Original release date: April 13, 2015
The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.
The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
-
High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0
-
Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9
-
Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9
Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.
High Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
antlabs — inngate | The ANTlabs InnGate firmware on IG 3100, IG 3101, InnGate 3.00 E, InnGate 3.01 E, InnGate 3.02 E, InnGate 3.10 E, InnGate 3.01 G, and InnGate 3.10 G devices does not require authentication for rsync sessions, which allows remote attackers to read or write to arbitrary files via TCP traffic on port 873. | 2015-04-04 | 10.0 | CVE-2015-0932 CERT-VN CONFIRM MISC MISC |
apache — subversion | The mod_dav_svn server in Subversion 1.8.0 through 1.8.11 allows remote attackers to cause a denial of service (memory consumption) via a large number of REPORT requests, which trigger the traversal of FSFS repository nodes. | 2015-04-08 | 7.8 | CVE-2015-0202 MANDRIVA CONFIRM |
apache — cassandra | The default configuration in Apache Cassandra 1.2.0 through 1.2.19, 2.0.0 through 2.0.13, and 2.1.0 through 2.1.3 binds an unauthenticated JMX/RMI interface to all network interfaces, which allows remote attackers to execute arbitrary Java code via an RMI request. | 2015-04-03 | 7.5 | CVE-2015-0225 BUGTRAQ MLIST MISC |
apple — apple_tv | IOHIDFamily in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted HID device. | 2015-04-10 | 7.2 | CVE-2015-1095 CONFIRM CONFIRM CONFIRM APPLE APPLE APPLE |
apple — apple_tv | The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 does not properly handle TCP headers, which allows man-in-the-middle attackers to cause a denial of service via unspecified vectors. | 2015-04-10 | 7.1 | CVE-2015-1102 CONFIRM CONFIRM CONFIRM APPLE APPLE APPLE |
apple — apple_tv | The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 makes routing changes in response to ICMP_REDIRECT messages, which allows remote attackers to cause a denial of service (network outage) or obtain sensitive packet-content information via a crafted ICMP packet. | 2015-04-10 | 7.5 | CVE-2015-1103 CONFIRM CONFIRM CONFIRM APPLE APPLE APPLE |
apple — mac_os_x | The XPC implementation in Admin Framework in Apple OS X before 10.10.3 allows local users to bypass authentication and obtain admin privileges via unspecified vectors. | 2015-04-10 | 7.2 | CVE-2015-1130 CONFIRM APPLE |
apple — mac_os_x | fontd in Apple Type Services (ATS) in Apple OS X before 10.10.3 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-1132, CVE-2015-1133, CVE-2015-1134, and CVE-2015-1135. | 2015-04-10 | 7.2 | CVE-2015-1131 CONFIRM APPLE |
apple — mac_os_x | fontd in Apple Type Services (ATS) in Apple OS X before 10.10.3 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-1131, CVE-2015-1133, CVE-2015-1134, and CVE-2015-1135. | 2015-04-10 | 10.0 | CVE-2015-1132 CONFIRM APPLE |
apple — mac_os_x | fontd in Apple Type Services (ATS) in Apple OS X before 10.10.3 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-1131, CVE-2015-1132, CVE-2015-1134, and CVE-2015-1135. | 2015-04-10 | 7.2 | CVE-2015-1133 CONFIRM APPLE |
apple — mac_os_x | fontd in Apple Type Services (ATS) in Apple OS X before 10.10.3 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-1131, CVE-2015-1132, CVE-2015-1133, and CVE-2015-1135. | 2015-04-10 | 7.2 | CVE-2015-1134 CONFIRM APPLE |
apple — mac_os_x | fontd in Apple Type Services (ATS) in Apple OS X before 10.10.3 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-1131, CVE-2015-1132, CVE-2015-1133, and CVE-2015-1134. | 2015-04-10 | 7.2 | CVE-2015-1135 CONFIRM APPLE |
apple — mac_os_x | The NVIDIA graphics driver in Apple OS X before 10.10.3 allows local users to gain privileges or cause a denial of service (NULL pointer dereference) via an unspecified IOService userclient type. | 2015-04-10 | 7.2 | CVE-2015-1137 CONFIRM APPLE |
apple — mac_os_x | Buffer overflow in IOHIDFamily in Apple OS X before 10.10.3 allows local users to gain privileges via unspecified vectors. | 2015-04-10 | 7.2 | CVE-2015-1140 CONFIRM APPLE |
apple — mac_os_x | LaunchServices in Apple OS X before 10.10.3 allows local users to gain privileges via a crafted localized string, related to a “type confusion” issue. | 2015-04-10 | 7.2 | CVE-2015-1143 CONFIRM APPLE |
apple — mac_os_x | Buffer overflow in the UniformTypeIdentifiers component in Apple OS X before 10.10.3 allows local users to gain privileges via a crafted Uniform Type Identifier. | 2015-04-10 | 7.2 | CVE-2015-1144 CONFIRM APPLE |
