The (1) udp_recvmsg and (2) udpv6_recvmsg functions in the Linux kernel before 4.0.6 do not properly consider yielding a processor, which allows remote attackers to cause a denial of service (system hang) via incorrect checksums within a UDP packet flood.
Monthly Archives: August 2015
CVE-2015-5366 (linux_kernel)
The (1) udp_recvmsg and (2) udpv6_recvmsg functions in the Linux kernel before 4.0.6 provide inappropriate -EAGAIN return values, which allows remote attackers to cause a denial of service (EPOLLET epoll application read outage) via an incorrect checksum in a UDP packet, a different vulnerability than CVE-2015-5364.
CVE-2015-5697 (linux_kernel)
The get_bitmap_file function in drivers/md/md.c in the Linux kernel before 4.1.6 does not initialize a certain bitmap data structure, which allows local users to obtain sensitive information from kernel memory via a GET_BITMAP_FILE ioctl call.
CVE-2015-5706 (linux_kernel)
Use-after-free vulnerability in the path_openat function in fs/namei.c in the Linux kernel 3.x and 4.x before 4.0.4 allows local users to cause a denial of service or possibly have unspecified other impact via O_TMPFILE filesystem operations that leverage a duplicate cleanup operation.
CVE-2015-5717 (compas)
The Siemens COMPAS Mobile application before 1.6 for Android does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
6 Teenagers Arrested For Using Lizard Stresser
If you think using the Lizard Stresser service is a good (or cool) idea, think again!
The post 6 Teenagers Arrested For Using Lizard Stresser appeared first on Avira Blog.
SB15-243: Vulnerability Summary for the Week of August 24, 2015
Original release date: August 31, 2015
The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.
The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
-
High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0
-
Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9
-
Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9
Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.
High Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
actiontec — _ncs01_firmware | Actiontec GT784WN modems with firmware before NCS01-1.0.13 have hardcoded credentials, which makes it easier for remote attackers to obtain root access by connecting to the web administration interface. | 2015-08-23 | 8.3 | CVE-2015-2904 CERT-VN |
adobe — air | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-5127, CVE-2015-5130, CVE-2015-5134, CVE-2015-5539, CVE-2015-5540, CVE-2015-5550, CVE-2015-5551, CVE-2015-5556, CVE-2015-5557, CVE-2015-5559, CVE-2015-5561, CVE-2015-5563, CVE-2015-5564, and CVE-2015-5565. | 2015-08-24 | 10.0 | CVE-2015-5566 CONFIRM |
apache — tapestry | Apache Tapestry before 5.3.6 relies on client-side object storage without checking whether a client has modified an object, which allows remote attackers to cause a denial of service (resource consumption) or execute arbitrary code via crafted serialized data. | 2015-08-22 | 7.8 | CVE-2014-1972 CONFIRM CONFIRM JVNDB JVN |
apache — activemq | The LDAPLoginModule implementation the Java Authentication and Authorization Service (JAAS) in Apache ActiveMQ 5.x before 5.10.1 allows remote attackers to bypass authentication by logging in with an empty password and valid username, which triggers an unauthenticated bind. NOTE: this identifier has been SPLIT per ADT2 due to different vulnerability types. See CVE-2015-6524 for the use of wildcard operators in usernames. | 2015-08-24 | 7.5 | CVE-2014-3612 BID MLIST REDHAT REDHAT CONFIRM |
drupal — drupal | SQL injection vulnerability in the SQL comment filtering system in the Database API in Drupal 7.x before 7.39 allows remote attackers to execute arbitrary SQL commands via an SQL comment. | 2015-08-24 | 7.5 | CVE-2015-6659 CONFIRM |
f5 — big-ip_access_policy_manager | Memory leak in the virtual server component in F5 Big-IP LTM, AAM, AFM, Analytics, APM, ASM, GTM, Link Controller, and PEM 11.5.x before 11.5.1 HF10, 11.5.3 before HF1, and 11.6.0 before HF5, BIG-IQ Cloud, Device, and Security 4.4.0 through 4.5.0, and BIG-IQ ADC 4.5.0 allows remote attackers to cause a denial of service (memory consumption) via a large number of crafted ICMP packets. | 2015-08-24 | 7.8 | CVE-2015-5058 CONFIRM SECTRACK |
hp — operations_manager_i | Unspecified vulnerability in HP Operations Manager i (OMi) 9.22, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote attackers to execute arbitrary code via unknown vectors. | 2015-08-22 | 10.0 | CVE-2015-2137 HP |
hp — hspa+_gobi_4g | The HP lt4112 LTE/HSPA+ Gobi 4G module with firmware before 12.500.00.15.1803 on EliteBook, ElitePad, Elite, ProBook, Spectre, ZBook, and mt41 Thin Client devices allows remote attackers to modify data or cause a denial of service, or execute arbitrary code, via unspecified vectors. | 2015-08-27 | 7.8 | CVE-2015-5368 HP |
hp — systems_insight_manager | HP Systems Insight Manager (SIM) before 7.5.0, as used in HP Matrix Operating Environment before 7.5.0 and other products, allows local users to gain privileges, and consequently obtain sensitive information, modify data, or cause a denial of service, via unspecified vectors. | 2015-08-26 | 7.2 | CVE-2015-5402 HP HP |
