Category Archives: US-CERT

US-CERT Alerts – Alerts warn about vulnerabilities, incidents, and other security issues that pose a significant risk.

SB15-257: Vulnerability Summary for the Week of September 7, 2015

Original release date: September 14, 2015

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0

  • Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9

  • Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
adobe — shockwave_player Adobe Shockwave Player before 12.2.0.162 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-6681. 2015-09-08 10.0 CVE-2015-6680
CONFIRM
adobe — shockwave_player Adobe Shockwave Player before 12.2.0.162 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-6680. 2015-09-08 10.0 CVE-2015-6681
CONFIRM
ffmpeg — ffmpeg The decode_ihdr_chunk function in libavcodec/pngdec.c in FFmpeg before 2.7.2 does not enforce uniqueness of the IHDR (aka image header) chunk in a PNG image, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via a crafted image with two or more of these chunks. 2015-09-05 7.5 CVE-2015-6818
CONFIRM
ffmpeg — ffmpeg Multiple integer underflows in the ff_mjpeg_decode_frame function in libavcodec/mjpegdec.c in FFmpeg before 2.7.2 allow remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted MJPEG data. 2015-09-05 7.5 CVE-2015-6819
CONFIRM
ffmpeg — ffmpeg The ff_sbr_apply function in libavcodec/aacsbr.c in FFmpeg before 2.7.2 does not check for a matching AAC frame syntax element before proceeding with Spectral Band Replication calculations, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted AAC data. 2015-09-05 7.5 CVE-2015-6820
CONFIRM
ffmpeg — ffmpeg The ff_mpv_common_init function in libavcodec/mpegvideo.c in FFmpeg before 2.7.2 does not properly maintain the encoding context, which allows remote attackers to cause a denial of service (invalid pointer access) or possibly have unspecified other impact via crafted MPEG data. 2015-09-05 7.5 CVE-2015-6821
CONFIRM
ffmpeg — ffmpeg The destroy_buffers function in libavcodec/sanm.c in FFmpeg before 2.7.2 does not properly maintain height and width values in the video context, which allows remote attackers to cause a denial of service (segmentation violation and application crash) or possibly have unspecified other impact via crafted LucasArts Smush video data. 2015-09-05 7.5 CVE-2015-6822
CONFIRM
ffmpeg — ffmpeg The allocate_buffers function in libavcodec/alac.c in FFmpeg before 2.7.2 does not initialize certain context data, which allows remote attackers to cause a denial of service (segmentation violation) or possibly have unspecified other impact via crafted Apple Lossless Audio Codec (ALAC) data. 2015-09-05 7.5 CVE-2015-6823
CONFIRM
ffmpeg — ffmpeg The sws_init_context function in libswscale/utils.c in FFmpeg before 2.7.2 does not initialize certain pixbuf data structures, which allows remote attackers to cause a denial of service (segmentation violation) or possibly have unspecified other impact via crafted video data. 2015-09-05 7.5 CVE-2015-6824
CONFIRM
ffmpeg — ffmpeg The ff_frame_thread_init function in libavcodec/pthread_frame.c in FFmpeg before 2.7.2 mishandles certain memory-allocation failures, which allows remote attackers to cause a denial of service (invalid pointer access) or possibly have unspecified other impact via a crafted file, as demonstrated by an AVI file. 2015-09-05 7.5 CVE-2015-6825
CONFIRM
ffmpeg — ffmpeg The ff_rv34_decode_init_thread_copy function in libavcodec/rv34.c in FFmpeg before 2.7.2 does not initialize certain structure members, which allows remote attackers to cause a denial of service (invalid pointer access) or possibly have unspecified other impact via crafted (1) RV30 or (2) RV40 RealVideo data. 2015-09-05 7.5 CVE-2015-6826
CONFIRM
isc — bind buffer.c in named in ISC BIND 9.x before 9.9.7-P3 and 9.10.x before 9.10.2-P4 allows remote attackers to cause a denial of service (assertion failure and daemon exit) by creating a zone containing a malformed DNSSEC key and issuing a query for a name in that zone. 2015-09-04 7.8 CVE-2015-5722
CONFIRM
isc — bind openpgpkey_61.c in named in ISC BIND 9.9.7 before 9.9.7-P3 and 9.10.x before 9.10.2-P4 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via a crafted DNS response. 2015-09-04 7.1 CVE-2015-5986
CONFIRM
libvdpau_project — libvdpau libvdpau before 1.1.1, when used in a setuid or setgid application, allows local users to gain privileges via unspecified vectors, related to the VDPAU_DRIVER_PATH environment variable. 2015-09-08 7.2 CVE-2015-5198
CONFIRM
UBUNTU
MLIST
libvdpau_project — libvdpau Directory traversal vulnerability in dlopen in libvdpau before 1.1.1 allows local users to gain privileges via the VDPAU_DRIVER environment variable. 2015-09-08 7.2 CVE-2015-5199
CONFIRM
UBUNTU
MLIST
microsoft — edge Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Memory Corruption Vulnerability,” a different vulnerability than CVE-2015-2491 and CVE-2015-2541. 2015-09-08 9.3 CVE-2015-2485
MS
MS
microsoft — edge Microsoft Internet Explorer 7 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Memory Corruption Vulnerability,” a different vulnerability than CVE-2015-2487, CVE-2015-2490, CVE-2015-2492, CVE-2015-2494, CVE-2015-2498, and CVE-2015-2499. 2015-09-08 9.3 CVE-2015-2486
MS
MS
microsoft — internet_explorer Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Memory Corruption Vulnerability,” a different vulnerability than CVE-2015-2486, CVE-2015-2490, CVE-2015-2492, CVE-2015-2494, CVE-2015-2498, and CVE-2015-2499. 2015-09-08 9.3 CVE-2015-2487
MS
microsoft — internet_explorer Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Memory Corruption Vulnerability,” a different vulnerability than CVE-2015-2486, CVE-2015-2487, CVE-2015-2492, CVE-2015-2494, CVE-2015-2498, and CVE-2015-2499. 2015-09-08 9.3 CVE-2015-2490
MS
microsoft — internet_explorer Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Memory Corruption Vulnerability,” a different vulnerability than CVE-2015-2485 and CVE-2015-2541. 2015-09-08 9.3 CVE-2015-2491
MS
microsoft — internet_explorer Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Memory Corruption Vulnerability,” a different vulnerability than CVE-2015-2486, CVE-2015-2487, CVE-2015-2490, CVE-2015-2494, CVE-2015-2498, and CVE-2015-2499. 2015-09-08 9.3 CVE-2015-2492
MS
microsoft — internet_explorer The (1) VBScript and (2) JScript engines in Microsoft Internet Explorer 8 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Scripting Engine Memory Corruption Vulnerability.” 2015-09-08 9.3 CVE-2015-2493
MS
microsoft — edge Microsoft Internet Explorer 7 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Memory Corruption Vulnerability,” a different vulnerability than CVE-2015-2486, CVE-2015-2487, CVE-2015-2490, CVE-2015-2492, CVE-2015-2498, and CVE-2015-2499. 2015-09-08 9.3 CVE-2015-2494
MS
MS
microsoft — internet_explorer Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Memory Corruption Vulnerability,” a different vulnerability than CVE-2015-2486, CVE-2015-2487, CVE-2015-2490, CVE-2015-2492, CVE-2015-2494, and CVE-2015-2499. 2015-09-08 9.3 CVE-2015-2498
MS
microsoft — internet_explorer Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Memory Corruption Vulnerability,” a different vulnerability than CVE-2015-2486, CVE-2015-2487, CVE-2015-2490, CVE-2015-2492, CVE-2015-2494, and CVE-2015-2498. 2015-09-08 9.3 CVE-2015-2499
MS
microsoft — internet_explorer Microsoft Internet Explorer 7 and 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Memory Corruption Vulnerability.” 2015-09-08 9.3 CVE-2015-2500
MS
microsoft — internet_explorer Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Memory Corruption Vulnerability.” 2015-09-08 9.3 CVE-2015-2501
MS
microsoft — .net_framework Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6 improperly counts objects before performing an array copy, which allows remote attackers to (1) execute arbitrary code via a crafted XAML browser application (XBAP) or (2) bypass Code Access Security restrictions via a crafted .NET Framework application, aka “.NET Elevation of Privilege Vulnerability.” 2015-09-08 9.3 CVE-2015-2504
MS
microsoft — windows_10 atmfd.dll in the Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows remote attackers to cause a denial of service (system crash) via a crafted OpenType font, aka “OpenType Font Parsing Vulnerability.” 2015-09-08 9.3 CVE-2015-2506
MS
microsoft — windows_10 The Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows local users to gain privileges via a crafted application, aka “Font Driver Elevation of Privilege Vulnerability,” a different vulnerability than CVE-2015-2512. 2015-09-08 7.2 CVE-2015-2507
MS
microsoft — windows_10 The Adobe Type Manager Library in Microsoft Windows 10 allows local users to gain privileges via a crafted application, aka “Font Driver Elevation of Privilege Vulnerability.” 2015-09-08 7.2 CVE-2015-2508
MS
microsoft — windows_7 Windows Media Center in Microsoft Windows Vista SP2, Windows 7 SP1, Windows 8, and Windows 8.1 allows user-assisted remote attackers to execute arbitrary code via a crafted Media Center link (mcl) file, aka “Windows Media Center RCE Vulnerability.” 2015-09-08 9.3 CVE-2015-2509
MS
microsoft — live_meeting_console Buffer overflow in the Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2, Office 2007 SP3, Office 2010 SP2, Lync 2010, Lync 2010 Attendee, Lync 2013 SP1, Lync Basic 2013 SP1, and Live Meeting 2007 Console allows remote attackers to execute arbitrary code via a crafted OpenType font, aka “Graphics Component Buffer Overflow Vulnerability.” 2015-09-08 9.3 CVE-2015-2510
MS
microsoft — windows_10 The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows local users to gain privileges via a crafted application, aka “Win32k Memory Corruption Elevation of Privilege Vulnerability,” a different vulnerability than CVE-2015-2517, CVE-2015-2518, and CVE-2015-2546. 2015-09-08 7.2 CVE-2015-2511
MS
microsoft — windows_10 The Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows local users to gain privileges via a crafted application, aka “Font Driver Elevation of Privilege Vulnerability,” a different vulnerability than CVE-2015-2507. 2015-09-08 7.2 CVE-2015-2512
MS
microsoft — windows_10 Windows Journal in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows remote attackers to execute arbitrary code via a crafted .jnt file, aka “Windows Journal RCE Vulnerability,” a different vulnerability than CVE-2015-2514 and CVE-2015-2530. 2015-09-08 9.3 CVE-2015-2513
MS
microsoft — windows_10 Windows Journal in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows remote attackers to execute arbitrary code via a crafted .jnt file, aka “Windows Journal RCE Vulnerability,” a different vulnerability than CVE-2015-2513 and CVE-2015-2530. 2015-09-08 9.3 CVE-2015-2514
MS
microsoft — windows_10 The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows local users to gain privileges via a crafted application, aka “Win32k Memory Corruption Elevation of Privilege Vulnerability,” a different vulnerability than CVE-2015-2511, CVE-2015-2518, and CVE-2015-2546. 2015-09-08 7.2 CVE-2015-2517
MS
microsoft — windows_10 The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows local users to gain privileges via a crafted application, aka “Win32k Memory Corruption Elevation of Privilege Vulnerability,” a different vulnerability than CVE-2015-2511, CVE-2015-2517, and CVE-2015-2546. 2015-09-08 7.2 CVE-2015-2518
MS
microsoft — windows_10 Integer overflow in Windows Journal in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows remote attackers to execute arbitrary code via a crafted .jnt file, aka “Windows Journal Integer Overflow RCE Vulnerability.” 2015-09-08 9.3 CVE-2015-2519
MS
microsoft — excel Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel for Mac 2011 and 2016, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka “Microsoft Office Memory Corruption Vulnerability.” 2015-09-08 9.3 CVE-2015-2520
MS
microsoft — excel Microsoft Excel 2007 SP3, Excel 2010 SP2, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka “Microsoft Office Memory Corruption Vulnerability.” 2015-09-08 9.3 CVE-2015-2521
MS
microsoft — excel Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel for Mac 2011 and 2016, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka “Microsoft Office Memory Corruption Vulnerability.” 2015-09-08 9.3 CVE-2015-2523
MS
microsoft — windows_10 Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 do not properly constrain impersonation levels, which allows local users to gain privileges via a crafted application, aka “Windows Task Management Elevation of Privilege Vulnerability,” a different vulnerability than CVE-2015-2528. 2015-09-08 7.2 CVE-2015-2524
MS
microsoft — windows_10 Task Scheduler in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows local users to bypass intended filesystem restrictions and delete arbitrary files via unspecified vectors, aka “Windows Task File Deletion Elevation of Privilege Vulnerability.” 2015-09-08 7.2 CVE-2015-2525
MS
microsoft — windows_10 The process-initialization implementation in win32k.sys in the kernel-mode drivers in Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 does not properly constrain impersonation levels, which allows local users to gain privileges via a crafted application, aka “Win32k Elevation of Privilege Vulnerability.” 2015-09-08 7.2 CVE-2015-2527
MS
microsoft — windows_10 Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 do not properly constrain impersonation levels, which allows local users to gain privileges via a crafted application, aka “Windows Task Management Elevation of Privilege Vulnerability,” a different vulnerability than CVE-2015-2524. 2015-09-08 7.2 CVE-2015-2528
MS
microsoft — windows_10 Windows Journal in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows remote attackers to execute arbitrary code via a crafted .jnt file, aka “Windows Journal RCE Vulnerability,” a different vulnerability than CVE-2015-2513 and CVE-2015-2514. 2015-09-08 9.3 CVE-2015-2530
MS
microsoft — internet_explorer Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Memory Corruption Vulnerability,” a different vulnerability than CVE-2015-2485 and CVE-2015-2491. 2015-09-08 9.3 CVE-2015-2541
MS
microsoft — edge Microsoft Internet Explorer 10 and 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Memory Corruption Vulnerability.” 2015-09-08 9.3 CVE-2015-2542
MS
MS
microsoft — office Microsoft Office 2007 SP3, 2010 SP2, 2013 SP1, and 2013 RT SP1 allows remote attackers to execute arbitrary code via a crafted EPS image, aka “Microsoft Office Malformed EPS File Vulnerability.” 2015-09-08 9.3 CVE-2015-2545
MS
microsoft — windows_10 The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows local users to gain privileges via a crafted application, aka “Win32k Memory Corruption Elevation of Privilege Vulnerability,” a different vulnerability than CVE-2015-2511, CVE-2015-2517, and CVE-2015-2518. 2015-09-08 7.2 CVE-2015-2546
MS