apple — xcode | Integer overflow in the simulator in Swift in Apple Xcode before 6.3 allows context-dependent attackers to cause a denial of service or possibly have unspecified other impact by triggering an incorrect result of a type conversion. | 2015-04-10 | 7.5 | CVE-2015-1149 CONFIRM APPLE |
arj_software — arj_archiver | Buffer overflow in Open-source ARJ archiver 3.10.22 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ARJ archive. | 2015-04-08 | 7.5 | CVE-2015-2782 MLIST MLIST DEBIAN |
c-board_moyuku_project — c-board_moyuku | Unrestricted file upload vulnerability in app/lib/mlf.pl in C-BOARD Moyuku before 1.03b3 allows remote attackers to execute arbitrary code by uploading a file with a character in its name. | 2015-04-05 | 7.5 | CVE-2015-0877 CONFIRM JVNDB JVN |
ca — spectrum | CA Spectrum 9.2.x and 9.3.x before 9.3 H02 does not properly validate serialized Java objects, which allows remote authenticated users to obtain administrative privileges via crafted object data. | 2015-04-07 | 9.0 | CVE-2015-2828 CONFIRM |
cisco — unity_connection | The Connection Conversation Manager (aka CuCsMgr) process in Cisco Unity Connection 8.5 before 8.5(1)SU6, 8.6 before 8.6(2a)SU4, and 9.x before 9.1(2)SU2, when SIP trunk integration is enabled, allows remote attackers to cause a denial of service (SIP outage) via a crafted UDP packet, aka Bug ID CSCuh25062. | 2015-04-03 | 7.1 | CVE-2015-0612 SECTRACK CISCO |
cisco — unity_connection | The Connection Conversation Manager (aka CuCsMgr) process in Cisco Unity Connection 8.5 before 8.5(1)SU7, 8.6 before 8.6(2a)SU4, 9.x before 9.1(2)SU2, and 10.0 before 10.0(1)SU1, when SIP trunk integration is enabled, allows remote attackers to cause a denial of service (core dump and restart) via crafted SIP INVITE messages, aka Bug ID CSCul20444. | 2015-04-03 | 7.1 | CVE-2015-0613 SECTRACK CISCO |
cisco — unity_connection | The Connection Conversation Manager (aka CuCsMgr) process in Cisco Unity Connection 8.5 before 8.5(1)SU7, 8.6 before 8.6(2a)SU4, 9.x before 9.1(2)SU2, and 10.0 before 10.0(1)SU1, when SIP trunk integration is enabled, allows remote attackers to cause a denial of service (core dump and restart) via crafted SIP INVITE messages, aka Bug ID CSCul26267. | 2015-04-03 | 7.1 | CVE-2015-0614 SECTRACK CISCO |
cisco — unity_connection | The call-handling implementation in Cisco Unity Connection 8.5 before 8.5(1)SU7, 8.6 before 8.6(2a)SU4, 9.x before 9.1(2)SU2, and 10.0 before 10.0(1)SU1, when SIP trunk integration is enabled, allows remote attackers to cause a denial of service (port consumption) by improperly terminating SIP sessions, aka Bug ID CSCul28089. | 2015-04-03 | 7.1 | CVE-2015-0615 SECTRACK CISCO |
cisco — unity_connection | The Connection Conversation Manager (aka CuCsMgr) process in Cisco Unity Connection 8.5 before 8.5(1)SU7, 8.6 before 8.6(2a)SU4, and 9.x before 9.1(2)SU2, when SIP trunk integration is enabled, allows remote attackers to cause a denial of service (core dump and restart) by improperly terminating SIP TCP connections, aka Bug ID CSCul69819. | 2015-04-03 | 7.1 | CVE-2015-0616 SECTRACK CISCO |
cisco — prime_data_center_network_manager | Directory traversal vulnerability in the fmserver servlet in Cisco Prime Data Center Network Manager (DCNM) before 7.1(1) allows remote attackers to read arbitrary files via a crafted pathname, aka Bug ID CSCus00241. | 2015-04-03 | 7.8 | CVE-2015-0666 SECTRACK CISCO |
cisco — ios_xe | Cisco IOS XE 3.10.2S on an ASR 1000 device with an Embedded Services Processor (ESP) module, when NAT is enabled, allows remote attackers to cause a denial of service (module crash) via malformed H.323 packets, aka Bug ID CSCup21070. | 2015-04-03 | 7.1 | CVE-2015-0688 SECTRACK CISCO |
gnu — glibc | The ADDW macro in stdio-common/vfscanf.c in the GNU C Library (aka glibc or libc6) before 2.21 does not properly consider data-type size during memory allocation, which allows context-dependent attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a long line containing wide characters that are improperly handled in a wscanf call. | 2015-04-08 | 7.5 | CVE-2015-1472 MLIST CONFIRM MLIST |
hidemaru — editor | Buffer overflow in Saitoh Kikaku Maruo Editor 8.51 and earlier allows remote attackers to execute arbitrary code via a crafted .hmbook file. | 2015-04-03 | 7.5 | CVE-2015-0903 JVNDB JVN CONFIRM |
ibm — rational_clearcase | The MSCAPI/MSCNG interface implementation in GSKit in IBM Rational ClearCase 7.1.2.x before 7.1.2.17, 8.0.0.x before 8.0.0.14, and 8.0.1.x before 8.0.1.7 does not properly generate random numbers, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors. | 2015-04-05 | 9.4 | CVE-2014-6221 CONFIRM SECTRACK |
ibm — domino | The LDAP Server in IBM Domino 8.5.x before 8.5.3 FP6 IF6 and 9.x before 9.0.1 FP3 IF1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, aka SPR KLYH9SLRGM. | 2015-04-05 | 10.0 | CVE-2015-0117 CONFIRM SECTRACK |
