flood of packets. | 2015-04-05 | 7.8 | CVE-2015-1465 CONFIRM CONFIRM UBUNTU UBUNTU MLIST CONFIRM CONFIRM |
| oxide_project — oxide | Use-after-free vulnerability in Oxide before 1.5.6 and 1.6.x before 1.6.1 allows remote attackers to cause a denial of service (crash) or possible execute arbitrary code by deleting all WebContents while a RenderProcessHost instance still exists. | 2015-04-08 | 7.5 | CVE-2015-1317 CONFIRM UBUNTU |
| redhat — openstack | The puppet manifests in the Red Hat openstack-puppet-modules package before 2014.2.13-2 uses a default password of CHANGEME for the pcsd daemon, which allows remote attackers to execute arbitrary shell commands via unspecified vectors. | 2015-04-10 | 10.0 | CVE-2015-1842 CONFIRM REDHAT REDHAT |
| simple_ads_manager_project — simple_ads_manager | Multiple SQL injection vulnerabilities in sam-ajax-admin.php in the Simple Ads Manager plugin 2.5.94 and 2.5.96 for WordPress allow remote attackers to execute arbitrary SQL commands via a (1) hits[][] parameter in a sam_hits action; the (2) cstr parameter in a load_posts action; the (3) searchTerm parameter in a load_combo_data action; or the (4) subscriber, (5) contributor, (6) author, (7) editor, (8) admin, or (9) sadmin parameter in a load_users action. | 2015-04-06 | 7.5 | CVE-2015-2824 BUGTRAQ BUGTRAQ FULLDISC FULLDISC MISC |
Medium Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| apache — subversion | The (1) mod_dav_svn and (2) svnserve servers in Subversion 1.6.0 through 1.7.19 and 1.8.0 through 1.8.11 allow remote attackers to cause a denial of service (assertion failure and abort) via crafted parameter combinations related to dynamically evaluated revision numbers. | 2015-04-08 | 5.0 | CVE-2015-0248 MANDRIVA CONFIRM |
| apache — subversion | The mod_dav_svn server in Subversion 1.5.0 through 1.7.19 and 1.8.0 through 1.8.11 allows remote authenticated users to spoof the svn:author property via a crafted v1 HTTP protocol request sequences. | 2015-04-08 | 4.0 | CVE-2015-0251 MANDRIVA CONFIRM |
| apache — flex | Cross-site scripting (XSS) vulnerability in asdoc/templates/index.html in Apache Flex before 4.14.1 allows remote attackers to inject arbitrary web script or HTML by providing a crafted URI to JavaScript code generated by the asdoc component. | 2015-04-07 | 4.3 | CVE-2015-1773 BUGTRAQ |
| apple — iphone_os | CFURL in Apple iOS before 8.3 and Apple OS X before 10.10.3 does not properly validate URLs, which allows remote attackers to execute arbitrary code via a crafted web site. | 2015-04-10 | 6.8 | CVE-2015-1088 CONFIRM CONFIRM APPLE APPLE |
| apple — iphone_os | CFNetwork in Apple iOS before 8.3 and Apple OS X before 10.10.3 does not properly handle cookies during processing of redirects in HTTP responses, which allows remote attackers to bypass the Same Origin Policy via a crafted web site. | 2015-04-10 | 5.0 | CVE-2015-1089 CONFIRM CONFIRM APPLE APPLE |
| apple — iphone_os | CFNetwork in Apple iOS before 8.3 does not delete HTTP Strict Transport Security (HSTS) state information in response to a Safari history-clearing action, which allows attackers to obtain sensitive information by reading a history file. | 2015-04-10 | 5.0 | CVE-2015-1090 CONFIRM APPLE |
| apple — iphone_os | The CFNetwork Session component in Apple iOS before 8.3 and Apple OS X before 10.10.3 does not properly handle request headers during processing of redirects in HTTP responses, which allows remote attackers to bypass the Same Origin Policy via a crafted web site. | 2015-04-10 | 4.3 | CVE-2015-1091 CONFIRM CONFIRM APPLE APPLE |
| apple — apple_tv | NSXMLParser in Foundation in Apple iOS before 8.3 and Apple TV before 7.2 allows remote attackers to read arbitrary files via an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | 2015-04-10 | 5.0 | CVE-2015-1092 CONFIRM CONFIRM APPLE APPLE |
| apple — iphone_os | FontParser in Apple iOS before 8.3 and Apple OS X before 10.10.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file. | 2015-04-10 | 6.8 | CVE-2015-1093 CONFIRM CONFIRM APPLE APPLE |