Back to top

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
cisco — telepresence_system_software_ix Cisco TelePresence IX5000 8.0.3 stores a private key associated with an X.509 certificate under the web root with insufficient access control, which allows remote attackers to obtain cleartext versions of HTTPS traffic or spoof devices via a direct request to the certificate directory, aka Bug ID CSCuu63501. 2015-09-04 5.0 CVE-2015-6276
CISCO
freebit — elphonebtnv6_activex_control Buffer overflow in the ExecCall method in c2lv6.ocx in the FreeBit ELPhoneBtnV6 ActiveX control allows remote attackers to execute arbitrary code via a crafted HTML document, related to the discontinued “Click to Live” service. 2015-09-07 6.8 CVE-2015-5624
JVNDB
JVN
guide-park — bbs_x102 Cross-site scripting (XSS) vulnerability in guide-park.com BBS X102 1.03 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2015-09-05 4.3 CVE-2015-2985
JVNDB
JVN
lemon-s_php — twit_bbs Cross-site scripting (XSS) vulnerability in index.php in LEMON-S PHP Twit BBS allows remote attackers to inject arbitrary web script or HTML via the imagetitle parameter. 2015-09-07 4.3 CVE-2015-2989
JVNDB
JVN
libvdpau_project — libvdpau The trace functionality in libvdpau before 1.1.1, when used in a setuid or setgid application, allows local users to write to arbitrary files via unspecified vectors. 2015-09-08 6.3 CVE-2015-5200
CONFIRM
UBUNTU
MLIST
microsoft — internet_explorer Microsoft Internet Explorer 10 and 11 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka “Information Disclosure Vulnerability.” 2015-09-08 5.0 CVE-2015-2483
MS
microsoft — internet_explorer Microsoft Internet Explorer 10 and 11 uses an incorrect flag during certain filesystem accesses, which allows remote attackers to delete arbitrary files via unspecified vectors, aka “Tampering Vulnerability.” 2015-09-08 6.4 CVE-2015-2484
MS
microsoft — internet_explorer Microsoft Internet Explorer 11 allows remote attackers to gain privileges via a crafted web site, as demonstrated by a transition from Low Integrity to Medium Integrity, aka “Elevation of Privilege Vulnerability.” 2015-09-08 4.3 CVE-2015-2489
MS
microsoft — exchange_server Outlook Web Access (OWA) in Microsoft Exchange Server 2013 Cumulative Update 8 and 9 and SP1 allows remote attackers to obtain sensitive stacktrace information via a crafted request, aka “Exchange Information Disclosure Vulnerability.” 2015-09-08 5.0 CVE-2015-2505
MS
microsoft — windows_10 Windows Journal in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows remote attackers to cause a denial of service (data loss) via a crafted .jnt file, aka “Windows Journal DoS Vulnerability.” 2015-09-08 4.3 CVE-2015-2516
MS
microsoft — .net_framework Microsoft .NET Framework 4.5, 4.5.1, 4.5.2, and 4.6 allows remote attackers to cause a denial of service to an ASP.NET web site via crafted requests, aka “MVC Denial of Service Vulnerability.” 2015-09-08 5.0 CVE-2015-2526
MS
microsoft — lync_server Cross-site scripting (XSS) vulnerability in the jQuery engine in Microsoft Lync Server 2013 and Skype for Business Server 2015 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka “Skype for Business Server and Lync Server XSS Information Disclosure Vulnerability.” 2015-09-08 4.3 CVE-2015-2531
MS
microsoft — lync_server Cross-site scripting (XSS) vulnerability in Microsoft Lync Server 2013 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka “Lync Server XSS Information Disclosure Vulnerability.” 2015-09-08 4.3 CVE-2015-2532
MS
microsoft — windows_server_2008 Active Directory in Microsoft Windows Server 2008 SP2 and R2 SP1 and Server 2012 Gold and R2 allows remote authenticated users to cause a denial of service (service outage) by creating multiple machine accounts, aka “Active Directory Denial of Service Vulnerability.” 2015-09-08 4.0 CVE-2015-2535
MS
microsoft — lync_server Cross-site scripting (XSS) vulnerability in Microsoft Lync Server 2013 and Skype for Business Server 2015 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka “Skype for Business Server and Lync Server XSS Elevation of Privilege Vulnerability.” 2015-09-08 4.3 CVE-2015-2536
MS
microsoft — exchange_server Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2013 Cumulative Update 8 and 9 allows remote attackers to inject arbitrary web script or HTML via a crafted e-mail message, aka “Exchange Spoofing Vulnerability.” 2015-09-08 4.3 CVE-2015-2543
MS
microsoft — exchange_server Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2013 Cumulative Update 8 and 9 and SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted e-mail message, aka “Exchange Spoofing Vulnerability.” 2015-09-08 4.3 CVE-2015-2544
MS
neojapan — desknet_neo Directory traversal vulnerability in zhtml.cgi in NEOJAPAN desknet NEO 2.0R1.0 through 2.5R1.4 allows remote authenticated users to read arbitrary files via a crafted parameter. 2015-09-04 4.0 CVE-2015-2990
CONFIRM
JVNDB
JVN
nscripter_project — nscripter Buffer overflow in NScripter before 3.00 allows remote attackers to execute arbitrary code via crafted save data. 2015-09-04 6.8 CVE-2015-2991
CONFIRM
JVNDB
JVN
opendocman — opendocman Cross-site scripting (XSS) vulnerability in OpenDocMan before 1.3.4 allows remote attackers to inject arbitrary web script or HTML via the redirection parameter. 2015-09-07 4.3 CVE-2015-5625
JVNDB
JVN
openstack — compute OpenStack Compute (nova) 2015.1 through 2015.1.1, 2014.2.3, and earlier does not stop the migration process when the instance is deleted, which allows remote authenticated users to cause a denial of service (disk, network, and other resource consumption) by resizing and then deleting an instance. 2015-09-08 6.8 CVE-2015-3241
CONFIRM
REDHAT
rakuto — rktsns2 Cross-site scripting (XSS) vulnerability in rakuto.net hitSuji (rktSNS2) 0.2.2b allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2015-09-05 4.3 CVE-2015-2986
JVNDB
JVN
redhat — openshift_origin The API server in OpenShift Origin 1.0.5 allows remote attackers to cause a denial of service (master process crash) via crafted JSON data. 2015-09-08 4.0 CVE-2015-5250
CONFIRM
CONFIRM
REDHAT
spice_project — spice Race condition in the worker_update_monitors_config function in SPICE 0.12.4 allows a remote authenticated guest user to cause a denial of service (heap-based memory corruption and QEMU-KVM crash) or possibly execute arbitrary code on the host via unspecified vectors. 2015-09-08 6.9 CVE-2015-3247
SECTRACK
REDHAT
REDHAT
REDHAT