ibm — tivoli_storage_manager_fastback | FastBack Mount in IBM Tivoli Storage Manager FastBack 6.1.x before 6.1.11.1 allows remote attackers to execute arbitrary code by connecting to the Mount port. | 2015-04-05 | 7.5 | CVE-2015-0119 CONFIRM |
ibm — domino | Buffer overflow in the SSLv2 implementation in IBM Domino 8.5.x before 8.5.1 FP5 IF3, 8.5.2 before FP4 IF3, 8.5.3 before FP6 IF6, 9.0 before IF7, and 9.0.1 before FP2 IF3 allows remote attackers to execute arbitrary code via unspecified vectors. | 2015-04-05 | 10.0 | CVE-2015-0134 CONFIRM SECTRACK |
ibm — domino | Notes System Diagnostic (NSD) in IBM Domino 8.5.x before 8.5.3 FP6 IF6 and 9.x before 9.0.1 FP3 IF1 allows local users to obtain the System privilege via unspecified vectors, aka SPR TCHL9SST8V. | 2015-04-05 | 7.2 | CVE-2015-0179 CONFIRM SECTRACK |
linux — linux_kernel | The IPv4 implementation in the Linux kernel before 3.18.8 does not properly consider the length of the Read-Copy Update (RCU) grace period for redirecting lookups in the absence of caching, which allows remote attackers to cause a denial of service (memory consumption or system crash) via a flood of packets. | 2015-04-05 | 7.8 | CVE-2015-1465 CONFIRM CONFIRM UBUNTU UBUNTU MLIST CONFIRM CONFIRM |
oxide_project — oxide | Use-after-free vulnerability in Oxide before 1.5.6 and 1.6.x before 1.6.1 allows remote attackers to cause a denial of service (crash) or possible execute arbitrary code by deleting all WebContents while a RenderProcessHost instance still exists. | 2015-04-08 | 7.5 | CVE-2015-1317 CONFIRM UBUNTU |
redhat — openstack | The puppet manifests in the Red Hat openstack-puppet-modules package before 2014.2.13-2 uses a default password of CHANGEME for the pcsd daemon, which allows remote attackers to execute arbitrary shell commands via unspecified vectors. | 2015-04-10 | 10.0 | CVE-2015-1842 CONFIRM REDHAT REDHAT |
simple_ads_manager_project — simple_ads_manager | Multiple SQL injection vulnerabilities in sam-ajax-admin.php in the Simple Ads Manager plugin 2.5.94 and 2.5.96 for WordPress allow remote attackers to execute arbitrary SQL commands via a (1) hits[][] parameter in a sam_hits action; the (2) cstr parameter in a load_posts action; the (3) searchTerm parameter in a load_combo_data action; or the (4) subscriber, (5) contributor, (6) author, (7) editor, (8) admin, or (9) sadmin parameter in a load_users action. | 2015-04-06 | 7.5 | CVE-2015-2824 BUGTRAQ BUGTRAQ FULLDISC FULLDISC MISC |
Medium Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
apache — subversion | The (1) mod_dav_svn and (2) svnserve servers in Subversion 1.6.0 through 1.7.19 and 1.8.0 through 1.8.11 allow remote attackers to cause a denial of service (assertion failure and abort) via crafted parameter combinations related to dynamically evaluated revision numbers. | 2015-04-08 | 5.0 | CVE-2015-0248 MANDRIVA CONFIRM |
apache — subversion | The mod_dav_svn server in Subversion 1.5.0 through 1.7.19 and 1.8.0 through 1.8.11 allows remote authenticated users to spoof the svn:author property via a crafted v1 HTTP protocol request sequences. | 2015-04-08 | 4.0 | CVE-2015-0251 MANDRIVA CONFIRM |
apache — flex | Cross-site scripting (XSS) vulnerability in asdoc/templates/index.html in Apache Flex before 4.14.1 allows remote attackers to inject arbitrary web script or HTML by providing a crafted URI to JavaScript code generated by the asdoc component. | 2015-04-07 | 4.3 | CVE-2015-1773 BUGTRAQ |
apple — iphone_os | CFURL in Apple iOS before 8.3 and Apple OS X before 10.10.3 does not properly validate URLs, which allows remote attackers to execute arbitrary code via a crafted web site. | 2015-04-10 | 6.8 | CVE-2015-1088 CONFIRM CONFIRM APPLE APPLE |
apple — iphone_os | CFNetwork in Apple iOS before 8.3 and Apple OS X before 10.10.3 does not properly handle cookies during processing of redirects in HTTP responses, which allows remote attackers to bypass the Same Origin Policy via a crafted web site. | 2015-04-10 | 5.0 | CVE-2015-1089 CONFIRM CONFIRM APPLE APPLE |
apple — iphone_os | CFNetwork in Apple iOS before 8.3 does not delete HTTP Strict Transport Security (HSTS) state information in response to a Safari history-clearing action, which allows attackers to obtain sensitive information by reading a history file. | 2015-04-10 | 5.0 | CVE-2015-1090 CONFIRM APPLE |
apple — iphone_os | The CFNetwork Session component in Apple iOS before 8.3 and Apple OS X before 10.10.3 does not properly handle request headers during processing of redirects in HTTP responses, which allows remote attackers to bypass the Same Origin Policy via a crafted web site. | 2015-04-10 | 4.3 | CVE-2015-1091 CONFIRM CONFIRM APPLE APPLE |
apple — apple_tv | NSXMLParser in Foundation in Apple iOS before 8.3 and Apple TV before 7.2 allows remote attackers to read arbitrary files via an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | 2015-04-10 | 5.0 | CVE-2015-1092 CONFIRM CONFIRM APPLE APPLE |