hp — systems_insight_manager | HP Systems Insight Manager (SIM) before 7.5.0, as used in HP Matrix Operating Environment before 7.5.0 and other products, allows remote attackers to obtain sensitive information or modify data via unspecified vectors. | 2015-08-26 | 7.5 | CVE-2015-5404 HP HP |
hp — centralview_credit_risk_control | HP CentralView Fraud Risk Management 11.1, 11.2, and 11.3; CentralView Revenue Leakage Control 4.1, 4.2, and 4.3; CentralView Dealer Performance Audit 2.0 and 2.1; CentralView Credit Risk Control 2.1, 2.2, and 2.3; CentralView Roaming Fraud Control 2.1, 2.2, and 2.3; and CentralView Subscription Fraud Prevention 2.0 and 2.1 allow remote attackers to obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2015-5407 and CVE-2015-5408. | 2015-08-22 | 9.0 | CVE-2015-5406 HP |
hp — version_control_repository_manager | Buffer overflow in HP Version Control Repository Manager (VCRM) before 7.5.0 allows remote authenticated users to modify data or cause a denial of service via unspecified vectors. | 2015-08-26 | 7.5 | CVE-2015-5409 HP |
hp — keyview | Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2875. | 2015-08-24 | 7.5 | CVE-2015-5416 HP |
hp — keyview | Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2876. | 2015-08-24 | 7.5 | CVE-2015-5417 HP |
hp — keyview | Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2877. | 2015-08-24 | 7.5 | CVE-2015-5418 HP |
hp — keyview | Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2879. | 2015-08-24 | 7.5 | CVE-2015-5419 HP |
hp — keyview | Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2880. | 2015-08-24 | 7.5 | CVE-2015-5420 HP |
hp — keyview | Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2881. | 2015-08-24 | 7.5 | CVE-2015-5421 HP |
hp — keyview | Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2883. | 2015-08-24 | 7.5 | CVE-2015-5422 HP |
hp — keyview | Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2884. | 2015-08-24 | 7.5 | CVE-2015-5423 HP |
hp — keyview | Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2885. | 2015-08-24 | 7.5 | CVE-2015-5424 HP |
hp — matrix_operating_environment | HP Matrix Operating Environment before 7.5.0 allows remote attackers to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2015-5428 and CVE-2015-5429. | 2015-08-26 | 7.5 | CVE-2015-5427 HP |
hp — matrix_operating_environment | HP Matrix Operating Environment before 7.5.0 allows remote attackers to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2015-5427 and CVE-2015-5429. | 2015-08-26 | 7.5 | CVE-2015-5428 HP |
hp — matrix_operating_environment | HP Matrix Operating Environment before 7.5.0 allows remote attackers to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2015-5427 and CVE-2015-5428. | 2015-08-26 | 7.5 | CVE-2015-5429 HP |
hp — virtual_connect_enterprise_manager_sdk | HP Virtual Connect Enterprise Manager (VCEM) SDK before 7.5.0, as used in HP Matrix Operating Environment before 7.5.0 and other products, allows remote attackers to obtain sensitive information or modify data via unspecified vectors. | 2015-08-26 | 7.5 | CVE-2015-5432 HP HP |
ibm — systems_director | IBM Systems Director 5.2.x, 6.1.x, 6.2.0.x, 6.2.1.x, 6.3.0.0, 6.3.1.x, 6.3.2.x, 6.3.3.x, 6.3.5.0, and 6.3.6.0 improperly processes events, which allows local users to gain privileges via unspecified vectors. | 2015-08-23 | 7.2 | CVE-2015-1992 CONFIRM AIXAPAR CONFIRM |
libevent_project — libevent | Multiple integer overflows in the evbuffer API in Libevent 1.4.x before 1.4.15, 2.0.x before 2.0.22, and 2.1.x before 2.1.5-beta allow context-dependent attackers to cause a denial of service or possibly have other unspecified impact via “insanely large inputs” to the (1) evbuffer_add, (2) evbuffer_expand, or (3) bufferevent_write function, which triggers a heap-based buffer overflow or an infinite loop. NOTE: this identifier has been SPLIT per ADT3 due to different affected versions. See CVE-2015-6525 for the functions that are only affected in 2.0 and later. | 2015-08-24 | 7.5 | CVE-2014-6272 DEBIAN MLIST |
libevent_project — libevent | Multiple integer overflows in the evbuffer API in Libevent 2.0.x before 2.0.22 and 2.1.x before 2.1.5-beta allow context-dependent attackers to cause a denial of service or possibly have other unspecified impact via “insanely large inputs” to the (1) evbuffer_add, (2) evbuffer_prepend, (3) evbuffer_expand, (4) exbuffer_reserve_space, or (5) evbuffer_read function, which triggers a heap-based buffer overflow or an infinite loop. NOTE: this identifier was SPLIT from CVE-2014-6272 per ADT3 due to different affected versions. | 2015-08-24 | 7.5 | CVE-2015-6525 DEBIAN MLIST |
mobile_devices — c4_obd-ii_dongle_firmware | ** DISPUTED ** Mobile Devices (aka MDI) C4 OBD-II dongles with firmware 2.x and 3.4.x, as used in Metromile Pulse and other products, store SSH private keys that are the same across different customers’ installations, which makes it easier for remote attackers to obtain access by leveraging knowledge of a private key from another installation. NOTE: the vendor states “This was a flaw for the developer/debugging devices (again not possible in production versions).” | 2015-08-23 | 9.0 | CVE-2015-2906 CONFIRM CERT-VN MISC |