Back to top

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
microsoft — sharepoint_foundation Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Foundation 2013 SP1 allows remote authenticated users to inject arbitrary web script or HTML via crafted content, aka “Microsoft SharePoint XSS Spoofing Vulnerability.” 2015-09-08 3.5 CVE-2015-2522
MS
microsoft — windows_10 The kernel in Microsoft Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, and Windows 10 allows local users to bypass the ASLR protection mechanism via a crafted application, aka “Kernel ASLR Bypass Vulnerability.” 2015-09-08 2.1 CVE-2015-2529
MS
microsoft — windows_10 Hyper-V in Microsoft Windows 8.1, Windows Server 2012 R2, and Windows 10 improperly processes ACL settings, which allows local users to bypass intended network-traffic restrictions via a crafted application, aka “Hyper-V Security Feature Bypass Vulnerability.” 2015-09-08 1.9 CVE-2015-2534
MS
redhat — enterprise_virtualization The Web Admin interface in Red Hat Enterprise Virtualization Manager (RHEV-M) allows local users to bypass the timeout function by selecting a VM in the VM grid view. 2015-09-08 3.7 CVE-2015-1841
SECTRACK
REDHAT

Back to top


This product is provided subject to this Notification and this Privacy & Use policy.

Microsoft Releases September 2015 Security Bulletin

Original release date: September 08, 2015

Microsoft has released 12 updates to address vulnerabilities in Microsoft Windows. Exploitation of some of these vulnerabilities could allow an attacker to take control of an affected system.

US-CERT encourages users and administrators to review Microsoft Security Bulletins MS15-094 through MS15-105 and apply the necessary updates.


This product is provided subject to this Notification and this Privacy & Use policy.

Adobe Releases Security Update for Shockwave Player

Original release date: September 08, 2015

Adobe has released a security update to address vulnerabilities in Shockwave Player. Exploitation of these vulnerabilities may allow a remote attacker to take control of an affected system.

Users and administrators are encouraged to review Adobe Security Bulletin APSB15-22 and apply the necessary update.


This product is provided subject to this Notification and this Privacy & Use policy.