apple — iphone_os | FontParser in Apple iOS before 8.3 and Apple OS X before 10.10.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file. | 2015-04-10 | 6.8 | CVE-2015-1093 CONFIRM CONFIRM APPLE APPLE |
apple — iphone_os | iWork in Apple iOS before 8.3 and Apple OS X before 10.10.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted iWork file. | 2015-04-10 | 6.8 | CVE-2015-1098 CONFIRM CONFIRM APPLE APPLE |
apple — apple_tv | The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 does not properly determine whether an IPv6 packet had a local origin, which allows remote attackers to bypass an intended network-filtering protection mechanism via a crafted packet. | 2015-04-10 | 5.0 | CVE-2015-1104 CONFIRM CONFIRM CONFIRM APPLE APPLE APPLE |
apple — apple_tv | The TCP implementation in the kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 does not properly implement the Urgent (aka out-of-band data) mechanism, which allows remote attackers to cause a denial of service via crafted packets. | 2015-04-10 | 5.0 | CVE-2015-1105 CONFIRM CONFIRM CONFIRM APPLE APPLE APPLE |
apple — apple_tv | The Podcasts component in Apple iOS before 8.3 and Apple TV before 7.2 allows remote attackers to discover unique identifiers by reading asset-download request data. | 2015-04-10 | 5.0 | CVE-2015-1110 CONFIRM CONFIRM APPLE APPLE |
apple — iphone_os | Safari in Apple iOS before 8.3 does not delete Recently Closed Tabs data in response to a history-clearing action, which allows attackers to obtain sensitive information by reading a history file. | 2015-04-10 | 5.0 | CVE-2015-1111 CONFIRM APPLE |
apple — safari | Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, as used on iOS before 8.3 and other platforms, does not properly delete browsing-history data from the history.plist file, which allows attackers to obtain sensitive information by reading this file. | 2015-04-10 | 5.0 | CVE-2015-1112 CONFIRM CONFIRM APPLE APPLE |
apple — apple_tv | libnetcore in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to cause a denial of service (memory corruption and application crash) via a crafted configuration profile. | 2015-04-10 | 5.0 | CVE-2015-1118 CONFIRM CONFIRM CONFIRM APPLE APPLE APPLE |
apple — apple_tv | WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-04-08-1, APPLE-SA-2015-04-08-3, and APPLE-SA-2015-04-08-4. | 2015-04-10 | 6.8 | CVE-2015-1119 CONFIRM CONFIRM CONFIRM APPLE APPLE APPLE |
apple — apple_tv | WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-04-08-1, APPLE-SA-2015-04-08-3, and APPLE-SA-2015-04-08-4. | 2015-04-10 | 6.8 | CVE-2015-1120 CONFIRM CONFIRM CONFIRM APPLE APPLE APPLE |
apple — apple_tv | WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-04-08-1, APPLE-SA-2015-04-08-3, and APPLE-SA-2015-04-08-4. | 2015-04-10 | 6.8 | CVE-2015-1121 CONFIRM CONFIRM CONFIRM APPLE APPLE APPLE |
apple — apple_tv | WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-04-08-1, APPLE-SA-2015-04-08-3, and APPLE-SA-2015-04-08-4. | 2015-04-10 | 6.8 | CVE-2015-1122 CONFIRM CONFIRM CONFIRM APPLE APPLE APPLE |
apple — apple_tv | WebKit, as used in Apple iOS before 8.3 and Apple TV before 7.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-04-08-3 and APPLE-SA-2015-04-08-4. | 2015-04-10 | 6.8 | CVE-2015-1123 CONFIRM CONFIRM APPLE APPLE |
apple — apple_tv | WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-04-08-1, APPLE-SA-2015-04-08-3, and APPLE-SA-2015-04-08-4. | 2015-04-10 | 6.8 | CVE-2015-1124 CONFIRM CONFIRM CONFIRM APPLE APPLE APPLE |
apple — iphone_os | The touch-events implementation in WebKit in Apple iOS before 8.3 allows remote attackers to trigger an association between a tap and an unintended web resource via a crafted web site. | 2015-04-10 | 4.3 | CVE-2015-1125 CONFIRM APPLE |
apple — safari | WebKit, as used in Apple iOS before 8.3 and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, does not properly handle the userinfo field in FTP URLs, which allows remote attackers to trigger incorrect resource access via unspecified vectors. | 2015-04-10 | 4.3 | CVE-2015-1126 CONFIRM CONFIRM APPLE APPLE |
apple — safari | The private-browsing implementation in Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5 allows attackers to obtain sensitive browsing-history information via vectors involving push-notification requests. | 2015-04-10 | 5.0 | CVE-2015-1128 CONFIRM APPLE |
apple — safari | Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5 does not properly select X.509 client certificates, which makes it easier for remote attackers to track users via a crafted web site. | 2015-04-10 | 4.3 | CVE-2015-1129 CONFIRM APPLE |