| apple — iphone_os | iWork in Apple iOS before 8.3 and Apple OS X before 10.10.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted iWork file. | 2015-04-10 | 6.8 | CVE-2015-1098 CONFIRM CONFIRM APPLE APPLE |
| apple — apple_tv | The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 does not properly determine whether an IPv6 packet had a local origin, which allows remote attackers to bypass an intended network-filtering protection mechanism via a crafted packet. | 2015-04-10 | 5.0 | CVE-2015-1104 CONFIRM CONFIRM CONFIRM APPLE APPLE APPLE |
| apple — apple_tv | The TCP implementation in the kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 does not properly implement the Urgent (aka out-of-band data) mechanism, which allows remote attackers to cause a denial of service via crafted packets. | 2015-04-10 | 5.0 | CVE-2015-1105 CONFIRM CONFIRM CONFIRM APPLE APPLE APPLE |
| apple — apple_tv | The Podcasts component in Apple iOS before 8.3 and Apple TV before 7.2 allows remote attackers to discover unique identifiers by reading asset-download request data. | 2015-04-10 | 5.0 | CVE-2015-1110 CONFIRM CONFIRM APPLE APPLE |
| apple — iphone_os | Safari in Apple iOS before 8.3 does not delete Recently Closed Tabs data in response to a history-clearing action, which allows attackers to obtain sensitive information by reading a history file. | 2015-04-10 | 5.0 | CVE-2015-1111 CONFIRM APPLE |
| apple — safari | Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, as used on iOS before 8.3 and other platforms, does not properly delete browsing-history data from the history.plist file, which allows attackers to obtain sensitive information by reading this file. | 2015-04-10 | 5.0 | CVE-2015-1112 CONFIRM CONFIRM APPLE APPLE |
| apple — apple_tv | libnetcore in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to cause a denial of service (memory corruption and application crash) via a crafted configuration profile. | 2015-04-10 | 5.0 | CVE-2015-1118 CONFIRM CONFIRM CONFIRM APPLE APPLE APPLE |
| apple — apple_tv | WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-04-08-1, APPLE-SA-2015-04-08-3, and APPLE-SA-2015-04-08-4. | 2015-04-10 | 6.8 | CVE-2015-1119 CONFIRM CONFIRM CONFIRM APPLE APPLE APPLE |
| apple — apple_tv | WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-04-08-1, APPLE-SA-2015-04-08-3, and APPLE-SA-2015-04-08-4. | 2015-04-10 | 6.8 | CVE-2015-1120 CONFIRM CONFIRM CONFIRM APPLE APPLE APPLE |
| apple — apple_tv | WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-04-08-1, APPLE-SA-2015-04-08-3, and APPLE-SA-2015-04-08-4. | 2015-04-10 | 6.8 | CVE-2015-1121 CONFIRM CONFIRM CONFIRM APPLE APPLE APPLE |
| apple — apple_tv | WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-04-08-1, APPLE-SA-2015-04-08-3, and APPLE-SA-2015-04-08-4. | 2015-04-10 | 6.8 | CVE-2015-1122 CONFIRM CONFIRM CONFIRM APPLE APPLE APPLE |
| apple — apple_tv | WebKit, as used in Apple iOS before 8.3 and Apple TV before 7.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-04-08-3 and APPLE-SA-2015-04-08-4. | 2015-04-10 | 6.8 | CVE-2015-1123 CONFIRM CONFIRM APPLE APPLE |
| apple — apple_tv | WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-04-08-1, APPLE-SA-2015-04-08-3, and APPLE-SA-2015-04-08-4. | 2015-04-10 | 6.8 | CVE-2015-1124 CONFIRM CONFIRM CONFIRM APPLE APPLE APPLE |
| apple — iphone_os | The touch-events implementation in WebKit in Apple iOS before 8.3 allows remote attackers to trigger an association between a tap and an unintended web resource via a crafted web site. | 2015-04-10 | 4.3 | CVE-2015-1125 CONFIRM APPLE |
| apple — safari | WebKit, as used in Apple iOS before 8.3 and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, does not properly handle the userinfo field in FTP URLs, which allows remote attackers to trigger incorrect resource access via unspecified vectors. | 2015-04-10 | 4.3 | CVE-2015-1126 CONFIRM CONFIRM APPLE APPLE |