mobile_devices — c4_obd-ii_dongle_firmware | ** DISPUTED ** Mobile Devices (aka MDI) C4 OBD-II dongles with firmware 2.x and 3.4.x, as used in Metromile Pulse and other products, have hardcoded SSH credentials, which makes it easier for remote attackers to obtain access by leveraging knowledge of the required username and password. NOTE: the vendor states “This was a flaw for the developer/debugging devices (again not possible in production versions).” | 2015-08-23 | 9.0 | CVE-2015-2907 CONFIRM CERT-VN MISC |
mobile_devices — c4_obd-ii_dongle_firmware | ** DISPUTED ** Mobile Devices (aka MDI) C4 OBD-II dongles with firmware 2.x and 3.4.x, as used in Metromile Pulse and other products, do not validate firmware updates, which allows remote attackers to execute arbitrary code by specifying an update server. NOTE: the vendor states “This was a flaw for the developer/debugging devices, and was fixed in production version about 3 years ago.” | 2015-08-23 | 9.0 | CVE-2015-2908 CONFIRM CERT-VN MISC |
openbsd — openssh | sshd in OpenSSH 6.8 and 6.9 uses world-writable permissions for TTY devices, which allows local users to cause a denial of service (terminal disruption) or possibly have unspecified other impact by writing to a device, as demonstrated by writing an escape sequence. | 2015-08-23 | 7.2 | CVE-2015-6565 MLIST CONFIRM |
polarssl — polarssl | Memory leak in PolarSSL before 1.2.12 and 1.3.x before 1.3.9 allows remote attackers to cause a denial of service (memory consumption) via a large number of crafted X.509 certificates. NOTE: this identifier has been SPLIT per ADT3 due to different affected versions. See CVE-2014-9744 for the ClientHello message issue. | 2015-08-24 | 7.8 | CVE-2014-8628 CONFIRM CONFIRM SUSE |
polarssl — polarssl | Memory leak in PolarSSL before 1.3.9 allows remote attackers to cause a denial of service (memory consumption) via a large number of ClientHello messages. NOTE: this identifier was SPLIT from CVE-2014-8628 per ADT3 due to different affected versions. | 2015-08-24 | 7.8 | CVE-2014-9744 CONFIRM SUSE |
redhat — openshift | Red Hat OpenShift Enterprise 3.0.0.0 does not properly check permissions, which allows remote authenticated users with build permissions to execute arbitrary shell commands with root permissions on arbitrary build pods via unspecified vectors. | 2015-08-24 | 8.5 | CVE-2015-5222 REDHAT |
Medium Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
actiontec — _ncs01_firmware | Cross-site request forgery (CSRF) vulnerability on Actiontec GT784WN modems with firmware before NCS01-1.0.13 allows remote attackers to hijack the authentication or intranet connectivity of arbitrary users. | 2015-08-23 | 6.8 | CVE-2015-2905 CERT-VN |
adobe — livecycle_data_services | Apache Flex BlazeDS, as used in flex-messaging-core.jar in Adobe LiveCycle Data Services (LCDS) 3.0.x before 3.0.0.354170, 4.5 before 4.5.1.354169, 4.6.2 before 4.6.2.354169, and 4.7 before 4.7.0.354169 and other products, allows remote attackers to read arbitrary files via an AMF message containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | 2015-08-24 | 5.0 | CVE-2015-3269 CONFIRM BUGTRAQ |
apache — activemq | The LDAPLoginModule implementation the Java Authentication and Authorization Service (JAAS) in Apache ActiveMQ 5.x before 5.10.1 allows wildcard operators in usernames, which allows remote attackers to obtain credentials via a brute force attack. NOTE: this identifier was SPLIT from CVE-2014-3612 per ADT2 due to different vulnerability types. | 2015-08-24 | 5.0 | CVE-2015-6524 CONFIRM |
apple — quicktime | Apple QuickTime before 7.7.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file, a different vulnerability than CVE-2015-5786. | 2015-08-24 | 6.8 | CVE-2015-5785 APPLE CONFIRM |
apple — quicktime | Apple QuickTime before 7.7.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file, a different vulnerability than CVE-2015-5785. | 2015-08-24 | 6.8 | CVE-2015-5786 APPLE CONFIRM |
chaos_tool_suite_project — ctools | Cross-site scripting (XSS) vulnerability in the Ajax handler in Drupal 7.x before 7.39 and the Ctools module 6.x-1.x before 6.x-1.14 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors involving a whitelisted HTML element, possibly related to the “a” tag. | 2015-08-24 | 4.3 | CVE-2015-6665 CONFIRM MISC CONFIRM |
cisco — asr_5000_series_software | Cisco ASR 5000 devices with software 19.0.M0.60828 allow remote attackers to cause a denial of service (OSPF process restart) via crafted length fields in headers of OSPF packets, aka Bug ID CSCuv62820. | 2015-08-22 | 5.0 | CVE-2015-6256 CISCO |
cisco — wireless_lan_controller_software | The Internet Access Point Protocol (IAPP) module on Cisco Wireless LAN Controller (WLC) devices with software 8.1(104.37) allows remote attackers to trigger incorrect traffic forwarding via crafted IPv6 packets, aka Bug ID CSCuv40033. | 2015-08-22 | 5.0 | CVE-2015-6258 CISCO |
cisco — telepresence_video_communication_server_software | Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 allows remote authenticated users to bypass intended access restrictions and read configuration files by leveraging the Mobile and Remote Access (MRA) role and establishing a TFTP session, aka Bug ID CSCuv78531. | 2015-08-26 | 4.0 | CVE-2015-6261 CISCO |