apple — mac_os_x | Use-after-free vulnerability in CoreAnimation in Apple OS X before 10.10.3 allows remote attackers to execute arbitrary code by leveraging improper use of a mutex. | 2015-04-10 | 6.8 | CVE-2015-1136 CONFIRM APPLE |
apple — mac_os_x | Hypervisor in Apple OS X before 10.10.3 allows local users to cause a denial of service via unspecified vectors. | 2015-04-10 | 4.9 | CVE-2015-1138 CONFIRM APPLE |
apple — mac_os_x | ImageIO in Apple OS X before 10.10.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted .sgi file. | 2015-04-10 | 6.8 | CVE-2015-1139 CONFIRM APPLE |
apple — mac_os_x | The mach_vm_read functionality in the kernel in Apple OS X before 10.10.3 allows local users to cause a denial of service (system crash) via unspecified vectors. | 2015-04-10 | 4.9 | CVE-2015-1141 CONFIRM APPLE |
apple — mac_os_x | Open Directory Client in Apple OS X before 10.10.3 sends unencrypted password-change requests in certain circumstances involving missing certificates, which allows remote attackers to obtain sensitive information by sniffing the network. | 2015-04-10 | 5.0 | CVE-2015-1147 CONFIRM APPLE |
apple — mac_os_x | Screen Sharing in Apple OS X before 10.10.3 stores the password of a user in a log file, which might allow context-dependent attackers to obtain sensitive information by reading this file. | 2015-04-10 | 5.0 | CVE-2015-1148 CONFIRM APPLE |
arj_software — arj_archiver | Open-source ARJ archiver 3.10.22 allows remote attackers to conduct directory traversal attacks via a symlink attack in an ARJ archive. | 2015-04-08 | 5.8 | CVE-2015-0556 CONFIRM MLIST MLIST DEBIAN |
arj_software — arj_archiver | Open-source ARJ archiver 3.10.22 does not properly remove leading slashes from paths, which allows remote attackers to conduct absolute path traversal attacks and write to arbitrary files via multiple leading slashes in a path in an ARJ archive. | 2015-04-08 | 5.8 | CVE-2015-0557 CONFIRM MLIST MLIST DEBIAN |
bblog_project — bblog | Cross-site request forgery (CSRF) vulnerability in bBlog allows remote attackers to hijack the authentication of arbitrary users. | 2015-04-07 | 6.8 | CVE-2015-0905 MISC JVNDB JVN |
cisco — unified_communications_domain_manager | Cisco Unified Communications Domain Manager 8.1(4) allows remote authenticated users to execute arbitrary code by visiting a “deprecated page,” aka Bug ID CSCup90168. | 2015-04-03 | 6.5 | CVE-2015-0682 SECTRACK CISCO |
cisco — unified_communications_domain_manager | Cisco Unified Communications Domain Manager 8.1(4) allows remote authenticated users to obtain sensitive information via a file-inclusion attack, aka Bug ID CSCup94744. | 2015-04-03 | 4.0 | CVE-2015-0683 SECTRACK CISCO |
cisco — unified_communications_domain_manager | SQL injection vulnerability in the Image Management component in Cisco Unified Communications Domain Manager 8.1(4) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuq52515. | 2015-04-03 | 6.5 | CVE-2015-0684 SECTRACK CISCO |
cisco — wireless_lan_controller_software | Cross-site scripting (XSS) vulnerability in the HTML help system on Cisco Wireless LAN Controller (WLC) devices before 8.0 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCun95178. | 2015-04-06 | 4.3 | CVE-2015-0690 SECTRACK CISCO |
emc — powerpath_virtual_appliance | EMC PowerPath Virtual Appliance (aka vApp) before 2.0 has default passwords for the (1) emcupdate and (2) svcuser accounts, which makes it easier for remote attackers to obtain potentially sensitive information via a login session. | 2015-04-04 | 5.0 | CVE-2015-0529 BUGTRAQ MISC |
ericsson — drutt_mobile_service_delivery_platform | Multiple cross-site scripting (XSS) vulnerabilities in the Report Viewer in Ericsson Drutt Mobile Service Delivery Platform (MSDP) 4, 5, and 6 allow remote attackers to inject arbitrary web script or HTML via the (1) portal, (2) fromDate, (3) toDate, (4) fromTime, (5) toTime, (6) kword, (7) uname, (8) pname, (9) sname, (10) atype, or (11) atitle parameter to top-links.jsp; (12) portal or (13) uid parameter to (a) page-summary.jsp or (b) service-summary.jsp; (14) portal, (15) fromDate, (16) toDate, (17) fromTime, (18) toTime, (19) sortDirection, (20) kword, (21) uname, (22) pname, (23) sname, (24) file, (25) atype, or (26) atitle parameter to (a) top-useragent-devices.jsp or (b) top-interest-areas.jsp; (27) fromDate, (28) toDate, (29) fromTime, (30) toTime, (31) sortDirection, (32) kword, (33) uname, (34) pname, (35) sname, (36) file, (37) atype, or (38) atitle parameter to top-message-services.jsp; (39) portal, (40) fromDate, (41) toDate, (42) fromTime, (43) toTime, (44) orderBy, (45) sortDirection, (46) kword, (47) uname, (48) pname, (49) sname, (50) file, (51) atype, or (52) atitle parameter to (a) user-statistics.jsp, (b) top-web-pages.jsp, (c) top-devices.jsp, (d) top-pages.jsp, (e) session-summary.jsp, (f) top-providers.jsp, (g) top-modules.jsp, or (h) top-services.jsp; (53) fromDate, (54) toDate, (55) fromTime, (56) toTime, (57) orderBy, (58) sortDirection, (59) uid, (60) uid2, (61) kword, (62) uname, (63) pname, (64) sname, (65) file, (66) atype, or (67) atitle parameter to message-shortcode-summary.jsp; (68) fromDate, (69) toDate, (70) fromTime, (71) toTime, (72) orderBy, (73) sortDirection, (74) uid, (75) kword, (76) uname, (77) pname, (78) sname, (79) file, (80) atype, or (81) atitle parameter to (a) message-providers-summary.jsp or (b) message-services-summary.jsp; (82) kword, (83) uname, (84) pname, (85) sname, (86) file, (87) atype, or (88) atitle parameter to license-summary.jsp; (89) portal, (90) fromDate, (91) toDate, (92) fromTime, (93) toTime, (94) orderBy, (95) sortDirection, (96) uid, (97) uid2, (98) kword, (99) uname, (100) pname, (101) sname, (102) file, (103) atype, or (104) atitle parameter to useragent-device-summary.jsp; (105) fromDate, (106) toDate, (107) fromTime, (108) toTime, (109) orderBy, (110) sortDirection, (111) kword, (112) uname, (113) pname, (114) sname, (115) file, (116) atype, or (117) atitle parameter to (a) top-message-providers.jsp, (b) top-message-devices.jsp, (c) top-message-assets.jsp, (d) top-message-downloads.jsp, or (e) top-message-shortcode.jsp; (118) fromDate, (119) toDate, (120) fromTime, (121) toTime, (122) kword, (123) uname, (124) pname, (125) sname, (126) file, (127) atype, or (128) atitle parameter to request-summary.jsp; (129) portal parameter to link-summary-select.jsp, (130) provider-summary-select.jsp, or (131) module-summary-select.jsp; (132) portal, (133) uid, (134) kword, (135) uname, (136) pname, (137) sname, (138) file, (139) atype, or (140) atitle parameter to link-summary.jsp; (141) portal, (142) fromDate, (143) toDate, (144) fromTime, (145) toTime, (146) orderBy, (147) sortDirection, (148) uid, (149) kword, (150) uname, (151) pname, (152) sname, (153) file, (154) atype, or (155) atitle parameter to (a) provider-summary.jsp or (b) module-summary.jsp in reports/pages/. | 2015-04-06 | 4.3 | CVE-2015-2165 MISC |
ericsson — drutt_mobile_service_delivery_platform | Directory traversal vulnerability in the Instance Monitor in Ericsson Drutt Mobile Service Delivery Platform (MSDP) 4, 5, and 6 allows remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the default URI. | 2015-04-06 | 5.0 | CVE-2015-2166 MISC |
ericsson — drutt_mobile_service_delivery_platform | Open redirect vulnerability in the 3PI Manager in Ericsson Drutt Mobile Service Delivery Platform (MSDP) 4, 5, and 6 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter to jsp/start-3pi-manager.jsp. | 2015-04-06 | 5.8 | CVE-2015-2167 MISC |
gnu — glibc | The ADDW macro in stdio-common/vfscanf.c in the GNU C Library (aka glibc or libc6) before 2.21 does not properly consider data-type size during a risk-management decision for use of the alloca function, which might allow context-dependent attackers to cause a denial of service (segmentation violation) or overwrite memory locations beyond the stack boundary via a long line containing wide characters that are improperly handled in a wscanf call. | 2015-04-08 | 6.4 | CVE-2015-1473 CONFIRM MLIST |
ibm — websphere_datapower_xc10_appliance_firmware | The IBM WebSphere DataPower XC10 appliance 2.1 before 2.1.0.3 allows remote attackers to hijack the sessions of arbitrary users, and consequently obtain sensitive information or modify data, via unspecified vectors. | 2015-04-05 | 6.8 | CVE-2015-1893 CONFIRM SECTRACK AIXAPAR |
mcafee — advanced_threat_defense | McAfee Advanced Threat Defense (MATD) before 3.4.4.63 allows remote authenticated users to bypass intended restrictions and change or update configuration settings via crafted parameters. | 2015-04-08 | 5.5 | CVE-2015-3028 CONFIRM |
mcafee — advanced_threat_defense | The web interface in McAfee Advanced Threat Defense (MATD) before 3.4.4.63 does not properly restrict access, which allows remote authenticated users to obtain sensitive information via unspecified vectors. | 2015-04-08 | 4.0 | CVE-2015-3029 CONFIRM |
mcafee — advanced_threat_defense | The web interface in McAfee Advanced Threat Defense (MATD) before 3.4.4.63 allows remote authenticated users to obtain sensitive configuration information via unspecified vectors. | 2015-04-08 | 4.0 | CVE-2015-3030 CONFIRM |
mozilla — firefox | The Reader mode feature in Mozilla Firefox before 37.0.1 on Android, and Desktop Firefox pre-release, does not properly handle privileged URLs, which makes it easier for remote attackers to execute arbitrary JavaScript code with chrome privileges by leveraging the ability to bypass the Same Origin Policy. | 2015-04-08 | 5.0 | CVE-2015-0798 CONFIRM CONFIRM |