| apple — safari | The private-browsing implementation in Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5 allows attackers to obtain sensitive browsing-history information via vectors involving push-notification requests. | 2015-04-10 | 5.0 | CVE-2015-1128 CONFIRM APPLE |
| apple — safari | Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5 does not properly select X.509 client certificates, which makes it easier for remote attackers to track users via a crafted web site. | 2015-04-10 | 4.3 | CVE-2015-1129 CONFIRM APPLE |
| apple — mac_os_x | Use-after-free vulnerability in CoreAnimation in Apple OS X before 10.10.3 allows remote attackers to execute arbitrary code by leveraging improper use of a mutex. | 2015-04-10 | 6.8 | CVE-2015-1136 CONFIRM APPLE |
| apple — mac_os_x | Hypervisor in Apple OS X before 10.10.3 allows local users to cause a denial of service via unspecified vectors. | 2015-04-10 | 4.9 | CVE-2015-1138 CONFIRM APPLE |
| apple — mac_os_x | ImageIO in Apple OS X before 10.10.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted .sgi file. | 2015-04-10 | 6.8 | CVE-2015-1139 CONFIRM APPLE |
| apple — mac_os_x | The mach_vm_read functionality in the kernel in Apple OS X before 10.10.3 allows local users to cause a denial of service (system crash) via unspecified vectors. | 2015-04-10 | 4.9 | CVE-2015-1141 CONFIRM APPLE |
| apple — mac_os_x | Open Directory Client in Apple OS X before 10.10.3 sends unencrypted password-change requests in certain circumstances involving missing certificates, which allows remote attackers to obtain sensitive information by sniffing the network. | 2015-04-10 | 5.0 | CVE-2015-1147 CONFIRM APPLE |
| apple — mac_os_x | Screen Sharing in Apple OS X before 10.10.3 stores the password of a user in a log file, which might allow context-dependent attackers to obtain sensitive information by reading this file. | 2015-04-10 | 5.0 | CVE-2015-1148 CONFIRM APPLE |
| arj_software — arj_archiver | Open-source ARJ archiver 3.10.22 allows remote attackers to conduct directory traversal attacks via a symlink attack in an ARJ archive. | 2015-04-08 | 5.8 | CVE-2015-0556 CONFIRM MLIST MLIST DEBIAN |
| arj_software — arj_archiver | Open-source ARJ archiver 3.10.22 does not properly remove leading slashes from paths, which allows remote attackers to conduct absolute path traversal attacks and write to arbitrary files via multiple leading slashes in a path in an ARJ archive. | 2015-04-08 | 5.8 | CVE-2015-0557 CONFIRM MLIST MLIST DEBIAN |
| bblog_project — bblog | Cross-site request forgery (CSRF) vulnerability in bBlog allows remote attackers to hijack the authentication of arbitrary users. | 2015-04-07 | 6.8 | CVE-2015-0905 MISC JVNDB JVN |
| cisco — unified_communications_domain_manager | Cisco Unified Communications Domain Manager 8.1(4) allows remote authenticated users to execute arbitrary code by visiting a “deprecated page,” aka Bug ID CSCup90168. | 2015-04-03 | 6.5 | CVE-2015-0682 SECTRACK CISCO |
| cisco — unified_communications_domain_manager | Cisco Unified Communications Domain Manager 8.1(4) allows remote authenticated users to obtain sensitive information via a file-inclusion attack, aka Bug ID CSCup94744. | 2015-04-03 | 4.0 | CVE-2015-0683 SECTRACK CISCO |
| cisco — unified_communications_domain_manager | SQL injection vulnerability in the Image Management component in Cisco Unified Communications Domain Manager 8.1(4) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuq52515. | 2015-04-03 | 6.5 | CVE-2015-0684 SECTRACK CISCO |
| cisco — wireless_lan_controller_software | Cross-site scripting (XSS) vulnerability in the HTML help system on Cisco Wireless LAN Controller (WLC) devices before 8.0 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCun95178. | 2015-04-06 | 4.3 | CVE-2015-0690 SECTRACK CISCO |
| emc — powerpath_virtual_appliance | EMC PowerPath Virtual Appliance (aka vApp) before 2.0 has default passwords for the (1) emcupdate and (2) svcuser accounts, which makes it easier for remote attackers to obtain potentially sensitive information via a login session. | 2015-04-04 | 5.0 | CVE-2015-0529 BUGTRAQ MISC |