cisco — prime_infrastructure | Cross-site request forgery (CSRF) vulnerability in Cisco Prime Infrastructure 1.2(0.103) and 2.0(0.0) allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCum49054 and CSCum49059. | 2015-08-24 | 6.8 | CVE-2015-6262 CISCO |
cisco — application_control_engine_4700 | The CLI in Cisco Application Control Engine (ACE) 4700 A5 3.0 and earlier allows local users to bypass intended access restrictions, and read or write to files, by entering an unspecified CLI command with a crafted file as this command’s input, aka Bug ID CSCur23662. | 2015-08-26 | 4.3 | CVE-2015-6265 CISCO |
conntrack-tools_project — conntrack-tools | conntrackd in conntrack-tools 1.4.2 and earlier does not ensure that the optional kernel modules are loaded before using them, which allows remote attackers to cause a denial of service (crash) via a (1) DCCP, (2) SCTP, or (3) ICMPv6 packet. | 2015-08-24 | 5.0 | CVE-2015-6496 CONFIRM MLIST MLIST DEBIAN CONFIRM |
dell — sonicwall_netextender_firmware | Unquoted Windows search path vulnerability in the autorun value in Dell SonicWall NetExtender with firmware before 7.5.1.2 and 8.x before 8.0.0.3 allows local users to gain privileges via a Trojan horse program in the %SYSTEMDRIVE% folder. | 2015-08-26 | 4.4 | CVE-2015-4173 BUGTRAQ MISC |
djangoproject — django | contrib.sessions.middleware.SessionMiddleware in Django 1.8.x before 1.8.4, 1.7.x before 1.7.10, 1.4.x before 1.4.22, and possibly other versions allows remote attackers to cause a denial of service (session store consumption or session record removal) via a large number of requests to contrib.auth.views.logout, which triggers the creation of an empty session record. | 2015-08-24 | 5.0 | CVE-2015-5963 MISC UBUNTU |
djangoproject — django | The (1) contrib.sessions.backends.base.SessionBase.flush and (2) cache_db.SessionStore.flush functions in Django 1.7.x before 1.7.10, 1.4.x before 1.4.22, and possibly other versions create empty sessions in certain circumstances, which allows remote attackers to cause a denial of service (session store consumption) via unspecified vectors. | 2015-08-24 | 5.0 | CVE-2015-5964 MISC UBUNTU |
drupal — drupal | Cross-site scripting (XSS) vulnerability in the Autocomplete system in Drupal 6.x before 6.37 and 7.x before 7.39 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, related to uploading files. | 2015-08-24 | 4.3 | CVE-2015-6658 CONFIRM |
drupal — drupal | The Form API in Drupal 6.x before 6.37 and 7.x before 7.39 does not properly validate the form token, which allows remote attackers to conduct CSRF attacks that upload files in a different user’s account via vectors related to “file upload value callbacks.” | 2015-08-24 | 6.8 | CVE-2015-6660 CONFIRM |
drupal — drupal | Drupal 6.x before 6.37 and 7.x before 7.39 allows remote attackers to obtain sensitive node titles by reading the menu. | 2015-08-24 | 5.0 | CVE-2015-6661 CONFIRM |
gnu — glibc | The getaddrinfo function in glibc before 2.15, when compiled with libidn and the AI_IDN flag is used, allows context-dependent attackers to cause a denial of service (invalid free) and possibly execute arbitrary code via unspecified vectors, as demonstrated by an internationalized domain name to ping6. | 2015-08-26 | 5.1 | CVE-2013-7424 CONFIRM CONFIRM CONFIRM CONFIRM MLIST REDHAT |
gnu — gnutls | Double free vulnerability in GnuTLS before 3.3.17 and 3.4.x before 3.4.4 allows remote attackers to cause a denial of service via a long DistinguishedName (DN) entry in a certificate. | 2015-08-24 | 5.0 | CVE-2015-6251 CONFIRM CONFIRM BID MLIST MLIST CONFIRM DEBIAN |
hp — operations_manager_i | Unspecified vulnerability in the execve system-call implementation in HP HP-UX B.11.11, B.11.23, and B.11.31 allows local users to gain privileges via unknown vectors. | 2015-08-22 | 4.4 | CVE-2015-2132 HP |
hp — systems_insight_manager | HP Systems Insight Manager (SIM) before 7.5.0, as used in HP Matrix Operating Environment before 7.5.0 and other products, allows remote authenticated users to obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2015-5403. | 2015-08-26 | 4.0 | CVE-2015-2139 HP HP |
hp — systems_insight_manager | HP Systems Insight Manager (SIM) before 7.5.0, as used in HP Matrix Operating Environment before 7.5.0 and other products, allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors. | 2015-08-26 | 6.5 | CVE-2015-2140 HP HP |
hp — hspa+_gobi_4g | The HP lt4112 LTE/HSPA+ Gobi 4G module with firmware before 12.500.00.15.1803 on EliteBook, ElitePad, Elite, ProBook, Spectre, ZBook, and mt41 Thin Client devices allows local users to gain privileges via unspecified vectors. | 2015-08-27 | 6.9 | CVE-2015-5367 HP |
hp — systems_insight_manager | HP Systems Insight Manager (SIM) before 7.5.0, as used in HP Matrix Operating Environment before 7.5.0 and other products, allows remote authenticated users to obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2015-2139. | 2015-08-26 | 4.0 | CVE-2015-5403 HP HP |