mozilla — firefox | The HTTP Alternative Services feature in Mozilla Firefox before 37.0.1 allows man-in-the-middle attackers to bypass an intended X.509 certificate-verification step for an SSL server by specifying that server in the uri-host field of an Alt-Svc HTTP/2 response header. | 2015-04-08 | 4.3 | CVE-2015-0799 CONFIRM CONFIRM |
ntp — ntp | The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP 3.x and 4.x before 4.2.8p2 performs state-variable updates upon receiving certain invalid packets, which makes it easier for man-in-the-middle attackers to cause a denial of service (synchronization loss) by spoofing the source IP address of a peer. | 2015-04-08 | 4.3 | CVE-2015-1799 CERT-VN CONFIRM CONFIRM |
pfsense — pfsense | Cross-site request forgery (CSRF) vulnerability in system_firmware_restorefullbackup.php in the WebGUI in pfSense before 2.2.1 allows remote attackers to hijack the authentication of administrators for requests that delete arbitrary files via the deletefile parameter. | 2015-04-10 | 6.8 | CVE-2015-2295 CONFIRM MISC BUGTRAQ MISC |
qualiteam — x-cart | Cross-site scripting (XSS) vulnerability in admin.php in X-Cart 5.1.6 through 5.1.10 allows remote attackers to inject arbitrary web script or HTML via the substring parameter. | 2015-04-04 | 4.3 | CVE-2015-0950 CERT-VN CONFIRM |
qualiteam — x-cart | X-Cart before 5.1.11 allows remote authenticated users to read or delete address data of arbitrary accounts via a modified (1) update or (2) remove request. | 2015-04-04 | 6.5 | CVE-2015-0951 CERT-VN CONFIRM |
quassel-irc — quassel | Quassel before 0.12-rc1 uses an incorrect data-type size when splitting a message, which allows remote attackers to cause a denial of service (crash) via a long CTCP query containing only multibyte characters. | 2015-04-10 | 5.0 | CVE-2015-2778 CONFIRM MLIST MLIST MLIST SUSE |
redhat — docker | The Red Hat docker package before 1.5.0-28, when using the –add-registry option, falls back to HTTP when the HTTPS connection to the registry fails, which allows man-in-the-middle attackers to conduct downgrade attacks and obtain authentication and image data by leveraging a network position between the client and the registry to block HTTPS traffic. NOTE: this vulnerability exists because of a CVE-2014-5277 regression. | 2015-04-06 | 4.3 | CVE-2015-1843 CONFIRM REDHAT |
saurus — saurus_cms | Multiple cross-site scripting (XSS) vulnerabilities in the print_language_selectbox function in classes/adminpage.inc.php in Saurus CMS Community Edition before 4.7 2015-02-04 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2015-04-06 | 4.3 | CVE-2015-0876 CONFIRM JVNDB JVN |
schneider-electric — vampset | Multiple buffer overflows in Schneider Electric VAMPSET before 2.2.168 allow local users to gain privileges via malformed disturbance-recording data in a (1) CFG or (2) DAT file. | 2015-04-03 | 4.4 | CVE-2014-8390 MISC CONFIRM BUGTRAQ MISC |
siemens — simatic_step_7 | Siemens SIMATIC STEP 7 (TIA Portal) 12 and 13 before 13 SP1 Upd1 allows man-in-the-middle attackers to obtain sensitive information or modify transmitted data via unspecified vectors. | 2015-04-05 | 6.8 | CVE-2015-1601 CONFIRM |
siemens — wincc | Siemens SIMATIC HMI Comfort Panels before WinCC (TIA Portal) 13 SP1 Upd2 and SIMATIC WinCC Runtime Advanced before WinCC (TIA Portal) 13 SP1 Upd2 allow man-in-the-middle attackers to cause a denial of service via crafted packets on TCP port 102. | 2015-04-08 | 4.3 | CVE-2015-2822 CONFIRM |
siemens — wincc | Siemens SIMATIC HMI Basic Panels 2nd Generation before WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC HMI Comfort Panels before WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC WinCC Runtime Advanced before WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC WinCC Runtime Professional before WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC HMI Basic Panels 1st Generation (WinCC TIA Portal), SIMATIC HMI Mobile Panel 277 (WinCC TIA Portal), SIMATIC HMI Multi Panels (WinCC TIA Portal), and SIMATIC WinCC 7.x before 7.3 Upd4 allow remote attackers to complete authentication by leveraging knowledge of a password hash without knowledge of the associated password. | 2015-04-08 | 6.8 | CVE-2015-2823 CONFIRM |
Low Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
apple — iphone_os | AppleKeyStore in Apple iOS before 8.3 does not properly restrict a certain passcode-confirmation interface, which makes it easier for attackers to verify correct passcode guesses via a crafted app. | 2015-04-10 | 1.9 | CVE-2015-1085 CONFIRM APPLE |
apple — iphone_os | Directory traversal vulnerability in Backup in Apple iOS before 8.3 allows attackers to read arbitrary files via a crafted relative path. | 2015-04-10 | 2.1 | CVE-2015-1087 CONFIRM APPLE |