| ericsson — drutt_mobile_service_delivery_platform | Multiple cross-site scripting (XSS) vulnerabilities in the Report Viewer in Ericsson Drutt Mobile Service Delivery Platform (MSDP) 4, 5, and 6 allow remote attackers to inject arbitrary web script or HTML via the (1) portal, (2) fromDate, (3) toDate, (4) fromTime, (5) toTime, (6) kword, (7) uname, (8) pname, (9) sname, (10) atype, or (11) atitle parameter to top-links.jsp; (12) portal or (13) uid parameter to (a) page-summary.jsp or (b) service-summary.jsp; (14) portal, (15) fromDate, (16) toDate, (17) fromTime, (18) toTime, (19) sortDirection, (20) kword, (21) uname, (22) pname, (23) sname, (24) file, (25) atype, or (26) atitle parameter to (a) top-useragent-devices.jsp or (b) top-interest-areas.jsp; (27) fromDate, (28) toDate, (29) fromTime, (30) toTime, (31) sortDirection, (32) kword, (33) uname, (34) pname, (35) sname, (36) file, (37) atype, or (38) atitle parameter to top-message-services.jsp; (39) portal, (40) fromDate, (41) toDate, (42) fromTime, (43) toTime, (44) orderBy, (45) sortDirection, (46) kword, (47) uname, (48) pname, (49) sname, (50) file, (51) atype, or (52) atitle parameter to (a) user-statistics.jsp, (b) top-web-pages.jsp, (c) top-devices.jsp, (d) top-pages.jsp, (e) session-summary.jsp, (f) top-providers.jsp, (g) top-modules.jsp, or (h) top-services.jsp; (53) fromDate, (54) toDate, (55) fromTime, (56) toTime, (57) orderBy, (58) sortDirection, (59) uid, (60) uid2, (61) kword, (62) uname, (63) pname, (64) sname, (65) file, (66) atype, or (67) atitle parameter to message-shortcode-summary.jsp; (68) fromDate, (69) toDate, (70) fromTime, (71) toTime, (72) orderBy, (73) sortDirection, (74) uid, (75) kword, (76) uname, (77) pname, (78) sname, (79) file, (80) atype, or (81) atitle parameter to (a) message-providers-summary.jsp or (b) message-services-summary.jsp; (82) kword, (83) uname, (84) pname, (85) sname, (86) file, (87) atype, or (88) atitle parameter to license-summary.jsp; (89) portal, (90) fromDate, (91) toDate, (92) fromTime, (93) toTime, (94) orderBy, (95) sortDirection, (96) uid, (97) uid2, (98) kword, (99) uname, (100) pname, (101) sname, (102) file, (103) atype, or (104) atitle parameter to useragent-device-summary.jsp; (105) fromDate, (106) toDate, (107) fromTime, (108) toTime, (109) orderBy, (110) sortDirection, (111) kword, (112) uname, (113) pname, (114) sname, (115) file, (116) atype, or (117) atitle parameter to (a) top-message-providers.jsp, (b) top-message-devices.jsp, (c) top-message-assets.jsp, (d) top-message-downloads.jsp, or (e) top-message-shortcode.jsp; (118) fromDate, (119) toDate, (120) fromTime, (121) toTime, (122) kword, (123) uname, (124) pname, (125) sname, (126) file, (127) atype, or (128) atitle parameter to request-summary.jsp; (129) portal parameter to link-summary-select.jsp, (130) provider-summary-select.jsp, or (131) module-summary-select.jsp; (132) portal, (133) uid, (134) kword, (135) uname, (136) pname, (137) sname, (138) file, (139) atype, or (140) atitle parameter to link-summary.jsp; (141) portal, (142) fromDate, (143) toDate, (144) fromTime, (145) toTime, (146) orderBy, (147) sortDirection, (148) uid, (149) kword, (150) uname, (151) pname, (152) sname, (153) file, (154) atype, or (155) atitle parameter to (a) provider-summary.jsp or (b) module-summary.jsp in reports/pages/. | 2015-04-06 | 4.3 | CVE-2015-2165 MISC |
| ericsson — drutt_mobile_service_delivery_platform | Directory traversal vulnerability in the Instance Monitor in Ericsson Drutt Mobile Service Delivery Platform (MSDP) 4, 5, and 6 allows remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the default URI. | 2015-04-06 | 5.0 | CVE-2015-2166 MISC |
| ericsson — drutt_mobile_service_delivery_platform | Open redirect vulnerability in the 3PI Manager in Ericsson Drutt Mobile Service Delivery Platform (MSDP) 4, 5, and 6 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter to jsp/start-3pi-manager.jsp. | 2015-04-06 | 5.8 | CVE-2015-2167 MISC |