SB15-250: Vulnerability Summary for the Week of August 31, 2015

Original release date: September 07, 2015

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0

  • Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9

  • Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
call-cc — chicken Buffer overflow in CHICKEN 4.9.0.x before 4.9.0.2, 4.9.x before 4.9.1, and before 5.0 allows attackers to have unspecified impact via a positive START argument to the “substring-index[-ci] procedures.” 2015-08-28 7.5 CVE-2014-9651
MLIST
MLIST
check_mk_project — check_mk Check_MK 1.2.2p2, 1.2.2p3, and 1.2.3i5 allows remote authenticated users to execute arbitrary Python code via a crafted rules.mk file in a snapshot. NOTE: this can be exploited by remote attackers by leveraging CVE-2014-2330. 2015-08-31 8.5 CVE-2014-2331
BUGTRAQ
BUGTRAQ
cisco — integrated_management_controller_supervisor The JavaServer Pages (JSP) component in Cisco Integrated Management Controller (IMC) Supervisor before 1.0.0.1 and UCS Director (formerly Cloupia Unified Infrastructure Controller) before 5.2.0.1 allows remote attackers to write to arbitrary files via crafted HTTP requests, aka Bug IDs CSCus36435 and CSCus62625. 2015-09-03 9.4 CVE-2015-6259
CISCO
cisco — ios_xe Cisco IOS XE before 2.2.3 on ASR 1000 devices allows remote attackers to cause a denial of service (Embedded Services Processor crash) via a crafted L2TP packet, aka Bug IDs CSCsw95722 and CSCsw95496. 2015-08-28 7.8 CVE-2015-6267
CISCO
cisco — ios_xe Cisco IOS XE before 2.2.3 on ASR 1000 devices allows remote attackers to cause a denial of service (Embedded Services Processor crash) via a crafted IPv4 UDP packet, aka Bug ID CSCsw95482. 2015-08-28 7.8 CVE-2015-6268
CISCO
cisco — ios_xe Cisco IOS XE before 2.2.3 on ASR 1000 devices allows remote attackers to cause a denial of service (Embedded Services Processor crash) via a crafted (1) IPv4 or (2) IPv6 packet, aka Bug ID CSCsw69990. 2015-08-31 7.8 CVE-2015-6269
CISCO
cisco — ios_xe Cisco IOS XE before 2.2.3 on ASR 1000 devices allows remote attackers to cause a denial of service (Embedded Services Processor crash) via a crafted IPv6 packet, aka Bug ID CSCsv98555. 2015-08-31 7.8 CVE-2015-6270
CISCO
cisco — ios_xe Cisco IOS XE 2.1.0 through 2.4.3 and 2.5.0 on ASR 1000 devices, when NAT Application Layer Gateway is used, allows remote attackers to cause a denial of service (Embedded Services Processor crash) via a crafted SIP packet, aka Bug IDs CSCta74749 and CSCta77008. 2015-08-31 7.8 CVE-2015-6271
CISCO
cisco — ios_xe Cisco IOS XE 2.1.0 through 2.2.3 and 2.3.0 on ASR 1000 devices, when NAT Application Layer Gateway is used, allows remote attackers to cause a denial of service (Embedded Services Processor crash) via a crafted H.323 packet, aka Bug ID CSCsx35393, CSCsx07094, and CSCsw93064. 2015-08-31 7.8 CVE-2015-6272
CISCO
cisco — ios_xe Cisco IOS XE before 3.1.2S on ASR 1000 devices mishandles the automatic setup of Virtual Fragment Reassembly (VFR) by certain firewall and NAT components, which allows remote attackers to cause a denial of service (Embedded Services Processor crash) via crafted IP packets, aka Bug IDs CSCtf87624, CSCte93229, CSCtd19103, and CSCti63623. 2015-08-28 7.8 CVE-2015-6273
CISCO
cyberoam — cr500ing-xp SQL injection vulnerability in the Sophos Cyberoam CR500iNG-XP firewall appliance with CyberoamOS 10.6.2 MR-1 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter to login.xml. 2015-09-04 7.5 CVE-2015-6811
EXPLOIT-DB
MISC
emc — atmos The XML parser in EMC Atmos before 2.2.3.426 and 2.3.x before 2.3.1.0 allows remote authenticated users to read arbitrary files or cause a denial of service (CPU and memory consumption) via an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. 2015-09-03 7.5 CVE-2015-4538
BUGTRAQ
emc — documentum_content_server EMC Documentum Content Server before 7.1P20 and 7.2.x before 7.2P04 does not properly verify authorization for dm_job object access, which allows remote authenticated users to obtain superuser privileges via crafted object operations. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-4626. 2015-09-03 9.0 CVE-2015-4544
BUGTRAQ
fortinet — forticlient The (1) mdare64_48.sys, (2) mdare32_48.sys, (3) mdare32_52.sys, and (4) mdare64_52.sys drivers in Fortinet FortiClient before 5.2.4 allows local users to write to arbitrary memory locations via a 0x226108 ioctl call. 2015-09-03 7.2 CVE-2015-5735
SECTRACK
CONFIRM
MISC
fortinet — forticlient The Fortishield.sys driver in Fortinet FortiClient before 5.2.4 allows local users to execute arbitrary code with kernel privileges by setting the callback function in a (1) 0x220024 or (2) 0x220028 ioctl call. 2015-09-03 7.2 CVE-2015-5736
SECTRACK
CONFIRM
MISC
fortinet — forticlient The (1) mdare64_48.sys, (2) mdare32_48.sys, (3) mdare32_52.sys, (4) mdare64_52.sys, and (5) Fortishield.sys drivers in Fortinet FortiClient before 5.2.4 do not properly restrict access to the API for management of processes and the Windows registry, which allows local users to obtain a privileged handle to a PID and possibly have unspecified other impact, as demonstrated by a 0x2220c8 ioctl call. 2015-09-03 7.2 CVE-2015-5737
SECTRACK
CONFIRM
MISC
gnu — gnutls Double free vulnerability in lib/x509/x509_ext.c in GnuTLS before 3.3.14 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted CRL distribution point. 2015-09-02 7.5 CVE-2015-3308
CONFIRM
CONFIRM
UBUNTU
MLIST
MLIST
google — chrome Use-after-free vulnerability in the SkMatrix::invertNonIdentity function in core/SkMatrix.cpp in Skia, as used in Google Chrome before 45.0.2454.85, allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering the use of matrix elements that lead to an infinite result during an inversion calculation. 2015-09-03 7.5 CVE-2015-1294
CONFIRM
CONFIRM
CONFIRM
google — chrome Multiple use-after-free vulnerabilities in the PrintWebViewHelper class in components/printing/renderer/print_web_view_helper.cc in Google Chrome before 45.0.2454.85 allow user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact by triggering nested IPC messages during preparation for printing, as demonstrated by messages associated with PDF documents in conjunction with messages about printer capabilities. 2015-09-03 7.5 CVE-2015-1295
CONFIRM
CONFIRM
CONFIRM
google — chrome The WebRequest API implementation in extensions/browser/api/web_request/web_request_api.cc in Google Chrome before 45.0.2454.85 does not properly consider a request’s source before accepting the request, which allows remote attackers to bypass intended access restrictions via a crafted (1) app or (2) extension. 2015-09-03 7.5 CVE-2015-1297
CONFIRM
CONFIRM
CONFIRM
google — chrome Use-after-free vulnerability in the shared-timer implementation in Blink, as used in Google Chrome before 45.0.2454.85, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging erroneous timer firing, related to ThreadTimers.cpp and Timer.cpp. 2015-09-03 7.5 CVE-2015-1299
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
google — chrome Multiple unspecified vulnerabilities in Google Chrome before 45.0.2454.85 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. 2015-09-03 7.5 CVE-2015-1301
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
google — chrome Multiple unspecified vulnerabilities in Google V8 before 4.5.103.29, as used in Google Chrome before 45.0.2454.85, allow attackers to cause a denial of service or possibly have other impact via unknown vectors. 2015-09-03 7.5 CVE-2015-6580
CONFIRM
google — chrome Double free vulnerability in the opj_j2k_copy_default_tcp_and_create_tcd function in j2k.c in OpenJPEG before r3002, as used in PDFium in Google Chrome before 45.0.2454.85, allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by triggering a memory-allocation failure. 2015-09-03 7.5 CVE-2015-6581
CONFIRM
CONFIRM
CONFIRM
CONFIRM
gsm — sim_card_editor Stack-based buffer overflow in GSM SIM Utility (aka SIM Card Editor) 6.6 allows remote attackers to execute arbitrary code via a long entry in a .sms file. 2015-08-28 10.0 CVE-2015-1171
MISC
MISC
MISC
hp — intelligent_provisioning Unspecified vulnerability in HP Intelligent Provisioning 1.00 through 1.62(a), 2.00, and 2.10 allows remote attackers to execute arbitrary code via unknown vectors. 2015-08-31 10.0 CVE-2015-2135
HP
invisionpower — invision_power_board Invision Power Services IPS Community Suite (aka Invision Power Board, IPB, or Power Board) before 4.0.12.1 allows remote attackers to cause a denial of service (loop and memory consumption) via a crafted URL. 2015-09-04 7.8 CVE-2015-6812
CONFIRM
ippusbxd_project — ippusbxd IPPUSBXD before 1.22 listens on all interfaces, which allows remote attackers to obtain access to USB connected printers via a direct request. 2015-09-01 7.5 CVE-2015-6520
CONFIRM
CONFIRM
UBUNTU
MLIST
MLIST
linux — linux_kernel arch/x86/entry/entry_64.S in the Linux kernel before 4.1.6 on the x86_64 platform improperly relies on espfix64 during nested NMI processing, which allows local users to gain privileges by triggering an NMI within a certain instruction window. 2015-08-31 7.2 CVE-2015-3290
CONFIRM
CONFIRM
MLIST
MLIST
CONFIRM
CONFIRM
linux — linux_kernel Array index error in the tcm_vhost_make_tpg function in drivers/vhost/scsi.c in the Linux kernel before 4.0 might allow guest OS users to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted VHOST_SCSI_SET_ENDPOINT ioctl call. NOTE: the affected function was renamed to vhost_scsi_make_tpg before the vulnerability was announced. 2015-08-31 7.2 CVE-2015-4036
CONFIRM
CONFIRM
MLIST
CONFIRM
linux — linux_kernel arch/x86/entry/entry_64.S in the Linux kernel before 4.1.6 on the x86_64 platform mishandles IRET faults in processing NMIs that occurred during userspace execution, which might allow local users to gain privileges by triggering an NMI. 2015-08-31 7.2 CVE-2015-5157
CONFIRM
MLIST
CONFIRM
CONFIRM
linux — linux_kernel The (1) udp_recvmsg and (2) udpv6_recvmsg functions in the Linux kernel before 4.0.6 do not properly consider yielding a processor, which allows remote attackers to cause a denial of service (system hang) via incorrect checksums within a UDP packet flood. 2015-08-31 7.8 CVE-2015-5364
MISC
CONFIRM
CONFIRM
MLIST
CONFIRM
CONFIRM
mediawiki — mediawiki The ApiBase::getWatchlistUser function in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 does not perform token comparison in constant time, which allows remote attackers to guess the watchlist token and bypass CSRF protection via a timing attack. 2015-09-01 7.5 CVE-2015-6728
MLIST
MLIST
MLIST
FEDORA
mozilla — firefox Use-after-free vulnerability in the CanvasRenderingContext2D implementation in Mozilla Firefox before 40.0.3 and Firefox ESR 38.x before 38.2.1 allows remote attackers to execute arbitrary code by leveraging improper interaction between resize events and changes to Cascading Style Sheets (CSS) token sequences for a CANVAS element. 2015-08-29 10.0 CVE-2015-4497
CONFIRM
CONFIRM
CONFIRM
mozilla — firefox The add-on installation feature in Mozilla Firefox before 40.0.3 and Firefox ESR 38.x before 38.2.1 allows remote attackers to bypass an intended user-confirmation requirement by constructing a crafted data: URL and triggering navigation to an arbitrary http: or https: URL at a certain early point in the installation process. 2015-08-29 7.5 CVE-2015-4498
CONFIRM
CONFIRM
netsweeper — netsweeper WebUpgrade in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to bypass authentication and create a system backup tarball, restart the server, or stop the filters on the server via a ‘ (single quote) character in the login and password parameters to webupgrade/webupgrade.php. NOTE: this was originally reported as an SQL injection vulnerability, but this may be inaccurate. 2015-09-04 9.4 CVE-2014-9605
CONFIRM
CONFIRM
CONFIRM
EXPLOIT-DB
pacemaker/corosync_configuration_system_project — pacemaker/corosync_configuration_system The pcsd web UI in PCS 0.9.139 and earlier allows remote authenticated users to execute arbitrary commands via “escape characters” in a URL. 2015-09-03 8.5 CVE-2015-5190
CONFIRM
REDHAT
ricoh — dl-1_sr10 Buffer overflow in Ricoh DL FTP Server 1.1.0.6 and earlier allows remote attackers to execute arbitrary code via a long USER command. 2015-08-31 7.5 CVE-2015-6750
MISC
siemens — simatic_s7_1200_cpu Cross-site request forgery (CSRF) vulnerability in the web server on Siemens SIMATIC S7-1200 CPU devices with firmware before 4.1.3 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. 2015-08-30 7.5 CVE-2015-5698
MISC
CONFIRM
tibco — messaging_appliance Buffer overflow in the HTTP administrative interface in TIBCO Rendezvous before 8.4.4, Rendezvous Network Server before 1.1.1, Substation ES before 2.9.0, and Messaging Appliance before 8.7.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via unspecified vectors, related to the Rendezvous Daemon (rvd), Routing Daemon (rvrd), Secure Daemon (rvsd), Secure Routing Daemon (rvsrd), Gateway Daemon (rvgd), Daemon Adapter (rvda), Cache (rvcache), Agent (rva), and Relay Agent (rvrad) components. 2015-08-30 7.5 CVE-2015-4555
CONFIRM
CONFIRM

