Original release date: May 25, 2015
The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.
The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
-
High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0
-
Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9
-
Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9
Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.
High Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| cisco — unified_communications_manager | Cisco Unified Communications Manager 10.0(1.10000.12) allows local users to gain privileges via a command string in an unspecified parameter, aka Bug ID CSCut19546. | 2015-05-16 | 7.2 | CVE-2015-0717 CISCO |
| dell — sonicwall_analyzer | The GMS ViewPoint (GMSVP) web application in Dell Sonicwall GMS, Analyzer, and UMA EM5000 before 7.2 SP4 allows remote authenticated users to execute arbitrary commands via vectors related to configuration. | 2015-05-20 | 9.0 | CVE-2015-3990 CONFIRM MISC |
| docker — docker | Libcontainer and Docker Engine before 1.6.1 opens the file-descriptor passed to the pid-1 process before performing the chroot, which allows local users to gain privileges via a symlink attack in an image. | 2015-05-18 | 7.2 | CVE-2015-3627 CONFIRM FULLDISC MISC |
| docker — libcontainer | Libcontainer 1.6.0, as used in Docker Engine, allows local users to escape containerization (“mount namespace breakout”) and write to arbitrary file on the host system via a symlink attack in an image when respawning a container. | 2015-05-18 | 7.2 | CVE-2015-3629 CONFIRM FULLDISC MISC |
| docker — docker | Docker Engine before 1.6.1 uses weak permissions for (1) /proc/asound, (2) /proc/timer_stats, (3) /proc/latency_stats, and (4) /proc/fs, which allows local users to modify the host, obtain sensitive information, and perform protocol downgrade attacks via a crafted image. | 2015-05-18 | 7.2 | CVE-2015-3630 CONFIRM FULLDISC MISC |
| gns3 — gns3 | Untrusted search path vulnerability in GNS3 before 1.2.3 allows local users to gain privileges via a Trojan horse uuid.dll in an unspecified directory. | 2015-05-18 | 7.2 | CVE-2015-2667 MISC |
| google — chrome | common/partial_circular_buffer.cc in Google Chrome before 43.0.2357.65 does not properly handle wraps, which allows remote attackers to bypass a sandbox protection mechanism or cause a denial of service (out-of-bounds write) via vectors that trigger a write operation with a large amount of data, related to the PartialCircularBuffer::Write and PartialCircularBuffer::DoWrite functions. | 2015-05-20 | 7.5 | CVE-2015-1252 CONFIRM CONFIRM CONFIRM |
| google — chrome | core/html/parser/HTMLConstructionSite.cpp in the DOM implementation in Blink, as used in Google Chrome before 43.0.2357.65, allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code that appends a child to a SCRIPT element, related to the insert and executeReparentTask functions. | 2015-05-20 | 7.5 | CVE-2015-1253 CONFIRM CONFIRM CONFIRM |
| google — chrome | Use-after-free vulnerability in the SVG implementation in Blink, as used in Google Chrome before 43.0.2357.65, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document that leverages improper handling of a shadow tree for a use element. | 2015-05-20 | 7.5 | CVE-2015-1256 CONFIRM CONFIRM CONFIRM CONFIRM |
| google — chrome | platform/graphics/filters/FEColorMatrix.cpp in the SVG implementation in Blink, as used in Google Chrome before 43.0.2357.65, does not properly handle an insufficient number of values in an feColorMatrix filter, which allows remote attackers to cause a denial of service (container overflow) or possibly have unspecified other impact via a crafted document. | 2015-05-20 | 7.5 | CVE-2015-1257 CONFIRM CONFIRM CONFIRM CONFIRM |
| google — chrome | Google Chrome before 43.0.2357.65 relies on libvpx code that was not built with an appropriate –size-limit value, which allows remote attackers to trigger a negative value for a size field, and consequently cause a denial of service or possibly have unspecified other impact, via a crafted frame size in VP9 video data. | 2015-05-20 | 7.5 | CVE-2015-1258 CONFIRM CONFIRM CONFIRM |