| gnu — glibc | The ADDW macro in stdio-common/vfscanf.c in the GNU C Library (aka glibc or libc6) before 2.21 does not properly consider data-type size during a risk-management decision for use of the alloca function, which might allow context-dependent attackers to cause a denial of service (segmentation violation) or overwrite memory locations beyond the stack boundary via a long line containing wide characters that are improperly handled in a wscanf call. | 2015-04-08 | 6.4 | CVE-2015-1473 CONFIRM MLIST |
| ibm — websphere_datapower_xc10_appliance_firmware | The IBM WebSphere DataPower XC10 appliance 2.1 before 2.1.0.3 allows remote attackers to hijack the sessions of arbitrary users, and consequently obtain sensitive information or modify data, via unspecified vectors. | 2015-04-05 | 6.8 | CVE-2015-1893 CONFIRM SECTRACK AIXAPAR |
| mcafee — advanced_threat_defense | McAfee Advanced Threat Defense (MATD) before 3.4.4.63 allows remote authenticated users to bypass intended restrictions and change or update configuration settings via crafted parameters. | 2015-04-08 | 5.5 | CVE-2015-3028 CONFIRM |
| mcafee — advanced_threat_defense | The web interface in McAfee Advanced Threat Defense (MATD) before 3.4.4.63 does not properly restrict access, which allows remote authenticated users to obtain sensitive information via unspecified vectors. | 2015-04-08 | 4.0 | CVE-2015-3029 CONFIRM |
| mcafee — advanced_threat_defense | The web interface in McAfee Advanced Threat Defense (MATD) before 3.4.4.63 allows remote authenticated users to obtain sensitive configuration information via unspecified vectors. | 2015-04-08 | 4.0 | CVE-2015-3030 CONFIRM |
| mozilla — firefox | The Reader mode feature in Mozilla Firefox before 37.0.1 on Android, and Desktop Firefox pre-release, does not properly handle privileged URLs, which makes it easier for remote attackers to execute arbitrary JavaScript code with chrome privileges by leveraging the ability to bypass the Same Origin Policy. | 2015-04-08 | 5.0 | CVE-2015-0798 CONFIRM CONFIRM |
| mozilla — firefox | The HTTP Alternative Services feature in Mozilla Firefox before 37.0.1 allows man-in-the-middle attackers to bypass an intended X.509 certificate-verification step for an SSL server by specifying that server in the uri-host field of an Alt-Svc HTTP/2 response header. | 2015-04-08 | 4.3 | CVE-2015-0799 CONFIRM CONFIRM |
| ntp — ntp | The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP 3.x and 4.x before 4.2.8p2 performs state-variable updates upon receiving certain invalid packets, which makes it easier for man-in-the-middle attackers to cause a denial of service (synchronization loss) by spoofing the source IP address of a peer. | 2015-04-08 | 4.3 | CVE-2015-1799 CERT-VN CONFIRM CONFIRM |
| pfsense — pfsense | Cross-site request forgery (CSRF) vulnerability in system_firmware_restorefullbackup.php in the WebGUI in pfSense before 2.2.1 allows remote attackers to hijack the authentication of administrators for requests that delete arbitrary files via the deletefile parameter. | 2015-04-10 | 6.8 | CVE-2015-2295 CONFIRM MISC BUGTRAQ MISC |
| qualiteam — x-cart | Cross-site scripting (XSS) vulnerability in admin.php in X-Cart 5.1.6 through 5.1.10 allows remote attackers to inject arbitrary web script or HTML via the substring parameter. | 2015-04-04 | 4.3 | CVE-2015-0950 CERT-VN CONFIRM |
| qualiteam — x-cart | X-Cart before 5.1.11 allows remote authenticated users to read or delete address data of arbitrary accounts via a modified (1) update or (2) remove request. | 2015-04-04 | 6.5 | CVE-2015-0951 CERT-VN CONFIRM |
| quassel-irc — quassel | Quassel before 0.12-rc1 uses an incorrect data-type size when splitting a message, which allows remote attackers to cause a denial of service (crash) via a long CTCP query containing only multibyte characters. | 2015-04-10 | 5.0 | CVE-2015-2778 CONFIRM MLIST MLIST MLIST SUSE |