Back to top

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
basware — banking Basware Banking (Maksuliikenne) before 9.10.0.0 does not encrypt communication between the client and the backend server, which allows man-in-the-middle attackers to obtain encryption keys, user credentials, and other sensitive information by sniffing the network or modify this traffic by inserting packets into the client-server data stream. 2015-08-31 5.8 CVE-2015-0943
MISC
FULLDISC
basware — banking Basware Banking (Maksuliikenne) before 8.90.07.X uses a hardcoded password for the ANCO account, which allows remote authenticated users to bypass intended access restrictions by leveraging knowledge of this password. NOTE: this identifier was SPLIT from CVE-2015-0942 per ADT2 and ADT3 due to different vulnerability types and different affected versions. 2015-08-31 6.5 CVE-2015-6742
MISC
FULLDISC
basware — banking Basware Banking (Maksuliikenne) 8.90.07.X uses a hardcoded password for an unspecified account, which allows remote authenticated users to bypass intended access restrictions by leveraging knowledge of this password. NOTE: this identifier was SPLIT from CVE-2015-0942 per ADT2 and ADT3 due to different vulnerability types and different affected versions. 2015-08-31 6.5 CVE-2015-6743
MISC
FULLDISC
basware — banking Basware Banking (Maksuliikenne) before 8.90.07.X relies on the client to enforce (1) login verification, (2) audit trail creation, and (3) account locking, which allows remote attackers to “disrupt security-critical functions” by “dropping network traffic.” NOTE: this identifier was SPLIT from CVE-2015-0942 per ADT2 and ADT3 due to different vulnerability type and different affected versions. 2015-08-31 4.3 CVE-2015-6744
MISC
FULLDISC
basware — banking Basware Banking (Maksuliikenne) 8.90.07.X relies on the client to enforce account locking, which allows local users to bypass that security mechanism by deleting the entry from the locking table. NOTE: this identifier was SPLIT from CVE-2015-0942 per ADT2 and ADT3 due to different vulnerability type and different affected versions. NOTE: this vulnerability exists because of an incorrect fix for CVE-2015-6744. 2015-08-31 4.6 CVE-2015-6745
MISC
FULLDISC
basware — banking Basware Banking (Maksuliikenne) 8.90.07.X does not properly prevent access to private keys, which allows remote attackers to spoof communications with banks via unspecified vectors. NOTE: this identifier was SPLIT from CVE-2015-0942 per ADT2 due to different vulnerability types. NOTE: this vulnerability exists because of an incorrect fix for CVE-2015-6746. 2015-08-31 5.0 CVE-2015-6747
MISC
FULLDISC
bedita — bedita Multiple cross-site scripting (XSS) vulnerabilities in BEdita before 3.6.0 allow remote attackers to inject arbitrary web script or HTML via the (1) cfg[projectName] parameter to index.php/admin/saveConfig, the (2) data[stats_provider_url] parameter to index.php/areas/saveArea, or the (3) data[description] parameter to index.php/areas/saveSection. 2015-09-04 4.3 CVE-2015-6809
CONFIRM
EXPLOIT-DB
CONFIRM
bestpractical — request_tracker Cross-site scripting (XSS) vulnerability in the cryptography interface in Request Tracker (RT) before 4.2.12 allows remote attackers to inject arbitrary web script or HTML via a crafted public key. 2015-09-03 4.3 CVE-2015-6506
CONFIRM
CONFIRM
CONFIRM
DEBIAN
check_mk_project — check_mk Multiple cross-site request forgery (CSRF) vulnerabilities in the Multisite GUI in Check_MK before 1.2.5i2 allow remote attackers to hijack the authentication of users for requests that (1) upload arbitrary snapshots, (2) delete arbitrary files, or possibly have other unspecified impact via unknown vectors. 2015-08-31 6.8 CVE-2014-2330
BID
BUGTRAQ
CONFIRM
check_mk_project — check_mk Check_MK before 1.2.2p3 and 1.2.3x before 1.2.3i5 allows remote authenticated users to delete arbitrary files via a request to an unspecified link, related to “Insecure Direct Object References.” NOTE: this can be exploited by remote attackers by leveraging CVE-2014-2330. 2015-08-31 5.5 CVE-2014-2332
BUGTRAQ
BUGTRAQ
cisco — telepresence_video_communication_server_software A local file script in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 allows local users to gain privileges for OS command execution via invalid parameters, aka Bug ID CSCuv10556. 2015-09-02 6.9 CVE-2015-4330
CISCO
cisco — identity_services_engine_software The guest portal in Cisco Identity Services Engine (ISE) 3300 1.2(0.899) does not restrict access to uploaded HTML documents, which allows remote attackers to obtain sensitive information from customized documents via a direct request, aka Bug ID CSCuo78045. 2015-08-28 5.0 CVE-2015-6266
CISCO
cisco — asr_1000_series_software The IPv4 implementation on Cisco ASR 1000 devices with software 15.5(3)S allows remote attackers to cause a denial of service (ESP QFP CPU consumption) by triggering packet fragmentation and reassembly, aka Bug ID CSCuv71273. 2015-09-02 5.0 CVE-2015-6274
CISCO
cisco — 1000v The ARP implementation in Cisco NX-OS on Nexus 1000V devices for VMware vSphere 5.2(1)SV3(1.4), Nexus 3000 devices 7.3(0)ZD(0.47), Nexus 4000 devices 4.1(2)E1, Nexus 9000 devices 7.3(0)ZD(0.61), and MDS 9000 devices 7.0(0)HSK(0.353) and SAN-OS NX-OS on MDS 9000 devices 7.0(0)HSK(0.353) allows remote attackers to cause a denial of service (ARP process restart) via crafted packet-header fields, aka Bug ID CSCut25292. 2015-09-02 6.1 CVE-2015-6277
CISCO
documentcloud — navis_documentcloud Cross-site scripting (XSS) vulnerability in js/window.php in the Navis DocumentCloud plugin before 0.1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the wpbase parameter. 2015-09-01 4.3 CVE-2015-2807
CONFIRM
MISC
FULLDISC
MISC
geddyjs — geddy Directory traversal vulnerability in lib/app/index.js in Geddy before 13.0.8 for Node.js allows remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the PATH_INFO to the default URI. 2015-09-04 5.0 CVE-2015-5688
CONFIRM
CONFIRM
MISC
CONFIRM
CONFIRM
google — chrome The ContainerNode::parserRemoveChild function in core/dom/ContainerNode.cpp in Blink, as used in Google Chrome before 45.0.2454.85, does not check whether a node is expected, which allows remote attackers to bypass the Same Origin Policy or cause a denial of service (DOM tree corruption) via a web site with crafted JavaScript code and IFRAME elements. 2015-09-03 6.4 CVE-2015-1291
CONFIRM
CONFIRM
CONFIRM
google — chrome The NavigatorServiceWorker::serviceWorker function in modules/serviceworkers/NavigatorServiceWorker.cpp in Blink, as used in Google Chrome before 45.0.2454.85, allows remote attackers to bypass the Same Origin Policy by accessing a Service Worker. 2015-09-03 5.0 CVE-2015-1292
CONFIRM
CONFIRM
CONFIRM
CONFIRM
google — chrome The DOM implementation in Blink, as used in Google Chrome before 45.0.2454.85, allows remote attackers to bypass the Same Origin Policy via unspecified vectors. 2015-09-03 5.0 CVE-2015-1293
CONFIRM
CONFIRM
google — chrome The UnescapeURLWithAdjustmentsImpl implementation in net/base/escape.cc in Google Chrome before 45.0.2454.85 does not prevent display of Unicode LOCK characters in the omnibox, which makes it easier for remote attackers to spoof the SSL lock icon by placing one of these characters at the end of a URL, as demonstrated by the omnibox in localizations for right-to-left languages. 2015-09-03 5.0 CVE-2015-1296
CONFIRM
CONFIRM
CONFIRM
CONFIRM
google — chrome The RuntimeEventRouter::OnExtensionUninstalled function in extensions/browser/api/runtime/runtime_api.cc in Google Chrome before 45.0.2454.85 does not ensure that the setUninstallURL preference corresponds to the URL of a web site, which allows user-assisted remote attackers to trigger access to an arbitrary URL via a crafted extension that is uninstalled. 2015-09-03 4.3 CVE-2015-1298
CONFIRM
CONFIRM
CONFIRM
google — chrome The FrameFetchContext::updateTimingInfoForIFrameNavigation function in core/loader/FrameFetchContext.cpp in Blink, as used in Google Chrome before 45.0.2454.85, does not properly restrict the availability of IFRAME Resource Timing API times, which allows remote attackers to obtain sensitive information via crafted JavaScript code that leverages a history.back call. 2015-09-03 5.0 CVE-2015-1300
CONFIRM
CONFIRM
CONFIRM
google — chrome The decompose function in platform/transforms/TransformationMatrix.cpp in Blink, as used in Google Chrome before 45.0.2454.85, does not verify that a matrix inversion succeeded, which allows remote attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted web site. 2015-09-03 6.8 CVE-2015-6582
CONFIRM
CONFIRM
CONFIRM
CONFIRM
google — chrome Google Chrome before 45.0.2454.85 does not display a location bar for a hosted app’s window after navigation away from the installation site, which might make it easier for remote attackers to spoof content via a crafted app, related to browser.cc and hosted_app_browser_controller.cc. 2015-09-03 4.3 CVE-2015-6583
CONFIRM
CONFIRM
CONFIRM
CONFIRM
innominate — mguard_firmware The IPsec SA establishment process on Innominate mGuard devices with firmware 8.x before 8.1.7 allows remote authenticated users to cause a denial of service (VPN service restart) by leveraging a peer relationship to send a crafted configuration with compression. 2015-08-30 4.0 CVE-2015-3966
MISC
CONFIRM
linux — linux_kernel The UDF filesystem implementation in the Linux kernel before 3.18.2 does not validate certain lengths, which allows local users to cause a denial of service (buffer over-read and system crash) via a crafted filesystem image, related to fs/udf/inode.c and fs/udf/symlink.c. 2015-08-31 4.9 CVE-2014-9728