| google — chrome | PDFium, as used in Google Chrome before 43.0.2357.65, does not properly initialize memory, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | 2015-05-20 | 7.5 | CVE-2015-1259 CONFIRM CONFIRM |
| google — chrome | Multiple use-after-free vulnerabilities in content/renderer/media/user_media_client_impl.cc in the WebRTC implementation in Google Chrome before 43.0.2357.65 allow remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that executes upon completion of a getUserMedia request. | 2015-05-20 | 7.5 | CVE-2015-1260 CONFIRM CONFIRM CONFIRM |
| google — chrome | platform/fonts/shaping/HarfBuzzShaper.cpp in Blink, as used in Google Chrome before 43.0.2357.65, does not initialize a certain width field, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted Unicode text. | 2015-05-20 | 7.5 | CVE-2015-1262 CONFIRM CONFIRM CONFIRM |
| google — chrome | Multiple unspecified vulnerabilities in Google Chrome before 43.0.2357.65 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | 2015-05-20 | 7.5 | CVE-2015-1265 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
| google — chrome | Multiple unspecified vulnerabilities in Google V8 before 4.3.61.21, as used in Google Chrome before 43.0.2357.65, allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | 2015-05-20 | 7.5 | CVE-2015-3910 CONFIRM |
| hancom — hanword_viewer_2007 | Integer overflow in the HwpApp::CHncSDS_Manager function in Hancom Office HanWord processor, as used in Hwp 2014 VP before 9.1.0.2342, HanWord Viewer 2007 and Viewer 2010 8.5.6.1158, and HwpViewer 2014 VP 9.1.0.2186, allows remote attackers to cause a denial of service (crash) and possibly “influence the program’s execution flow” via a document with a large paragraph size, which triggers heap corruption. | 2015-05-15 | 7.5 | CVE-2015-2810 BUGTRAQ |
| huawei — e587_mobile_wifi_firmware | Huawei E587 Mobile WiFi with firmware before 11.203.30.00.00 allows remote attackers to bypass authentication, change configurations, send messages, and cause a denial of service (device restart) via unspecified vectors. | 2015-05-21 | 9.0 | CVE-2015-3911 BID CONFIRM |
| ibm — domino | Stack-based buffer overflow in IBM Domino 8.5 before 8.5.3 FP6 IF7 and 9.0 before 9.0.1 FP3 IF3 allows remote attackers to execute arbitrary code via a crafted BMP image, aka SPR KLYH9TSMLA. | 2015-05-20 | 10.0 | CVE-2015-1902 CONFIRM |
| ibm — domino | Stack-based buffer overflow in IBM Domino 8.5 before 8.5.3 FP6 IF7 and 9.0 before 9.0.1 FP3 IF3 allows remote attackers to execute arbitrary code via a crafted BMP image, aka SPR KLYH9TSN3Y. | 2015-05-20 | 10.0 | CVE-2015-1903 CONFIRM |
| ibm — websphere_application_server | IBM WebSphere Application Server (WAS) 6.1 through 6.1.0.47, 7.0 before 7.0.0.39, 8.0 before 8.0.0.11, and 8.5 before 8.5.5.6 allows remote attackers to execute arbitrary code by sending crafted instructions in a management-port session. | 2015-05-19 | 10.0 | CVE-2015-1920 CONFIRM AIXAPAR |
| infocus — in3128hd_firmware | The InFocus IN3128HD projector with firmware 0.26 allows remote attackers to bypass authentication via a direct request to main.html. | 2015-05-18 | 10.0 | CVE-2014-8383 MISC FULLDISC MISC |
| infocus — in3128hd_firmware | The InFocus IN3128HD projector with firmware 0.26 does not restrict access to cgi-bin/webctrl.cgi.elf, which allows remote attackers to modify the DHCP server and device IP configuration, reboot the device, change the device name, and have other unspecified impact via a crafted request. | 2015-05-18 | 9.4 | CVE-2014-8384 MISC FULLDISC MISC |
| kcodes — netusb | Stack-based buffer overflow in the run_init_sbus function in the KCodes NetUSB module for the Linux kernel, as used in certain NETGEAR products, TP-LINK products, and other products, allows remote attackers to execute arbitrary code by providing a long computer name in a session on TCP port 20005. | 2015-05-20 | 10.0 | CVE-2015-3036 CERT-VN MISC MISC |