| redhat — docker | The Red Hat docker package before 1.5.0-28, when using the –add-registry option, falls back to HTTP when the HTTPS connection to the registry fails, which allows man-in-the-middle attackers to conduct downgrade attacks and obtain authentication and image data by leveraging a network position between the client and the registry to block HTTPS traffic. NOTE: this vulnerability exists because of a CVE-2014-5277 regression. | 2015-04-06 | 4.3 | CVE-2015-1843 CONFIRM REDHAT |
| saurus — saurus_cms | Multiple cross-site scripting (XSS) vulnerabilities in the print_language_selectbox function in classes/adminpage.inc.php in Saurus CMS Community Edition before 4.7 2015-02-04 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2015-04-06 | 4.3 | CVE-2015-0876 CONFIRM JVNDB JVN |
| schneider-electric — vampset | Multiple buffer overflows in Schneider Electric VAMPSET before 2.2.168 allow local users to gain privileges via malformed disturbance-recording data in a (1) CFG or (2) DAT file. | 2015-04-03 | 4.4 | CVE-2014-8390 MISC CONFIRM BUGTRAQ MISC |
| siemens — simatic_step_7 | Siemens SIMATIC STEP 7 (TIA Portal) 12 and 13 before 13 SP1 Upd1 allows man-in-the-middle attackers to obtain sensitive information or modify transmitted data via unspecified vectors. | 2015-04-05 | 6.8 | CVE-2015-1601 CONFIRM |
| siemens — wincc | Siemens SIMATIC HMI Comfort Panels before WinCC (TIA Portal) 13 SP1 Upd2 and SIMATIC WinCC Runtime Advanced before WinCC (TIA Portal) 13 SP1 Upd2 allow man-in-the-middle attackers to cause a denial of service via crafted packets on TCP port 102. | 2015-04-08 | 4.3 | CVE-2015-2822 CONFIRM |
| siemens — wincc | Siemens SIMATIC HMI Basic Panels 2nd Generation before WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC HMI Comfort Panels before WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC WinCC Runtime Advanced before WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC WinCC Runtime Professional before WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC HMI Basic Panels 1st Generation (WinCC TIA Portal), SIMATIC HMI Mobile Panel 277 (WinCC TIA Portal), SIMATIC HMI Multi Panels (WinCC TIA Portal), and SIMATIC WinCC 7.x before 7.3 Upd4 allow remote attackers to complete authentication by leveraging knowledge of a password hash without knowledge of the associated password. | 2015-04-08 | 6.8 | CVE-2015-2823 CONFIRM |
Low Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| apple — iphone_os | AppleKeyStore in Apple iOS before 8.3 does not properly restrict a certain passcode-confirmation interface, which makes it easier for attackers to verify correct passcode guesses via a crafted app. | 2015-04-10 | 1.9 | CVE-2015-1085 CONFIRM APPLE |
| apple — iphone_os | Directory traversal vulnerability in Backup in Apple iOS before 8.3 allows attackers to read arbitrary files via a crafted relative path. | 2015-04-10 | 2.1 | CVE-2015-1087 CONFIRM APPLE |
| apple — iphone_os | The QuickType feature in the Keyboards subsystem in Apple iOS before 8.3 allows physically proximate attackers to discover passcodes by reading the lock screen during use of a Bluetooth keyboard. | 2015-04-10 | 2.1 | CVE-2015-1106 CONFIRM APPLE |
| apple — iphone_os | The Lock Screen component in Apple iOS before 8.3 does not properly implement the erasure feature for incorrect passcode-authentication attempts, which makes it easier for physically proximate attackers to obtain access by making many passcode guesses. | 2015-04-10 | 1.9 | CVE-2015-1107 CONFIRM APPLE |
| apple — iphone_os | The Lock Screen component in Apple iOS before 8.3 does not properly enforce the limit on incorrect passcode-authentication attempts, which makes it easier for physically proximate attackers to obtain access by making many passcode guesses. | 2015-04-10 | 2.1 | CVE-2015-1108 CONFIRM APPLE |