hp — systems_insight_manager | HP Systems Insight Manager (SIM) before 7.5.0, as used in HP Matrix Operating Environment before 7.5.0 and other products, allows remote authenticated users to obtain sensitive information, modify data, or cause a denial of service via unspecified vectors. | 2015-08-26 | 6.5 | CVE-2015-5405 HP HP |
hp — centralview_credit_risk_control | HP CentralView Fraud Risk Management 11.1, 11.2, and 11.3; CentralView Revenue Leakage Control 4.1, 4.2, and 4.3; CentralView Dealer Performance Audit 2.0 and 2.1; CentralView Credit Risk Control 2.1, 2.2, and 2.3; CentralView Roaming Fraud Control 2.1, 2.2, and 2.3; and CentralView Subscription Fraud Prevention 2.0 and 2.1 allow remote attackers to obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2015-5406 and CVE-2015-5408. | 2015-08-22 | 6.0 | CVE-2015-5407 HP |
hp — centralview_credit_risk_control | HP CentralView Fraud Risk Management 11.1, 11.2, and 11.3; CentralView Revenue Leakage Control 4.1, 4.2, and 4.3; CentralView Dealer Performance Audit 2.0 and 2.1; CentralView Credit Risk Control 2.1, 2.2, and 2.3; CentralView Roaming Fraud Control 2.1, 2.2, and 2.3; and CentralView Subscription Fraud Prevention 2.0 and 2.1 allow remote attackers to obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2015-5406 and CVE-2015-5407. | 2015-08-22 | 6.0 | CVE-2015-5408 HP |
hp — version_control_repository_manager | HP Version Control Repository Manager (VCRM) before 7.5.0 allows remote authenticated users to execute arbitrary code or cause a denial of service via unspecified vectors. | 2015-08-26 | 6.5 | CVE-2015-5410 HP |
hp — version_control_repository_manager | HP Version Control Repository Manager (VCRM) before 7.5.0 allows remote authenticated users to obtain sensitive information via unspecified vectors. | 2015-08-26 | 6.8 | CVE-2015-5411 HP |
hp — version_control_repository_manager | Cross-site request forgery (CSRF) vulnerability in HP Version Control Repository Manager (VCRM) before 7.5.0 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors. | 2015-08-26 | 6.0 | CVE-2015-5412 HP |
hp — version_control_repository_manager | HP Version Control Repository Manager (VCRM) before 7.5.0 allows remote authenticated users to gain privileges and obtain sensitive information via unspecified vectors. | 2015-08-26 | 4.0 | CVE-2015-5413 HP |
hp — matrix_operating_environment | HP Matrix Operating Environment before 7.5.0 allows remote attackers to obtain sensitive information via unspecified vectors. | 2015-08-26 | 5.0 | CVE-2015-5430 HP |
hp — matrix_operating_environment | HP Matrix Operating Environment before 7.5.0 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors. | 2015-08-26 | 6.5 | CVE-2015-5431 HP |
hp — virtual_connect_enterprise_manager_sdk | HP Virtual Connect Enterprise Manager (VCEM) SDK before 7.5.0, as used in HP Matrix Operating Environment before 7.5.0 and other products, allows remote authenticated users to obtain sensitive information via unspecified vectors. | 2015-08-26 | 4.0 | CVE-2015-5433 HP HP |
ibm — websphere_application_server | IBM WebSphere Application Server 7.x before 7.0.0.39, 8.0.x before 8.0.0.11, and 8.5.x before 8.5.5.7 and WebSphere Virtual Enterprise before 7.0.0.7 allow remote attackers to obtain potentially sensitive information about the proxy-server software by reading the HTTP Via header. | 2015-08-22 | 5.0 | CVE-2015-1932 CONFIRM AIXAPAR |
ibm — domino | Open redirect vulnerability in the web server in IBM Domino 8.5 before 8.5.3 FP6 IF9 and 9.0 before 9.0.1 FP4 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks or cross-site scripting (XSS) attacks via a crafted URL, aka SPR SJAR9DNGDA. | 2015-08-22 | 5.8 | CVE-2015-2014 CONFIRM |
ibm — domino | Cross-site scripting (XSS) vulnerability in pubnames.ntf (aka the Directory template) in the web server in IBM Domino before 9.0.0 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka SPR KLYH8WBPRN. | 2015-08-22 | 4.3 | CVE-2015-2015 CONFIRM |
ibm — websphere_application_server | IBM WebSphere Application Server 7.x before 7.0.0.39, 8.0.x before 8.0.0.11, and 8.5.x before 8.5.5.7 allows remote attackers to spoof servlets and obtain sensitive information via unspecified vectors. | 2015-08-22 | 5.0 | CVE-2015-4938 CONFIRM AIXAPAR |
ibm — tivoli_storage_fastback_for_microsoft_exchange | The mailbox-restore feature in IBM Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server 6.1 before 6.1.3.6, 6.3 before 6.3.1.3, 6.4 before 6.4.1.4, and 7.1 before 7.1.0.2; Tivoli Storage FlashCopy Manager: FlashCopy Manager for Microsoft Exchange Server 2.1, 2.2, 3.1 before 3.1.1.5, 3.2 before 3.2.1.7, and 4.1 before 4.1.1; and Tivoli Storage Manager FastBack for Microsoft Exchange 6.1 before 6.1.5.4 does not ensure that the correct mailbox is selected, which allows remote authenticated users to obtain sensitive information via a duplicate alias name. | 2015-08-23 | 4.0 | CVE-2015-4950 CONFIRM AIXAPAR AIXAPAR |
iodata — wn-g54/r2_firmware | I-O DATA DEVICE WN-G54/R2 routers with firmware before 1.03 and NP-BBRS routers allow remote attackers to cause a denial of service (SSDP reflection) via UPnP requests. | 2015-08-22 | 5.0 | CVE-2015-2984 CONFIRM JVNDB JVN |