CONFIRM
CONFIRM
CONFIRM
CONFIRM
MLIST
CONFIRM
CONFIRM
CONFIRM
CONFIRM
linux — linux_kernel The udf_read_inode function in fs/udf/inode.c in the Linux kernel before 3.18.2 does not ensure a certain data-structure size consistency, which allows local users to cause a denial of service (system crash) via a crafted UDF filesystem image. 2015-08-31 4.9 CVE-2014-9729
CONFIRM
CONFIRM
MLIST
CONFIRM
CONFIRM
linux — linux_kernel The udf_pc_to_char function in fs/udf/symlink.c in the Linux kernel before 3.18.2 relies on component lengths that are unused, which allows local users to cause a denial of service (system crash) via a crafted UDF filesystem image. 2015-08-31 4.9 CVE-2014-9730
CONFIRM
CONFIRM
MLIST
CONFIRM
CONFIRM
linux — linux_kernel Memory leak in the __key_link_end function in security/keys/keyring.c in the Linux kernel before 4.1.4 allows local users to cause a denial of service (memory consumption) via many add_key system calls that refer to existing keys. 2015-08-31 4.9 CVE-2015-1333
CONFIRM
CONFIRM
MLIST
CONFIRM
CONFIRM
linux — linux_kernel Race condition in net/sctp/socket.c in the Linux kernel before 4.1.2 allows local users to cause a denial of service (list corruption and panic) via a rapid series of system calls related to sockets, as demonstrated by setsockopt calls. 2015-08-31 4.9 CVE-2015-3212
CONFIRM
CONFIRM
CONFIRM
CONFIRM
linux — linux_kernel The bpf_int_jit_compile function in arch/x86/net/bpf_jit_comp.c in the Linux kernel before 4.0.6 allows local users to cause a denial of service (system crash) by creating a packet filter and then loading crafted BPF instructions that trigger late convergence by the JIT compiler. 2015-08-31 4.9 CVE-2015-4700
CONFIRM
CONFIRM
MLIST
CONFIRM
CONFIRM
linux — linux_kernel The (1) udp_recvmsg and (2) udpv6_recvmsg functions in the Linux kernel before 4.0.6 provide inappropriate -EAGAIN return values, which allows remote attackers to cause a denial of service (EPOLLET epoll application read outage) via an incorrect checksum in a UDP packet, a different vulnerability than CVE-2015-5364. 2015-08-31 5.0 CVE-2015-5366
CONFIRM
CONFIRM
MLIST
CONFIRM
CONFIRM
linux — linux_kernel Use-after-free vulnerability in the path_openat function in fs/namei.c in the Linux kernel 3.x and 4.x before 4.0.4 allows local users to cause a denial of service or possibly have unspecified other impact via O_TMPFILE filesystem operations that leverage a duplicate cleanup operation. 2015-08-31 4.6 CVE-2015-5706
CONFIRM
CONFIRM
MLIST
CONFIRM
MISC
CONFIRM
linux — linux_kernel The perf_callchain_user_64 function in arch/powerpc/perf/callchain.c in the Linux kernel before 4.0.2 on ppc64 platforms allows local users to cause a denial of service (infinite loop) via a deep 64-bit userspace backtrace. 2015-08-31 4.9 CVE-2015-6526
CONFIRM
CONFIRM
MLIST
CONFIRM
CONFIRM
mediawiki — mediawiki The Special:Contributions page in MediaWiki before 1.22.0 allows remote attackers to determine if an IP is autoblocked via the “Change block” text. 2015-09-01 5.0 CVE-2013-7444
CONFIRM
MLIST
CONFIRM
MLIST
MLIST
FEDORA
mediawiki — mediawiki The Special:DeletedContributions page in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 allows remote attackers to determine if an IP is autoblocked via the “Change block” text. 2015-09-01 5.0 CVE-2015-6727
CONFIRM
MLIST
CONFIRM
MLIST
MLIST
FEDORA
mediawiki — mediawiki Cross-site scripting (XSS) vulnerability in thumb.php in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 allows remote attackers to inject arbitrary web script or HTML via the rel404 parameter, which is not properly handled in an error page. 2015-09-01 4.3 CVE-2015-6729
MLIST
MLIST
MLIST
FEDORA
mediawiki — mediawiki Cross-site scripting (XSS) vulnerability in thumb.php in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 allows remote attackers to inject arbitrary web script or HTML via the f parameter, which is not properly handled in an error page, related to “ForeignAPI images.” 2015-09-01 4.3 CVE-2015-6730
MLIST
MLIST
MLIST
FEDORA
mediawiki — mediawiki GeSHi, as used in the SyntaxHighlight_GeSHi extension and MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2, allows remote attackers to cause a denial of service (resource consumption) via unspecified vectors. 2015-09-01 5.0 CVE-2015-6733
CONFIRM
MLIST
MLIST
MLIST
FEDORA
mediawiki — mediawiki Cross-site scripting (XSS) vulnerability in contrib/cssgen.php in the GeSHi, as used in the SyntaxHighlight_GeSHi extension and MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2015-09-01 4.3 CVE-2015-6734
CONFIRM
MLIST
MLIST
MLIST
FEDORA
mybb — mybb Cross-site scripting (XSS) vulnerability in the quick edit function in xmlhttp.php in MyBB (aka MyBulletinBoard) before 1.8.5 allows remote attackers to inject arbitrary web script or HTML via the content of a post. 2015-09-03 4.3 CVE-2015-4552
CONFIRM
MISC
octobercms — october Cross-site scripting (XSS) vulnerability in October CMS build 271 and earlier allows remote attackers to inject arbitrary web script or HTML via the caption tag of a profile image. 2015-09-04 4.3 CVE-2015-5612
CONFIRM
CONFIRM
MLIST
MLIST
ok_web_server_project — ok_web_server Cross-site scripting (XSS) vulnerability in libahttp/err.c in OkCupid OKWS (OK Web Server) allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to a non-existent page, which is not properly handled in a 404 error page. 2015-08-31 4.3 CVE-2014-3148
MISC
MISC
CONFIRM
MISC
openafs — openafs The vlserver in OpenAFS before 1.6.13 allows remote authenticated users to cause a denial of service (out-of-bounds read and crash) via a crafted regular expression in a VL_ListAttributesN2 RPC. 2015-09-02 4.0 CVE-2015-6587
CONFIRM
MLIST
CONFIRM
DEBIAN
pacemaker/corosync_configuration_system_project — pacemaker/corosync_configuration_system Race condition in pcsd in PCS 0.9.139 and earlier uses a global variable to validate usernames, which allows remote authenticated users to gain privileges by sending a command that is checked for security after another user is authenticated. 2015-09-03 4.9 CVE-2015-5189
CONFIRM
REDHAT
php_font_lib_project — php_font_lib Cross-site scripting (XSS) vulnerability in www/make_subset.php in PHP Font Lib before 0.3.1 allows remote attackers to inject arbitrary web script or HTML via the name parameter. 2015-08-31 4.3 CVE-2014-2570
CONFIRM
CONFIRM
BID
BUGTRAQ
OSVDB
MISC
pligg — pligg_cms Cross-site request forgery (CSRF) vulnerability in Pligg CMS 2.0.2 allows remote attackers to hijack the authentication of administrators for requests that add an administrator via a request to admin/admin_users.php. 2015-08-31 6.8 CVE-2015-6655
EXPLOIT-DB
qemu — qemu The pit_ioport_read in i8254.c in the Linux kernel before 2.6.33 and QEMU before 2.3.1 does not distinguish between read lengths and write lengths, which might allow guest OS users to execute arbitrary code on the host OS by triggering use of an invalid index. 2015-08-31 6.9 CVE-2015-3214
CONFIRM
CONFIRM
MLIST
CONFIRM
CONFIRM
quiz_project — quiz The Quiz extension for MediaWiki allows remote attackers to cause a denial of service via regex metacharacters in a regular expression. 2015-09-01 5.0 CVE-2015-6736
MLIST
MLIST
MLIST
FEDORA
semanticforms_project — semanticforms Multiple cross-site scripting (XSS) vulnerabilities in the SemanticForms extension for MediaWiki allow remote attackers to inject arbitrary web script or HTML via a (1) section_*, (2) template_*, (3) label_*, or (4) new_template parameter to Special:CreateForm or (5) target or (6) alt_form parameter to Special:FormEdit. 2015-09-01 4.3 CVE-2015-6731
CONFIRM
MLIST
MLIST
MLIST
FEDORA
semanticforms_project — semanticforms Multiple cross-site scripting (XSS) vulnerabilities in the SemanticForms extension for MediaWiki allow remote attackers to inject arbitrary web script or HTML via the (1) wpSummary parameter to Special:FormEdit, the (2) “Template label (optional)” field in a form, or a (3) Field name in a template. 2015-09-01 4.3 CVE-2015-6732
CONFIRM
CONFIRM
CONFIRM
MLIST
MLIST
MLIST
FEDORA
siemens — compas The Siemens COMPAS Mobile application before 1.6 for Android does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. 2015-08-31 5.8 CVE-2015-5717
CONFIRM
softing — fg-x00_profibus_firmware Cross-site scripting (XSS) vulnerability in Softing FG-100 PROFIBUS Single Channel (FG-100-PB) with firmware FG-x00-PB_V2.02.0.00 allows remote attackers to inject arbitrary web script or HTML via the DEVICE_NAME parameter to cgi-bin/CFGhttp/. 2015-08-31 4.3 CVE-2014-6616
BID
BUGTRAQ
MISC
timedmediahandler_project — timedmediahandler The reset functionality in the TimedMediaHandler extension for MediaWiki does not create a new transcode, which allows remote attackers to cause a denial of service (transcode deletion) by resetting a transcode. 2015-09-01 5.0 CVE-2015-6735
CONFIRM
MLIST
MLIST
MLIST
FEDORA
webgroupmedia — cerb Cross-site request forgery (CSRF) vulnerability in ajax.php in Cerb before 7.0.4 allows remote attackers to hijack the authentication of administrators for requests that add an administrator account via a saveWorkerPeek action. 2015-09-03 6.8 CVE-2015-6545
MISC
CONFIRM
BUGTRAQ
CONFIRM
widgets_project — widgets Cross-site scripting (XSS) vulnerability in the Widgets extension for MediaWiki allows remote attackers to inject arbitrary web script or HTML via vectors involving base64 encoded content. 2015-09-01 4.3 CVE-2015-6737
MLIST
MLIST
MLIST
FEDORA