| apple — iphone_os | NetworkExtension in Apple iOS before 8.3 stores credentials in VPN configuration logs, which makes it easier for physically proximate attackers to obtain sensitive information by reading a log file. | 2015-04-10 | 2.1 | CVE-2015-1109 CONFIRM APPLE |
| apple — iphone_os | The UIKit View component in Apple iOS before 8.3 displays unblurred application snapshots in the Task Switcher, which makes it easier for physically proximate attackers to obtain sensitive information by reading the device screen. | 2015-04-10 | 2.1 | CVE-2015-1116 CONFIRM APPLE |
| apple — safari | The private-browsing implementation in WebKit in Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5 places browsing history into an index, which might allow local users to obtain sensitive information by reading index entries. | 2015-04-10 | 2.1 | CVE-2015-1127 CONFIRM APPLE |
| apple — mac_os_x | LaunchServices in Apple OS X before 10.10.3 allows local users to cause a denial of service (Finder crash) via crafted localization data. | 2015-04-10 | 2.1 | CVE-2015-1142 CONFIRM APPLE |
| apple — mac_os_x | The Code Signing implementation in Apple OS X before 10.10.3 does not properly validate signatures, which allows local users to bypass intended access restrictions via a crafted bundle, a different vulnerability than CVE-2015-1146. | 2015-04-10 | 1.9 | CVE-2015-1145 CONFIRM APPLE |
| apple — mac_os_x | The Code Signing implementation in Apple OS X before 10.10.3 does not properly validate signatures, which allows local users to bypass intended access restrictions via a crafted bundle, a different vulnerability than CVE-2015-1145. | 2015-04-10 | 1.9 | CVE-2015-1146 CONFIRM APPLE |
| ca — spectrum | Cross-site scripting (XSS) vulnerability in CA Spectrum 9.2.x and 9.3.x before 9.3 H02 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 2015-04-07 | 3.5 | CVE-2015-2827 CONFIRM |
| freebsd — freebsd | The bsdinstall installer in FreeBSD 10.x before 10.1 p9, when configuring full disk encrypted ZFS, uses world-readable permissions for the GELI keyfile (/boot/encryption.key), which allows local users to obtain sensitive key information by reading the file. | 2015-04-10 | 2.1 | CVE-2015-1415 FREEBSD SECTRACK BUGTRAQ MISC |
| hp — intelligent_provisioning | Unspecified vulnerability in HP Intelligent Provisioning 1.40 through 1.60 on Windows Server 2008 R2 and 2012 allows local users to obtain sensitive information via unknown vectors. | 2015-04-03 | 2.1 | CVE-2015-2111 HP |
| ibm — general_parallel_file_system | /usr/lpp/mmfs/bin/gpfs.snap in IBM General Parallel File System (GPFS) 4.1 before 4.1.0.7 produces an archive potentially containing cleartext keys, and lacks a warning about reviewing this archive to detect included keys, which might allow remote attackers to obtain sensitive information by leveraging access to a technical-support data stream. | 2015-04-05 | 3.5 | CVE-2015-1890 CONFIRM |
| ntp — ntp | The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p2 requires a correct MAC only if the MAC field has a nonzero length, which makes it easier for man-in-the-middle attackers to spoof packets by omitting the MAC. | 2015-04-08 | 1.8 | CVE-2015-1798 CERT-VN CONFIRM CONFIRM |
| siemens — simatic_step_7 | Siemens SIMATIC STEP 7 (TIA Portal) 12 and 13 before 13 SP1 Upd1 improperly stores password data within project files, which makes it easier for local users to determine cleartext (1) protection-level passwords or (2) web-server passwords by leveraging the ability to read these files. | 2015-04-05 | 2.1 | CVE-2015-1602 CONFIRM |
| xen — xen | drivers/xen/usbback/usbback.c in linux-2.6.18-xen-3.4.0 (aka the Xen 3.4.x support patches for the Linux kernel 2.6.18), as used in the Linux kernel 2.6.x and 3.x in SUSE Linux distributions, allows guest OS users to obtain sensitive information from uninitialized locations in host OS kernel memory via unspecified vectors. | 2015-04-05 | 2.1 | CVE-2015-0777 CONFIRM SUSE |
This product is provided subject to this Notification and this Privacy & Use policy.