| libuv_project — libuv | libuv before 0.10.34 does not properly drop group privileges, which allows context-dependent attackers to gain privileges via unspecified vectors. | 2015-05-18 | 10.0 | CVE-2015-0278 FEDORA CONFIRM CONFIRM CONFIRM MANDRIVA CONFIRM |
| module-signature_project — module-signature | Module::Signature before 0.74 allows remote attackers to execute arbitrary shell commands via a crafted SIGNATURE file which is not properly handled when generating checksums from a signed manifest. | 2015-05-19 | 10.0 | CVE-2015-3408 CONFIRM CONFIRM MLIST MLIST UBUNTU |
| module-signature_project — module-signature | Untrusted search path vulnerability in Module::Signature before 0.75 allows local users to gain privileges via a Trojan horse module under the current working directory, as demonstrated by a Trojan horse Text::Diff module. | 2015-05-19 | 7.2 | CVE-2015-3409 CONFIRM CONFIRM MLIST MLIST UBUNTU |
| oscmax — oscmax | Multiple SQL injection vulnerabilities in the admin panel in osCMax before 2.5.1 allow (1) remote attackers to execute arbitrary SQL commands via the username parameter in a process action to admin/login.php or (2) remote administrators to execute arbitrary SQL commands via the status parameter to admin/stats_monthly_sales.php or (3) country parameter in a process action to admin/create_account_process.php. | 2015-05-20 | 7.5 | CVE-2012-1665 MISC OSVDB OSVDB OSVDB CONFIRM CONFIRM BUGTRAQ |
| powerdns — authoritative | The label decompression functionality in PowerDNS Recursor 3.5.x, 3.6.x before 3.6.3, and 3.7.x before 3.7.2 and Authoritative (Auth) Server 3.2.x, 3.3.x before 3.3.2, and 3.4.x before 3.4.4 allows remote attackers to cause a denial of service (CPU consumption or crash) via a request with a name that refers to itself. | 2015-05-18 | 7.8 | CVE-2015-1868 SECTRACK FEDORA FEDORA FEDORA FEDORA FEDORA FEDORA |
| proftpd — proftpd | The mod_copy module in ProFTPD 1.3.5 allows remote attackers to read and write to arbitrary files via the site cpfr and site cpto commands. | 2015-05-18 | 10.0 | CVE-2015-3306 EXPLOIT-DB EXPLOIT-DB FEDORA FEDORA FEDORA |
| swisscom — centro_grande_(adb)_dsl_firmware | The certificate verification functions in the HNDS service in Swisscom Centro Grande (ADB) DSL routers with firmware before 6.14.00 allows remote attackers to access the management functions via unknown vectors. | 2015-05-20 | 10.0 | CVE-2015-1188 FULLDISC |
| unzoo — unzoo | Buffer overflow in the EntrReadArch function in unzoo might allow remote attackers to execute arbitrary code via unspecified vectors. | 2015-05-19 | 10.0 | CVE-2015-1845 MISC MLIST |
| unzoo — unzoo | unzoo allows remote attackers to cause a denial of service (infinite loop and resource consumption) via unspecified vectors to the (1) ExtrArch or (2) ListArch function, related to pointer handling. | 2015-05-19 | 7.8 | CVE-2015-1846 MISC MLIST |
| wpsymposium — wp_symposium | SQL injection vulnerability in forum.php in the WP Symposium plugin before 15.4 for WordPress allows remote attackers to execute arbitrary SQL commands via the show parameter in the QUERY_STRING to the default URI. | 2015-05-15 | 7.5 | CVE-2015-3325 MISC |
Medium Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| apple — safari | The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the “Logjam” issue. | 2015-05-20 | 4.3 | CVE-2015-4000 CONFIRM CONFIRM MISC MISC MISC MLIST |
| cacti — cacti | SQL injection vulnerability in graph.php in Cacti before 0.8.6f allows remote authenticated users to execute arbitrary SQL commands via the local_graph_id parameter, a different vulnerability than CVE-2007-6035. | 2015-05-21 | 6.5 | CVE-2015-0916 MISC JVNDB JVN |
| cisco — wireless_lan_controller_software | The wireless web-authentication subsystem on Cisco Wireless LAN Controller (WLC) devices 7.5.x and 7.6.x before 7.6.120 allows remote attackers to cause a denial of service (process crash and device restart) via a crafted value, aka Bug ID CSCum03269. | 2015-05-16 | 6.1 | CVE-2015-0723 CISCO |