Back to top

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
basware — banking Basware Banking (Maksuliikenne) before 8.90.07.X stores private keys in plaintext in the SQL database, which allows remote attackers to spoof communications with banks via unspecified vectors. NOTE: this identifier was SPLIT from CVE-2015-0942 per ADT2 due to different vulnerability types. 2015-08-31 2.1 CVE-2015-6746
MISC
FULLDISC
check_mk_project — check_mk Multiple cross-site scripting (XSS) vulnerabilities in Check_MK before 1.2.2p3 and 1.2.3x before 1.2.3i5 allow remote authenticated users to inject arbitrary web script or HTML via the (1) agent string for a check_mk agent, a (2) crafted request to a monitored host, which is not properly handled by the logwatch module, or other unspecified vectors. 2015-08-31 3.5 CVE-2014-2329
BUGTRAQ
BUGTRAQ
fortinet — forticlient The (1) mdare64_48.sys, (2) mdare32_48.sys, (3) mdare32_52.sys, and (4) mdare64_52.sys drivers in Fortinet FortiClient before 5.2.4 allows local users to read arbitrary kernel memory via a 0x22608C ioctl call. 2015-09-03 2.1 CVE-2015-4077
SECTRACK
CONFIRM
MISC
invisionpower — invision_power_board Cross-site scripting (XSS) vulnerability in Invision Power Services IPS Community Suite (aka Invision Power Board, IPB, or Power Board) 4.x before 4.0.12.1 allows remote authenticated users to inject arbitrary web script or HTML via the event_location[address] array parameter to calendar/submit/. 2015-09-04 3.5 CVE-2015-6810
EXPLOIT-DB
CONFIRM
levelten_interactive — spotlight Cross-site scripting (XSS) vulnerability in the Spotlight module 7.x-1.x before 7.x-1.5 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via a node title. 2015-09-04 3.5 CVE-2015-6808
MISC
CONFIRM
linux — linux_kernel The UDF filesystem implementation in the Linux kernel before 3.18.2 does not ensure that space is available for storing a symlink target’s name along with a trailing character, which allows local users to obtain sensitive information via a crafted filesystem image, related to fs/udf/symlink.c and fs/udf/unicode.c. 2015-08-31 2.1 CVE-2014-9731
CONFIRM
CONFIRM
MLIST
CONFIRM
CONFIRM
linux — linux_kernel arch/x86/entry/entry_64.S in the Linux kernel before 4.1.6 on the x86_64 platform does not properly determine when nested NMI processing is occurring, which allows local users to cause a denial of service (skipped NMI) by modifying the rsp register, issuing a syscall instruction, and triggering an NMI. 2015-08-31 2.1 CVE-2015-3291
CONFIRM
CONFIRM
MLIST
CONFIRM
CONFIRM
linux — linux_kernel The get_bitmap_file function in drivers/md/md.c in the Linux kernel before 4.1.6 does not initialize a certain bitmap data structure, which allows local users to obtain sensitive information from kernel memory via a GET_BITMAP_FILE ioctl call. 2015-08-31 2.1 CVE-2015-5697
CONFIRM
CONFIRM
MLIST
CONFIRM
CONFIRM
mass_contact_project — mass_contact Cross-site scripting (XSS) vulnerability in the Mass Contact module 6.x-1.x before 6.x-1.6 and 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the “administer mass contact” permission to inject arbitrary web script or HTML via a category label. 2015-09-04 2.1 CVE-2015-6807
MISC
CONFIRM
CONFIRM
medhabidotcom — mdc_private_message Cross-site scripting (XSS) vulnerability in the MDC Private Message plugin 1.0.0 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the message field in a private message. 2015-09-02 3.5 CVE-2015-6805
EXPLOIT-DB
path_breadcrumbs_project — path_breadcrumbs Cross-site scripting (XSS) vulnerability in the administration interface in the Path Breadcrumbs module 7.x-3.x before 7.x-3.3 for Drupal allows remote authenticated users with the “Administer Path Breadcrumbs” permission to inject arbitrary web script or HTML via unspecified vectors. 2015-08-31 2.1 CVE-2015-6754
MISC
CONFIRM
polycom — realpresence_cloudaxis_suite Cross-site scripting (XSS) vulnerability in Polycom RealPresence CloudAXIS Suite before 1.7.0 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. 2015-09-03 3.5 CVE-2015-1516
MISC
quick_edit_project — quick_edit Multiple cross-site scripting (XSS) vulnerabilities in the Quick Edit module 7.x-1.x before 7.x-1.2 for Drupal allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via an (1) entity title, related to in-place editing, or a (2) node title. 2015-08-31 3.5 CVE-2015-6753
MISC
CONFIRM
search_api_autocomplete_project — search_api_autocomplete Cross-site scripting (XSS) vulnerability in the Search API Autocomplete module 7.x-1.x before 7.x-1.3 for Drupal, when the search index is configured to use the HTML filter processor, allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors, which are not properly handled in the returned suggestions. 2015-08-31 2.1 CVE-2015-6752
MISC
CONFIRM
time_tracker_project — time_tracker Multiple cross-site scripting (XSS) vulnerabilities in the Time Tracker module 7.x-1.x before 7.x-1.4 for Drupal allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via a (1) notes added to a time entry or (2) activity used to categorize time tracker entries. 2015-08-31 3.5 CVE-2015-6751
MISC
CONFIRM
CONFIRM
type74 — ed Type74 ED before 4.0 misuses 128-bit ECB encryption for small files, which makes it easier for attackers to obtain plaintext data via differential cryptanalysis of a file with an original length smaller than 128 bits. 2015-08-28 2.6 CVE-2015-2987
CONFIRM
CONFIRM
JVNDB
JVN
xen — xen The xenmem_add_to_physmap_one function in arch/arm/mm.c in Xen 4.5.x, 4.4.x, and earlier does not limit the number of printk console messages when reporting a failure to retrieve a reference on a foreign page, which allows remote domains to cause a denial of service by leveraging permissions to map the memory of a foreign guest. 2015-09-03 2.1 CVE-2015-6654
CONFIRM
SECTRACK
youtube_embed_project — youtube_embed Cross-site scripting (XSS) vulnerability in includes/options-profiles.php in the YouTube Embed plugin before 3.3.3 for WordPress allows remote administrators to inject arbitrary web script or HTML via the Profile name field (youtube_embed_name parameter). 2015-08-31 3.5 CVE-2015-6535
CONFIRM
BUGTRAQ
MISC

Back to top


This product is provided subject to this Notification and this Privacy & Use policy.

Cisco Releases Security Updates

Original release date: September 03, 2015

Cisco has released security updates to address vulnerabilities in its Integrated Management Controller (IMC) Supervisor, and the UCS Director (formally known as Cloupia Unified Infrastructure Controller). Exploitation of these vulnerabilities may allow a remote attacker to gain unauthorized access, or cause a denial-of-service condition.

US-CERT encourages users and administrators to review the Cisco Security Advisory, and apply the necessary updates.


This product is provided subject to this Notification and this Privacy & Use policy.

Internet Systems Consortium (ISC) Releases Security Updates for BIND

Original release date: September 02, 2015

ISC has released security updates to address vulnerabilities in BIND. Exploitation of these vulnerabilities may allow a remote attacker to cause a denial-of-service condition.

Available updates include:

  • BIND 9 version 9.9.7-P3
  • BIND 9 version 9.10.2-P4

Users and administrators are encouraged to review ISC Knowledge Base Articles AA-01291 and AA-01287 and apply the necessary updates.


This product is provided subject to this Notification and this Privacy & Use policy.

Google Releases Security Update for Chrome

Original release date: September 01, 2015

Google has released Chrome version 45.0.2454.85 to address multiple vulnerabilities for Windows, Mac, and Linux. Exploitation of one of these vulnerabilities may allow an attacker to take control of an affected system.

US-CERT encourages users and administrators to review the Chrome Releases page and apply the necessary update.


This product is provided subject to this Notification and this Privacy & Use policy.