apple — iphone_os | The QuickType feature in the Keyboards subsystem in Apple iOS before 8.3 allows physically proximate attackers to discover passcodes by reading the lock screen during use of a Bluetooth keyboard. | 2015-04-10 | 2.1 | CVE-2015-1106 CONFIRM APPLE |
apple — iphone_os | The Lock Screen component in Apple iOS before 8.3 does not properly implement the erasure feature for incorrect passcode-authentication attempts, which makes it easier for physically proximate attackers to obtain access by making many passcode guesses. | 2015-04-10 | 1.9 | CVE-2015-1107 CONFIRM APPLE |
apple — iphone_os | The Lock Screen component in Apple iOS before 8.3 does not properly enforce the limit on incorrect passcode-authentication attempts, which makes it easier for physically proximate attackers to obtain access by making many passcode guesses. | 2015-04-10 | 2.1 | CVE-2015-1108 CONFIRM APPLE |
apple — iphone_os | NetworkExtension in Apple iOS before 8.3 stores credentials in VPN configuration logs, which makes it easier for physically proximate attackers to obtain sensitive information by reading a log file. | 2015-04-10 | 2.1 | CVE-2015-1109 CONFIRM APPLE |
apple — iphone_os | The UIKit View component in Apple iOS before 8.3 displays unblurred application snapshots in the Task Switcher, which makes it easier for physically proximate attackers to obtain sensitive information by reading the device screen. | 2015-04-10 | 2.1 | CVE-2015-1116 CONFIRM APPLE |
apple — safari | The private-browsing implementation in WebKit in Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5 places browsing history into an index, which might allow local users to obtain sensitive information by reading index entries. | 2015-04-10 | 2.1 | CVE-2015-1127 CONFIRM APPLE |
apple — mac_os_x | LaunchServices in Apple OS X before 10.10.3 allows local users to cause a denial of service (Finder crash) via crafted localization data. | 2015-04-10 | 2.1 | CVE-2015-1142 CONFIRM APPLE |
apple — mac_os_x | The Code Signing implementation in Apple OS X before 10.10.3 does not properly validate signatures, which allows local users to bypass intended access restrictions via a crafted bundle, a different vulnerability than CVE-2015-1146. | 2015-04-10 | 1.9 | CVE-2015-1145 CONFIRM APPLE |
apple — mac_os_x | The Code Signing implementation in Apple OS X before 10.10.3 does not properly validate signatures, which allows local users to bypass intended access restrictions via a crafted bundle, a different vulnerability than CVE-2015-1145. | 2015-04-10 | 1.9 | CVE-2015-1146 CONFIRM APPLE |
ca — spectrum | Cross-site scripting (XSS) vulnerability in CA Spectrum 9.2.x and 9.3.x before 9.3 H02 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 2015-04-07 | 3.5 | CVE-2015-2827 CONFIRM |
freebsd — freebsd | The bsdinstall installer in FreeBSD 10.x before 10.1 p9, when configuring full disk encrypted ZFS, uses world-readable permissions for the GELI keyfile (/boot/encryption.key), which allows local users to obtain sensitive key information by reading the file. | 2015-04-10 | 2.1 | CVE-2015-1415 FREEBSD SECTRACK BUGTRAQ MISC |
hp — intelligent_provisioning | Unspecified vulnerability in HP Intelligent Provisioning 1.40 through 1.60 on Windows Server 2008 R2 and 2012 allows local users to obtain sensitive information via unknown vectors. | 2015-04-03 | 2.1 | CVE-2015-2111 HP |
ibm — general_parallel_file_system | /usr/lpp/mmfs/bin/gpfs.snap in IBM General Parallel File System (GPFS) 4.1 before 4.1.0.7 produces an archive potentially containing cleartext keys, and lacks a warning about reviewing this archive to detect included keys, which might allow remote attackers to obtain sensitive information by leveraging access to a technical-support data stream. | 2015-04-05 | 3.5 | CVE-2015-1890 CONFIRM |
ntp — ntp | The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p2 requires a correct MAC only if the MAC field has a nonzero length, which makes it easier for man-in-the-middle attackers to spoof packets by omitting the MAC. | 2015-04-08 | 1.8 | CVE-2015-1798 CERT-VN CONFIRM CONFIRM |
siemens — simatic_step_7 | Siemens SIMATIC STEP 7 (TIA Portal) 12 and 13 before 13 SP1 Upd1 improperly stores password data within project files, which makes it easier for local users to determine cleartext (1) protection-level passwords or (2) web-server passwords by leveraging the ability to read these files. | 2015-04-05 | 2.1 | CVE-2015-1602 CONFIRM |
xen — xen | drivers/xen/usbback/usbback.c in linux-2.6.18-xen-3.4.0 (aka the Xen 3.4.x support patches for the Linux kernel 2.6.18), as used in the Linux kernel 2.6.x and 3.x in SUSE Linux distributions, allows guest OS users to obtain sensitive information from uninitialized locations in host OS kernel memory via unspecified vectors. | 2015-04-05 | 2.1 | CVE-2015-0777 CONFIRM SUSE |
This product is provided subject to this Notification and this Privacy & Use policy.