| cisco — wireless_lan_controller_software | The web administration interface on Cisco Wireless LAN Controller (WLC) devices before 7.0.241, 7.1.x through 7.4.x before 7.4.122, and 7.5.x and 7.6.x before 7.6.120 allows remote authenticated users to cause a denial of service (device crash) via unspecified parameters, aka Bug IDs CSCum65159 and CSCum65252. | 2015-05-16 | 6.8 | CVE-2015-0726 CISCO |
| cisco — secure_access_control_server | Cross-site scripting (XSS) vulnerability in Cisco Secure Access Control Server Solution Engine (ACSE) 5.5(0.1) allows remote attackers to inject arbitrary web script or HTML via a file-inclusion attack, aka Bug ID CSCuu11005. | 2015-05-16 | 4.3 | CVE-2015-0729 CISCO |
| cisco — wide_area_application_services | The SMB module in Cisco Wide Area Application Services (WAAS) 6.0(1) allows remote attackers to cause a denial of service (module reload) via an invalid field in a Negotiate Protocol request, aka Bug ID CSCuo75645. | 2015-05-16 | 5.0 | CVE-2015-0730 CISCO |
| cisco — ios | The ISDN implementation in Cisco IOS 15.3S allows remote attackers to cause a denial of service (device reload) via malformed Q931 SETUP messages, aka Bug ID CSCut37890. | 2015-05-15 | 6.1 | CVE-2015-0731 CISCO |
| cisco — unified_customer_voice_portal | Cross-site request forgery (CSRF) vulnerability in Cisco Unified Customer Voice Portal (CVP) 10.5(1) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCut93970. | 2015-05-16 | 6.8 | CVE-2015-0735 CISCO |
| cisco — mediasense | Cross-site request forgery (CSRF) vulnerability in Cisco MediaSense 10.5(1) and earlier allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuu16728. | 2015-05-15 | 6.8 | CVE-2015-0736 CISCO |
| cisco — web_security_appliance | Cross-site scripting (XSS) vulnerability in the Web Tracking Report page on Cisco Web Security Appliance (WSA) devices 8.5.0-497 allows remote attackers to inject arbitrary web script or HTML via an unspecified field, aka Bug ID CSCuu16008. | 2015-05-16 | 4.3 | CVE-2015-0738 CISCO |
| cisco — firesight_system_software | The Lights-Out Management (LOM) implementation in Cisco FireSIGHT System Software 5.3.0 on Sourcefire 3D Sensor devices allows remote authenticated users to perform arbitrary Baseboard Management Controller (BMC) file uploads via unspecified vectors, aka Bug ID CSCus87938. | 2015-05-18 | 4.0 | CVE-2015-0739 CISCO |
| cisco — unified_intelligence_center | Cross-site request forgery (CSRF) vulnerability in Cisco Unified Intelligence Center 10.6(1) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCus28826. | 2015-05-19 | 6.8 | CVE-2015-0740 CISCO |
| cisco — hosted_collaboration_solution | Multiple cross-site request forgery (CSRF) vulnerabilities in Cisco Prime Central for Hosted Collaboration Solution (PC4HCS) 10.6(1) and earlier allow remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCut04596. | 2015-05-21 | 6.8 | CVE-2015-0741 CISCO |
| cisco — adaptive_security_appliance_software | The Protocol Independent Multicast (PIM) application in Cisco Adaptive Security Appliance (ASA) Software 9.2(0.0), 9.2(0.104), 9.2(3.1), 9.2(3.4), 9.3(1.105), 9.3(2.100), 9.4(0.115), 100.13(0.21), 100.13(20.3), 100.13(21.9), and 100.14(1.1) does not properly implement multicast-forwarding registration, which allows remote attackers to cause a denial of service (forwarding outage) via a crafted multicast packet, aka Bug ID CSCus74398. | 2015-05-21 | 5.0 | CVE-2015-0742 CISCO |
| cisco — secure_access_control_server | The REST API in Cisco Access Control Server (ACS) 5.5(0.46.2) allows remote attackers to cause a denial of service (API outage) by sending many requests, aka Bug ID CSCut62022. | 2015-05-21 | 5.0 | CVE-2015-0746 CISCO |