Avast Mobile Security: What’s not to love?
Mobile is attractive to cybercrooks
Our mobile phones are fantastic little devices — these days, they’re as powerful and can accomplish nearly all the things a regular computer can. While this is convenient for us, it also gives cybercrooks a relatively easy in-road to your private data and financial information. As 2015 rolls along, consumers continue to become more aware of mobile security options available to them, since they will increasingly use mobile apps that contain sensitive banking, financial, and personal health information.
Last year, more than 1 billion Android devices were shipped out to customers around the world. With Android winning the majority of the smartphone market, it offers a tempting target to malware authors. The average user is not especially concerned about being infected with a virus on their phone or tablet, but unfortunately, mobile malware is more than just a myth. Avast currently has more than one million samples of mobile malware in its database, with 2,850 new mobile threats being created every day by hackers.
Even if you think your chances of being infected with malware are low, we suggest that you go ahead and install a good mobile antivirus software. The great thing about Avast Mobile Security is that it’s free, so your investment is minimal – just a few minutes of setup and you’re ready to go.
Avast Mobile Security includes antivirus protection which scans your apps to see what they are doing, and a Web shield that scans URLs for malware or phishing. Malicious apps allow malware to enter your phone, so it’s good to have Avast on your side to detect when a bad one slips by on Google Play or another app store.
When taking a look at Avast Mobile Security’s features and capabilities, it’s easy to see why it’s a top-rated mobile security app.
AV-TEST All-Stars
Avast Mobile Security did not commit any mistakes when tested with 1,932 legitimate apps from the Google Play Store and 981 legitimate apps from third party app stores. In addition, all this protection, according to AV-TEST, did not “impact the battery life”, or “slow down the device during normal usage”, and “does not generate too much traffic”.
To compare the choices of mobile antivirus software, you can look at the January 2015 “Mobile Security Test” conducted by the independent labs at AV-TEST. They looked at 31 popular Android security apps. Avast Mobile Security tops the list because it detected 100% of malicious apps without any impact on the battery life or slowing down of the device.
AMS Referral Program
In the latest update of Avast Mobile Security, we added a referral program, so you can recommend Avast Mobile Security to your friends and family. Not only can you recommend the best mobile security app available on Google Play, but you will be rewarded for doing so; you can earn up to three months of Avast Mobile Premium for free!
Here is how it works: For every five friends you send an SMS to recommending Avast, you get one free month of Avast Mobile Premium. Cool, huh?
There you have it — we’re huge fans of Avast Mobile Security, and we think you will be too. Download Avast Mobile Security for free on Google Play.
CVE-2014-9714
Cross-site scripting (XSS) vulnerability in the WddxPacket::recursiveAddVar function in HHVM (aka the HipHop Virtual Machine) before 3.5.0 allows remote attackers to inject arbitrary web script or HTML via a crafted string to the wddx_serialize_value function.
CVE-2015-0840
The dpkg-source command in Debian dpkg before 1.16.16 and 1.17.x before 1.17.25 allows remote attackers to bypass signature verification via a crafted Debian source control file (.dsc).
CVE-2015-2775
Directory traversal vulnerability in GNU Mailman before 2.1.20, when not using a static alias, allows remote attackers to execute arbitrary files via a .. (dot dot) in a list name.
CVE-2015-2846
BitTorrent Sync allows remote attackers to execute arbitrary commands via a crafted btsync: link.
CVE-2015-2931
Incomplete blacklist vulnerability in includes/upload/UploadBase.php in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via an application/xml MIME type for a nested SVG with a data: URI.