kernel — linux-pam | The _unix_run_helper_binary function in the pam_unix module in Linux-PAM (aka pam) before 1.2.1, when unable to directly access passwords, allows local users to enumerate usernames or cause a denial of service (hang) via a large password. | 2015-08-24 | 5.8 | CVE-2015-3238 MISC MISC CONFIRM MLIST REDHAT |
openbsd — openssh | Use-after-free vulnerability in the mm_answer_pam_free_ctx function in monitor.c in sshd in OpenSSH before 7.0 on non-OpenBSD platforms might allow local users to gain privileges by leveraging control of the sshd uid to send an unexpectedly early MONITOR_REQ_PAM_FREE_CTX request. | 2015-08-23 | 6.9 | CVE-2015-6564 CONFIRM MLIST CONFIRM FULLDISC |
openstack — neutron | OpenStack Neutron before 2014.2.4 (juno) and 2015.1.x before 2015.1.1 (kilo), when using the IPTables firewall driver, allows remote authenticated users to cause a denial of service (L2 agent crash) by adding an address pair that is rejected by the ipset tool. | 2015-08-26 | 4.0 | CVE-2015-3221 CONFIRM REDHAT MLIST |
php_kobo — photo_gallery_cms_free | Cross-site scripting (XSS) vulnerability in jquery.lightbox-0.5.min.js in PHP Kobo Photo Gallery CMS for PC, smartphone and feature phone 1.0.1 Free and earlier allows remote authenticated users to inject arbitrary web script or HTML via unspecified input to admin.php. | 2015-08-22 | 4.3 | CVE-2015-2982 CONFIRM JVNDB JVN |
php_kobo — photo_gallery_cms_free | Cross-site request forgery (CSRF) vulnerability in admin.php in PHP Kobo Photo Gallery CMS for PC, smartphone and feature phone 1.0.1 Free and earlier allows remote attackers to hijack the authentication of arbitrary users. | 2015-08-22 | 6.8 | CVE-2015-2983 CONFIRM JVNDB JVN |
picketlink — picketlink | The invokeNextValve function in identity/federation/bindings/tomcat/idp/AbstractIDPValve.java in PicketLink before 2.8.0.Beta1 does not properly check role based authorization, which allows remote authenticated users to gain access to restricted application resources via a (1) direct request or (2) request through an SP initiated flow. | 2015-08-26 | 4.0 | CVE-2015-3158 CONFIRM CONFIRM CONFIRM REDHAT REDHAT REDHAT REDHAT REDHAT |
redhat — mod_cluster | Cross-site scripting (XSS) vulnerability in the manager web interface in mod_cluster before 1.3.2.Alpha1 allows remote attackers to inject arbitrary web script or HTML via a crafted MCMP message. | 2015-08-24 | 4.3 | CVE-2015-0298 CONFIRM REDHAT REDHAT |
rubygems — rubygems | RubyGems 2.0.x before 2.0.17, 2.2.x before 2.2.5, and 2.4.x before 2.4.8 does not validate the hostname when fetching gems or making API request, which allows remote attackers to redirect requests to arbitrary domains via a crafted DNS SRV record with a domain that is suffixed with the original domain name, aka a “DNS hijack attack.” NOTE: this vulnerability exists because to an incomplete fix for CVE-2015-3900. | 2015-08-25 | 4.3 | CVE-2015-4020 MISC MISC CONFIRM CONFIRM CONFIRM |
sap — netweaver | XML external entity (XXE) vulnerability in SAP NetWeaver Portal 7.4 allows remote attackers to read arbitrary files and possibly have other unspecified impact via crafted XML data, aka SAP Security Note 2168485. | 2015-08-24 | 6.8 | CVE-2015-6662 MISC |
sap — afaria | Cross-site scripting (XSS) vulnerability in the Client form in the Device Inspector page in SAP Afaria 7 allows remote attackers to inject arbitrary web script or HTML via crafted client name data, aka SAP Security Note 2152669. | 2015-08-24 | 4.3 | CVE-2015-6663 MISC |
sap — mobile_platform | XML external entity (XXE) vulnerability in the application import functionality in SAP Mobile Platform 2.3 allows remote attackers to read arbitrary files and possibly have other unspecified impact via crafted XML data, aka SAP Security Note 2152227. | 2015-08-24 | 6.8 | CVE-2015-6664 MISC |
sgi — xfsprogs | xfs_metadump in xfsprogs before 3.2.4 does not properly obfuscate file data, which allows remote attackers to obtain sensitive information by reading a generated image. | 2015-08-25 | 5.0 | CVE-2012-2150 CONFIRM MLIST MLIST MLIST SUSE FEDORA FEDORA FEDORA |
trend_micro — deep_discovery_inspector | Multiple cross-site scripting (XSS) vulnerabilities in Trend Micro Deep Discovery Inspector (DDI) on Deep Discovery Threat appliances with software before 3.5.1477, 3.6.x before 3.6.1217, 3.7.x before 3.7.1248, 3.8.x before 3.8.1263, and other versions allow remote attackers to inject arbitrary web script or HTML via (1) crafted input to index.php that is processed by certain Internet Explorer 7 configurations or (2) crafted input to the widget feature. | 2015-08-23 | 4.3 | CVE-2015-2872 CERT-VN CONFIRM |
trend_micro — deep_discovery_inspector | Trend Micro Deep Discovery Inspector (DDI) on Deep Discovery Threat appliances with software before 3.5.1477, 3.6.x before 3.6.1217, 3.7.x before 3.7.1248, 3.8.x before 3.8.1263, and other versions allows remote attackers to obtain sensitive information or change the configuration via a direct request to the (1) system log URL, (2) whitelist URL, or (3) blacklist URL. | 2015-08-23 | 5.5 | CVE-2015-2873 CERT-VN CONFIRM |