| concrete5 — concrete5 | Multiple cross-site scripting (XSS) vulnerabilities in concrete5 before 5.7.4 allow remote attackers to inject arbitrary web script or HTML via the (1) banned_word[] parameter to index.php/dashboard/system/conversations/bannedwords/success, (2) channel parameter to index.php/dashboard/reports/logs/view, (3) accessType parameter to index.php/tools/required/permissions/access_entity, (4) msCountry parameter to index.php/dashboard/system/multilingual/setup/load_icon, arHandle parameter to (5) design/submit or (6) design in index.php/ccm/system/dialogs/area/design/submit, (7) pageURL to index.php/dashboard/pages/single, (8) SEARCH_INDEX_AREA_METHOD parameter to index.php/dashboard/system/seo/searchindex/updated, (9) unit parameter to index.php/dashboard/system/optimization/jobs/job_scheduled, (10) register_notification_email parameter to index.php/dashboard/system/registration/open/1, or (11) PATH_INFO to index.php/dashboard/extend/connect/. | 2015-05-15 | 4.3 | CVE-2015-2250 CONFIRM MISC BUGTRAQ FULLDISC MISC |
| concrete5 — concrete5 | Multiple cross-site scripting (XSS) vulnerabilities in concrete5 before 5.7.4 allow remote attackers to inject arbitrary web script or HTML via vectors related to private messages or other unspecified vectors. | 2015-05-15 | 4.3 | CVE-2015-3989 CONFIRM |
| dcraw_project — dcraw | Integer overflow in the ljpeg_start function in dcraw 7.00 and earlier allows remote attackers to cause a denial of service (crash) via a crafted image, which triggers a buffer overflow, related to the len variable. | 2015-05-19 | 4.3 | CVE-2015-3885 MISC CONFIRM CONFIRM BID BUGTRAQ |
| feedwordpress_project — feedwordpress | SQL injection vulnerability in feedwordpresssyndicationpage.class.php in the FeedWordPress plugin before 2015.0514 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the link_ids[] parameter in an Update action in the syndication.php page to wp-admin/admin.php. | 2015-05-21 | 6.5 | CVE-2015-4018 CONFIRM FULLDISC |
| google — chrome | Use-after-free vulnerability in the SpeechRecognitionClient implementation in the Speech subsystem in Google Chrome before 43.0.2357.65 allows remote attackers to execute arbitrary code via a crafted document. | 2015-05-20 | 6.8 | CVE-2015-1251 CONFIRM CONFIRM MISC |
| google — chrome | core/dom/Document.cpp in Blink, as used in Google Chrome before 43.0.2357.65, enables the inheritance of the designMode attribute, which allows remote attackers to bypass the Same Origin Policy by leveraging the availability of editing. | 2015-05-20 | 5.0 | CVE-2015-1254 CONFIRM CONFIRM CONFIRM |
| google — chrome | Use-after-free vulnerability in content/renderer/media/webaudio_capturer_source.cc in the WebAudio implementation in Google Chrome before 43.0.2357.65 allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact by leveraging improper handling of a stop action for an audio track. | 2015-05-20 | 6.8 | CVE-2015-1255 CONFIRM CONFIRM CONFIRM |
| google — chrome | android/java/src/org/chromium/chrome/browser/WebsiteSettingsPopup.java in Google Chrome before 43.0.2357.65 on Android does not properly restrict use of a URL’s fragment identifier during construction of a page-info popup, which allows remote attackers to spoof the URL bar or deliver misleading popup content via crafted text. | 2015-05-20 | 5.0 | CVE-2015-1261 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
| google — chrome | The Spellcheck API implementation in Google Chrome before 43.0.2357.65 does not use an HTTPS session for downloading a Hunspell dictionary, which allows man-in-the-middle attackers to deliver incorrect spelling suggestions or possibly have unspecified other impact via a crafted file. | 2015-05-20 | 4.3 | CVE-2015-1263 CONFIRM CONFIRM CONFIRM |
| google — chrome | Cross-site scripting (XSS) vulnerability in Google Chrome before 43.0.2357.65 allows user-assisted remote attackers to inject arbitrary web script or HTML via crafted data that is improperly handled by the Bookmarks feature. | 2015-05-20 | 4.3 | CVE-2015-1264 CONFIRM CONFIRM |
| huawei — seq_analyst | XML external entity (XXE) in Huawei SEQ Analyst before V200R002C03LG0001CP0022 allows remote authenticated users to read arbitrary files via the req parameter. | 2015-05-18 | 4.0 | CVE-2015-2346 FULLDISC |
| huawei — webui | Huawei E355s Mobile WiFi with firmware before 22.158.45.02.625 and WEBUI before 13.100.04.01.625 allows remote attackers to obtain sensitive configuration information by sniffing the network or sending unspecified commands. | 2015-05-21 | 5.0 | CVE-2015-3912 BID CONFIRM |
| ibm — license_metric_tool | The server in IBM License Metric Tool 7.2.2 before IF15 and 7.5 before IF24 and Tivoli Asset Discovery for Distributed 7.2.2 before IF15 and 7.5 before IF24 allows remote attackers to read arbitrary files or send TCP requests to intranet servers via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | 2015-05-20 | 6.4 | CVE-2014-8924 CONFIRM |
| ibm — websphere_mq | The cluster repository manager in IBM WebSphere MQ 7.5 before 7.5.0.5 and 8.0 before 8.0.0.2 allows remote authenticated administrators to cause a denial of service (memory overwrite and daemon outage) by triggering multiple transmit-queue records. | 2015-05-20 | 4.0 | CVE-2015-0189 CONFIRM AIXAPAR |
| module-signature_project — module-signature | Module::Signature before 0.74 allows remote attackers to bypass signature verification for files via a signature file that does not list the files. | 2015-05-19 | 5.0 | CVE-2015-3407 CONFIRM CONFIRM MLIST MLIST UBUNTU |
| oscmax — oscmax | Multiple cross-site scripting (XSS) vulnerabilities in the admin panel in osCMax before 2.5.1 allow remote attackers to inject arbitrary web script or HTML via the (1) username parameter in a process action to admin/login.php; (2) pageTitle, (3) current_product_id, or (4) cPath parameter to admin/new_attributes_include.php; (5) sb_id, (6) sb_key, (7) gc_id, (8) gc_key, or (9) path parameter to admin/htaccess.php; (10) title parameter to admin/information_form.php; (11) search parameter to admin/xsell.php; (12) gross or (13) max parameter to admin/stats_products_purchased.php; (14) status parameter to admin/stats_monthly_sales.php; (15) sorted parameter to admin/stats_customers.php; (16) information_id parameter to /admin/information_manager.php; or (17) zID parameter to /admin/geo_zones.php. | 2015-05-20 | 4.3 | CVE-2012-1664 CONFIRM MISC OSVDB OSVDB OSVDB OSVDB OSVDB OSVDB OSVDB OSVDB OSVDB OSVDB CONFIRM BUGTRAQ |
| oscmax — oscmax | Multiple cross-site request forgery (CSRF) vulnerabilities in the admin panel in osCMax before 2.5.1 allow remote attackers to hijack the authentication of administrators for requests that conduct SQL injection attacks via the (1) status parameter to admin/stats_monthly_sales.php or (2) country parameter in a process action to admin/create_account_process.php. | 2015-05-20 | 6.8 | CVE-2012-6691 MISC CONFIRM BUGTRAQ |
| rakus — maildealer | Cross-site scripting (XSS) vulnerability in RAKUS MailDealer 11.2.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted attachment filename. | 2015-05-21 | 4.3 | CVE-2015-0915 CONFIRM JVNDB JVN |
| realmd_project — realmd | realmd allows remote attackers to inject arbitrary configurations in to sssd.conf and smb.conf via a newline character in an LDAP response. | 2015-05-18 | 5.0 | CVE-2015-2704 CONFIRM FEDORA |
| rockwell — automation_rslinx_classic | Stack-based buffer overflow in OPCTest.exe in Rockwell Automation RSLinx Classic before 3.73.00 allows remote attackers to execute arbitrary code via a crafted CSV file. | 2015-05-16 | 6.9 | CVE-2014-9204 MISC MISC |
| seogento — seogento | Cross-site scripting (XSS) vulnerability in the SEOgento plugin for Magento allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | 2015-05-20 | 4.3 | CVE-2012-3243 BID |
| simple_php_agenda_project — simple_php_agenda | Multiple cross-site request forgery (CSRF) vulnerabilities in Simple PHP Agenda 2.2.8 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) add an administrator via a request to auth/process.php, (2) delete an administrator via a request to auth/admin/adminprocess.php, (3) add an event via a request to engine/new_event.php, or (4) delete an event via a request to phpagenda/. | 2015-05-21 | 6.8 | CVE-2012-1978 MISC MISC MISC OSVDB |