videolan — vlc_media_player | VideoLAN VLC media player 2.2.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted 3GP file, which triggers the freeing of arbitrary pointers. | 2015-08-25 | 6.8 | CVE-2015-5949 MISC CONFIRM BUGTRAQ MLIST MLIST DEBIAN MISC |
wireshark — wireshark | The proto_tree_add_bytes_item function in epan/proto.c in the protocol-tree implementation in Wireshark 1.12.x before 1.12.7 does not properly terminate a data structure after a failure to locate a number within a string, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. | 2015-08-24 | 4.3 | CVE-2015-6241 CONFIRM CONFIRM CONFIRM |
wireshark — wireshark | The wmem_block_split_free_chunk function in epan/wmem/wmem_allocator_block.c in the wmem block allocator in the memory manager in Wireshark 1.12.x before 1.12.7 does not properly consider a certain case of multiple realloc operations that restore a memory chunk to its original size, which allows remote attackers to cause a denial of service (incorrect free operation and application crash) via a crafted packet. | 2015-08-24 | 4.3 | CVE-2015-6242 CONFIRM CONFIRM CONFIRM |
wireshark — wireshark | The dissector-table implementation in epan/packet.c in Wireshark 1.12.x before 1.12.7 mishandles table searches for empty strings, which allows remote attackers to cause a denial of service (application crash) via a crafted packet, related to the (1) dissector_get_string_handle and (2) dissector_get_default_string_handle functions. | 2015-08-24 | 4.3 | CVE-2015-6243 CONFIRM CONFIRM CONFIRM |
wireshark — wireshark | The dissect_zbee_secure function in epan/dissectors/packet-zbee-security.c in the ZigBee dissector in Wireshark 1.12.x before 1.12.7 improperly relies on length fields contained in packet data, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. | 2015-08-24 | 4.3 | CVE-2015-6244 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
wireshark — wireshark | epan/dissectors/packet-gsm_rlcmac.c in the GSM RLC/MAC dissector in Wireshark 1.12.x before 1.12.7 uses incorrect integer data types, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. | 2015-08-24 | 4.3 | CVE-2015-6245 CONFIRM CONFIRM CONFIRM |
wireshark — wireshark | The dissect_wa_payload function in epan/dissectors/packet-waveagent.c in the WaveAgent dissector in Wireshark 1.12.x before 1.12.7 mishandles large tag values, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. | 2015-08-24 | 4.3 | CVE-2015-6246 CONFIRM CONFIRM CONFIRM |
wireshark — wireshark | The dissect_openflow_tablemod_v5 function in epan/dissectors/packet-openflow_v5.c in the OpenFlow dissector in Wireshark 1.12.x before 1.12.7 does not validate a certain offset value, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. | 2015-08-24 | 4.3 | CVE-2015-6247 CONFIRM CONFIRM CONFIRM |
wireshark — wireshark | The ptvcursor_add function in the ptvcursor implementation in epan/proto.c in Wireshark 1.12.x before 1.12.7 does not check whether the expected amount of data is available, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. | 2015-08-24 | 4.3 | CVE-2015-6248 CONFIRM CONFIRM CONFIRM CONFIRM |
wireshark — wireshark | The dissect_wccp2r1_address_table_info function in epan/dissectors/packet-wccp.c in the WCCP dissector in Wireshark 1.12.x before 1.12.7 does not prevent the conflicting use of a table for both IPv4 and IPv6 addresses, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. | 2015-08-24 | 4.3 | CVE-2015-6249 CONFIRM CONFIRM CONFIRM |
zend — zend_framework | The Zend_Xml_Security::scan in ZendXml before 1.0.1 and Zend Framework before 1.12.14, 2.x before 2.4.6, and 2.5.x before 2.5.2, when running under PHP-FPM in a threaded environment, allows remote attackers to bypass security checks and conduct XML external entity (XXE) and XML entity expansion (XEE) attacks via multibyte encoded characters. | 2015-08-25 | 6.8 | CVE-2015-5161 EXPLOIT-DB BID DEBIAN FULLDISC MISC FEDORA MISC CONFIRM |
Low Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
cisco — prime_infrastructure | Cisco Prime Infrastructure (PI) 1.4(0.45) and earlier, when AAA authentication is used, allows remote authenticated users to bypass intended access restrictions via a username with a modified composition of lowercase and uppercase characters, aka Bug ID CSum59958. | 2015-08-22 | 3.5 | CVE-2015-4331 CISCO |
emc — documentum_d2 | Lockbox in EMC Documentum D2 before 4.5 uses a hardcoded passphrase when a server lacks a D2.Lockbox file, which makes it easier for remote authenticated users to decrypt admin tickets by locating this passphrase in a decompiled D2 JAR archive. | 2015-08-22 | 3.5 | CVE-2015-4537 BUGTRAQ |
ibm — integration_bus | IBM Integration Bus 9 and 10 before 10.0.0.1 and WebSphere Message Broker 7 before 7.0.0.8 and 8 before 8.0.0.7 do not ensure that the correct security profile is selected, which allows remote authenticated users to obtain sensitive information via unspecified vectors. | 2015-08-23 | 3.5 | CVE-2015-2018 CONFIRM AIXAPAR |
ibm — tivoli_storage_flashcopy_manager | IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server 7.1 before 7.1.2, Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server 7.1 before 7.1.2, and Tivoli Storage FlashCopy Manager 4.1 before 4.1.2 place cleartext passwords in exception messages, which allows physically proximate attackers to obtain sensitive information by reading GUI pop-up windows, a different vulnerability than CVE-2015-6557. | 2015-08-22 | 2.1 | CVE-2015-4949 CONFIRM AIXAPAR |