| synametrics — xeams | Multiple cross-site request forgery (CSRF) vulnerabilities in Synametrics Technologies Xeams 4.5 Build 5755 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) create an SMTP domain or (2) user via a request to /FrontController; or conduct cross-site scripting (XSS) attacks via the (3) domainname parameter to /FrontController, when creating a new SMTP domain configuration; the (4) txtRecipient parameter to /FrontController, when creating a new forwarder; the (5) popFetchServer, (6) popFetchUser, or (7) popFetchRecipient parameter to /FrontController, when creating a new POP3 Fetcher account; or the (8) Smtp HELO domain in the Advanced Server Configuration. | 2015-05-20 | 6.8 | CVE-2015-3141 EXPLOIT-DB MISC OSVDB |
| template_cms_project — template_cms | Cross-site scripting (XSS) vulnerability in Template CMS 2.1.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the themes_editor parameter an add_template action to admin/index.php. | 2015-05-20 | 4.3 | CVE-2012-4901 MISC BID OSVDB |
| template_cms_project — template_cms | Multiple cross-site request forgery (CSRF) vulnerabilities in Template CMS 2.1.1 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) create an administrator user via an add action to admin/index.php or (2) conduct static PHP code injection attacks via the themes_editor parameter in an edit_template action to admin/index.php. | 2015-05-20 | 6.8 | CVE-2012-4902 MISC BID OSVDB |
| valve — steam | The client detection protocol in Valve Steam allows remote attackers to cause a denial of service (process crash) via a crafted response to a broadcast packet. | 2015-05-20 | 5.0 | CVE-2015-4016 CONFIRM MISC |
| wppa.opajaap — wp-photo-album-plus | Multiple cross-site scripting (XSS) vulnerabilities in wppa-ajax-front.php in the WP Photo Album Plus (aka WPPA) plugin before 6.1.3 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) comemail or (2) comname parameter in a wppa do-comment action. | 2015-05-21 | 4.3 | CVE-2015-3647 CONFIRM MISC BUGTRAQ |
Low Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| docker — docker | Docker Engine before 1.6.1 allows local users to set arbitrary Linux Security Modules (LSM) and docker_t policies via an image that allows volumes to override files in /proc. | 2015-05-18 | 3.6 | CVE-2015-3631 CONFIRM FULLDISC MISC |
| ibm — license_metric_tool | IBM License Metric Tool 9 before 9.1.0.2 does not have an off autocomplete attribute for authentication fields, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation. | 2015-05-20 | 2.1 | CVE-2014-4776 CONFIRM |
| ibm — websphere_commerce | The command-line scripts in IBM WebSphere Commerce 6.0 through 6.0.0.11, 7.0 through 7.0.0.9, and 7.0 Feature Pack 2 through 8, when debugging is configured, do not properly restrict the logging of personal data, which allows local users to obtain sensitive information by reading a log file. | 2015-05-19 | 2.1 | CVE-2014-6211 CONFIRM AIXAPAR AIXAPAR |
| openstack — horizon | Multiple cross-site scripting (XSS) vulnerabilities in OpenStack Dashboard (Horizon) 2015.1.0 allow remote authenticated users to inject arbitrary web script or HTML via the metadata to a (1) Glance image, (2) Nova flavor or (3) Host Aggregate. | 2015-05-19 | 3.5 | CVE-2015-3988 BID MLIST MLIST |
| piriform — ccleaner | Piriform CCleaner 3.26.0.1988 through 5.02.5101 writes the filenames to disk when overwriting files, which allows local users to obtain sensitive information by searching unallocated disk space. | 2015-05-20 | 2.1 | CVE-2015-3999 BID FULLDISC |
| redhat — kexec-tools | The Red Hat module-setup.sh script for kexec-tools, as distributed in the kexec-tools before 2.0.7-19 packages in Red Hat Enterprise Linux, allows local users to write to arbitrary files via a symlink attack on a temporary file. | 2015-05-19 | 3.6 | CVE-2015-0267 REDHAT |
| squid-cache — squid | Squid 3.2.x before 3.2.14, 3.3.x before 3.3.14, 3.4.x before 3.4.13, and 3.5.x before 3.5.4, when configured with client-first SSL-bump, does not properly validate the domain or hostname fields of X.509 certificates, which allows man-in-the-middle attackers to spoof SSL servers via a valid certificate. | 2015-05-18 | 2.6 | CVE-2015-3455 CONFIRM SECTRACK MANDRIVA CONFIRM |
This product is provided subject to this Notification and this Privacy & Use policy.