ibm — tivoli_storage_flashcopy_manager | IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server 5.5 before 5.5.6.1, 6.3 before 6.3.1.5, 6.4 before 6.4.1.7, and 7.1 before 7.1.2; Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server 5.5 before 5.5.1.1, 6.1 before 6.1.3.7, 6.3 before 6.3.1.5, 6.4 before 6.4.1.7, and 7.1 before 7.1.2; and Tivoli Storage FlashCopy Manager 3.1 before 3.1.1.5, 3.2 before 3.2.1.7, and 4.1 before 4.1.2, when application tracing is used, place cleartext passwords in exception messages, which allows physically proximate attackers to obtain sensitive information by reading trace output, a different vulnerability than CVE-2015-4949. | 2015-08-22 | 2.1 | CVE-2015-6557 CONFIRM AIXAPAR |
libunwind_project — libunwind | Off-by-one error in the dwarf_to_unw_regnum function in include/dwarf_i.h in libunwind 1.1 allows local users to have unspecified impact via invalid dwarf opcodes. | 2015-08-26 | 3.3 | CVE-2015-3239 CONFIRM REDHAT CONFIRM |
mantisbt — mantisbt | Cross-site scripting (XSS) vulnerability in the “set configuration” box in the Configuration Report page (adm_config_report.php) in MantisBT 1.2.13 through 1.2.17 allows remote administrators to inject arbitrary web script or HTML via the config_option parameter, a different vulnerability than CVE-2014-8986. | 2015-08-24 | 3.5 | CVE-2014-8987 CONFIRM MLIST MLIST MLIST MLIST MLIST CONFIRM |
openbsd — openssh | The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD platforms accepts extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests, which allows local users to conduct impersonation attacks by leveraging any SSH login access in conjunction with control of the sshd uid to send a crafted MONITOR_REQ_PWNAM request, related to monitor.c and monitor_wrap.c. | 2015-08-23 | 1.9 | CVE-2015-6563 CONFIRM MLIST CONFIRM FULLDISC |
qemu — qemu | The slirp_smb function in net/slirp.c in QEMU 2.3.0 and earlier creates temporary files with predictable names, which allows local users to cause a denial of service (instantiation failure) by creating /tmp/qemu-smb.*-* files before the program. | 2015-08-26 | 1.9 | CVE-2015-4037 CONFIRM MLIST MLIST MLIST DEBIAN DEBIAN |
This product is provided subject to this Notification and this Privacy & Use policy.
The invisible trail left by your device’s battery which leads right to you
While smartphones and tablets continue to have more features which help make our lives easier, their battery life isn’t usually something which users are happy with.
Now, whilst the manufacturers are working on extending its shelf-life, the batteries are in the spotlight for another reason. This time, the engine of these mobiles is putting user privacy at risk by leaving a trail of all your movements online.
The fact what businesses and cybercriminals are able to find out this information is down to a characteristic of HTML5, the latest version of the language used to create webpages. This function allows webpages to know the status of the battery and adapt what it shows.
So, in the event that our battery hasn’t got a lot of energy left, websites written in HTML5 can be loaded (if the developer allows) with all unnecessary items removed in order to save resources and power.
This isn’t a new characteristic as it was introduced in 2012 and works with Chrome, Opera, and Firefox. Recently, however, a group of French and Belgian investigators have published a study which shows that the information received this way is specific and puts our security at risk.
It is possible to tell the percentage of battery remaining and the estimated life before it completely runs out, but what is really worrying is that this data is collected every 30 seconds (almost in real time).
In addition, researchers have also found that, after several visits, you can find the maximum capacity of the battery and eventually identify the user each time you visit a particular website, creating a kind of digital trail.
It also doesn’t make much difference if you surf incognito. In fact, neither the firewall of a computer or using a VPN are enough to escape this monitoring by HTML5. As if that were not enough, everything happens without the user being aware, since the website does not have to ask permission to gather all this information.
Beyond technical features like this that endanger our privacy – and that will probably be changed soon, following the controversial study – users should remember how to protect their privacy in the digital environment and also protect themselves with the best security tools available – it’s your security that’s at risk.
The post The invisible trail left by your device’s battery which leads right to you appeared first on MediaCenter Panda Security.
PFTP Server 8.0f Buffer Overflow
PFTP Server version 8.0f SEH bypass buffer overflow exploit.
PHPWiki 1.5.4 Cross Site Scripting / Local File Inclusion
PHPWiki version 1.5.4 suffers from cross site scripting and local file inclusion vulnerabilities.