SB15-243: Vulnerability Summary for the Week of August 24, 2015

Original release date: August 31, 2015

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0

  • Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9

  • Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
actiontec — _ncs01_firmware Actiontec GT784WN modems with firmware before NCS01-1.0.13 have hardcoded credentials, which makes it easier for remote attackers to obtain root access by connecting to the web administration interface. 2015-08-23 8.3 CVE-2015-2904
CERT-VN
adobe — air Use-after-free vulnerability in Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-5127, CVE-2015-5130, CVE-2015-5134, CVE-2015-5539, CVE-2015-5540, CVE-2015-5550, CVE-2015-5551, CVE-2015-5556, CVE-2015-5557, CVE-2015-5559, CVE-2015-5561, CVE-2015-5563, CVE-2015-5564, and CVE-2015-5565. 2015-08-24 10.0 CVE-2015-5566
CONFIRM
apache — tapestry Apache Tapestry before 5.3.6 relies on client-side object storage without checking whether a client has modified an object, which allows remote attackers to cause a denial of service (resource consumption) or execute arbitrary code via crafted serialized data. 2015-08-22 7.8 CVE-2014-1972
CONFIRM
CONFIRM
JVNDB
JVN
apache — activemq The LDAPLoginModule implementation the Java Authentication and Authorization Service (JAAS) in Apache ActiveMQ 5.x before 5.10.1 allows remote attackers to bypass authentication by logging in with an empty password and valid username, which triggers an unauthenticated bind. NOTE: this identifier has been SPLIT per ADT2 due to different vulnerability types. See CVE-2015-6524 for the use of wildcard operators in usernames. 2015-08-24 7.5 CVE-2014-3612
BID
MLIST
REDHAT
REDHAT
CONFIRM
drupal — drupal SQL injection vulnerability in the SQL comment filtering system in the Database API in Drupal 7.x before 7.39 allows remote attackers to execute arbitrary SQL commands via an SQL comment. 2015-08-24 7.5 CVE-2015-6659
CONFIRM
f5 — big-ip_access_policy_manager Memory leak in the virtual server component in F5 Big-IP LTM, AAM, AFM, Analytics, APM, ASM, GTM, Link Controller, and PEM 11.5.x before 11.5.1 HF10, 11.5.3 before HF1, and 11.6.0 before HF5, BIG-IQ Cloud, Device, and Security 4.4.0 through 4.5.0, and BIG-IQ ADC 4.5.0 allows remote attackers to cause a denial of service (memory consumption) via a large number of crafted ICMP packets. 2015-08-24 7.8 CVE-2015-5058
CONFIRM
SECTRACK
hp — operations_manager_i Unspecified vulnerability in HP Operations Manager i (OMi) 9.22, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote attackers to execute arbitrary code via unknown vectors. 2015-08-22 10.0 CVE-2015-2137
HP
hp — hspa+_gobi_4g The HP lt4112 LTE/HSPA+ Gobi 4G module with firmware before 12.500.00.15.1803 on EliteBook, ElitePad, Elite, ProBook, Spectre, ZBook, and mt41 Thin Client devices allows remote attackers to modify data or cause a denial of service, or execute arbitrary code, via unspecified vectors. 2015-08-27 7.8 CVE-2015-5368
HP
hp — systems_insight_manager HP Systems Insight Manager (SIM) before 7.5.0, as used in HP Matrix Operating Environment before 7.5.0 and other products, allows local users to gain privileges, and consequently obtain sensitive information, modify data, or cause a denial of service, via unspecified vectors. 2015-08-26 7.2 CVE-2015-5402
HP
HP
hp — systems_insight_manager HP Systems Insight Manager (SIM) before 7.5.0, as used in HP Matrix Operating Environment before 7.5.0 and other products, allows remote attackers to obtain sensitive information or modify data via unspecified vectors. 2015-08-26 7.5 CVE-2015-5404
HP
HP
hp — centralview_credit_risk_control HP CentralView Fraud Risk Management 11.1, 11.2, and 11.3; CentralView Revenue Leakage Control 4.1, 4.2, and 4.3; CentralView Dealer Performance Audit 2.0 and 2.1; CentralView Credit Risk Control 2.1, 2.2, and 2.3; CentralView Roaming Fraud Control 2.1, 2.2, and 2.3; and CentralView Subscription Fraud Prevention 2.0 and 2.1 allow remote attackers to obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2015-5407 and CVE-2015-5408. 2015-08-22 9.0 CVE-2015-5406
HP
hp — version_control_repository_manager Buffer overflow in HP Version Control Repository Manager (VCRM) before 7.5.0 allows remote authenticated users to modify data or cause a denial of service via unspecified vectors. 2015-08-26 7.5 CVE-2015-5409
HP
hp — keyview Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2875. 2015-08-24 7.5 CVE-2015-5416
HP
hp — keyview Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2876. 2015-08-24 7.5 CVE-2015-5417
HP
hp — keyview Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2877. 2015-08-24 7.5 CVE-2015-5418
HP
hp — keyview Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2879. 2015-08-24 7.5 CVE-2015-5419
HP
hp — keyview Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2880. 2015-08-24 7.5 CVE-2015-5420
HP
hp — keyview Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2881. 2015-08-24 7.5 CVE-2015-5421
HP
hp — keyview Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2883. 2015-08-24 7.5 CVE-2015-5422
HP
hp — keyview Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2884. 2015-08-24 7.5 CVE-2015-5423
HP
hp — keyview Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2885. 2015-08-24 7.5 CVE-2015-5424
HP
hp — matrix_operating_environment HP Matrix Operating Environment before 7.5.0 allows remote attackers to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2015-5428 and CVE-2015-5429. 2015-08-26 7.5 CVE-2015-5427
HP
hp — matrix_operating_environment HP Matrix Operating Environment before 7.5.0 allows remote attackers to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2015-5427 and CVE-2015-5429. 2015-08-26 7.5 CVE-2015-5428
HP
hp — matrix_operating_environment HP Matrix Operating Environment before 7.5.0 allows remote attackers to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2015-5427 and CVE-2015-5428. 2015-08-26 7.5 CVE-2015-5429
HP
hp — virtual_connect_enterprise_manager_sdk HP Virtual Connect Enterprise Manager (VCEM) SDK before 7.5.0, as used in HP Matrix Operating Environment before 7.5.0 and other products, allows remote attackers to obtain sensitive information or modify data via unspecified vectors. 2015-08-26 7.5 CVE-2015-5432
HP
HP
ibm — systems_director IBM Systems Director 5.2.x, 6.1.x, 6.2.0.x, 6.2.1.x, 6.3.0.0, 6.3.1.x, 6.3.2.x, 6.3.3.x, 6.3.5.0, and 6.3.6.0 improperly processes events, which allows local users to gain privileges via unspecified vectors. 2015-08-23 7.2 CVE-2015-1992
CONFIRM
AIXAPAR
CONFIRM
libevent_project — libevent Multiple integer overflows in the evbuffer API in Libevent 1.4.x before 1.4.15, 2.0.x before 2.0.22, and 2.1.x before 2.1.5-beta allow context-dependent attackers to cause a denial of service or possibly have other unspecified impact via “insanely large inputs” to the (1) evbuffer_add, (2) evbuffer_expand, or (3) bufferevent_write function, which triggers a heap-based buffer overflow or an infinite loop. NOTE: this identifier has been SPLIT per ADT3 due to different affected versions. See CVE-2015-6525 for the functions that are only affected in 2.0 and later. 2015-08-24 7.5 CVE-2014-6272
DEBIAN
MLIST
libevent_project — libevent Multiple integer overflows in the evbuffer API in Libevent 2.0.x before 2.0.22 and 2.1.x before 2.1.5-beta allow context-dependent attackers to cause a denial of service or possibly have other unspecified impact via “insanely large inputs” to the (1) evbuffer_add, (2) evbuffer_prepend, (3) evbuffer_expand, (4) exbuffer_reserve_space, or (5) evbuffer_read function, which triggers a heap-based buffer overflow or an infinite loop. NOTE: this identifier was SPLIT from CVE-2014-6272 per ADT3 due to different affected versions. 2015-08-24 7.5 CVE-2015-6525
DEBIAN
MLIST
mobile_devices — c4_obd-ii_dongle_firmware ** DISPUTED ** Mobile Devices (aka MDI) C4 OBD-II dongles with firmware 2.x and 3.4.x, as used in Metromile Pulse and other products, store SSH private keys that are the same across different customers’ installations, which makes it easier for remote attackers to obtain access by leveraging knowledge of a private key from another installation. NOTE: the vendor states “This was a flaw for the developer/debugging devices (again not possible in production versions).” 2015-08-23 9.0 CVE-2015-2906
CONFIRM
CERT-VN
MISC
mobile_devices — c4_obd-ii_dongle_firmware ** DISPUTED ** Mobile Devices (aka MDI) C4 OBD-II dongles with firmware 2.x and 3.4.x, as used in Metromile Pulse and other products, have hardcoded SSH credentials, which makes it easier for remote attackers to obtain access by leveraging knowledge of the required username and password. NOTE: the vendor states “This was a flaw for the developer/debugging devices (again not possible in production versions).” 2015-08-23 9.0 CVE-2015-2907
CONFIRM
CERT-VN
MISC
mobile_devices — c4_obd-ii_dongle_firmware ** DISPUTED ** Mobile Devices (aka MDI) C4 OBD-II dongles with firmware 2.x and 3.4.x, as used in Metromile Pulse and other products, do not validate firmware updates, which allows remote attackers to execute arbitrary code by specifying an update server. NOTE: the vendor states “This was a flaw for the developer/debugging devices, and was fixed in production version about 3 years ago.” 2015-08-23 9.0 CVE-2015-2908
CONFIRM
CERT-VN
MISC
openbsd — openssh sshd in OpenSSH 6.8 and 6.9 uses world-writable permissions for TTY devices, which allows local users to cause a denial of service (terminal disruption) or possibly have unspecified other impact by writing to a device, as demonstrated by writing an escape sequence. 2015-08-23 7.2 CVE-2015-6565
MLIST
CONFIRM
polarssl — polarssl Memory leak in PolarSSL before 1.2.12 and 1.3.x before 1.3.9 allows remote attackers to cause a denial of service (memory consumption) via a large number of crafted X.509 certificates. NOTE: this identifier has been SPLIT per ADT3 due to different affected versions. See CVE-2014-9744 for the ClientHello message issue. 2015-08-24 7.8 CVE-2014-8628
CONFIRM
CONFIRM
SUSE
polarssl — polarssl Memory leak in PolarSSL before 1.3.9 allows remote attackers to cause a denial of service (memory consumption) via a large number of ClientHello messages. NOTE: this identifier was SPLIT from CVE-2014-8628 per ADT3 due to different affected versions. 2015-08-24 7.8 CVE-2014-9744
CONFIRM
SUSE
redhat — openshift Red Hat OpenShift Enterprise 3.0.0.0 does not properly check permissions, which allows remote authenticated users with build permissions to execute arbitrary shell commands with root permissions on arbitrary build pods via unspecified vectors. 2015-08-24 8.5 CVE-2015-5222
REDHAT

Back to top

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
actiontec — _ncs01_firmware Cross-site request forgery (CSRF) vulnerability on Actiontec GT784WN modems with firmware before NCS01-1.0.13 allows remote attackers to hijack the authentication or intranet connectivity of arbitrary users. 2015-08-23 6.8 CVE-2015-2905
CERT-VN
adobe — livecycle_data_services Apache Flex BlazeDS, as used in flex-messaging-core.jar in Adobe LiveCycle Data Services (LCDS) 3.0.x before 3.0.0.354170, 4.5 before 4.5.1.354169, 4.6.2 before 4.6.2.354169, and 4.7 before 4.7.0.354169 and other products, allows remote attackers to read arbitrary files via an AMF message containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. 2015-08-24 5.0 CVE-2015-3269
CONFIRM
BUGTRAQ
apache — activemq The LDAPLoginModule implementation the Java Authentication and Authorization Service (JAAS) in Apache ActiveMQ 5.x before 5.10.1 allows wildcard operators in usernames, which allows remote attackers to obtain credentials via a brute force attack. NOTE: this identifier was SPLIT from CVE-2014-3612 per ADT2 due to different vulnerability types. 2015-08-24 5.0 CVE-2015-6524
CONFIRM
apple — quicktime Apple QuickTime before 7.7.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file, a different vulnerability than CVE-2015-5786. 2015-08-24 6.8 CVE-2015-5785
APPLE
CONFIRM
apple — quicktime Apple QuickTime before 7.7.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file, a different vulnerability than CVE-2015-5785. 2015-08-24 6.8 CVE-2015-5786
APPLE
CONFIRM
chaos_tool_suite_project — ctools Cross-site scripting (XSS) vulnerability in the Ajax handler in Drupal 7.x before 7.39 and the Ctools module 6.x-1.x before 6.x-1.14 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors involving a whitelisted HTML element, possibly related to the “a” tag. 2015-08-24 4.3 CVE-2015-6665
CONFIRM
MISC
CONFIRM
cisco — asr_5000_series_software Cisco ASR 5000 devices with software 19.0.M0.60828 allow remote attackers to cause a denial of service (OSPF process restart) via crafted length fields in headers of OSPF packets, aka Bug ID CSCuv62820. 2015-08-22 5.0 CVE-2015-6256
CISCO
cisco — wireless_lan_controller_software The Internet Access Point Protocol (IAPP) module on Cisco Wireless LAN Controller (WLC) devices with software 8.1(104.37) allows remote attackers to trigger incorrect traffic forwarding via crafted IPv6 packets, aka Bug ID CSCuv40033. 2015-08-22 5.0 CVE-2015-6258
CISCO
cisco — telepresence_video_communication_server_software Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 allows remote authenticated users to bypass intended access restrictions and read configuration files by leveraging the Mobile and Remote Access (MRA) role and establishing a TFTP session, aka Bug ID CSCuv78531. 2015-08-26 4.0 CVE-2015-6261
CISCO
cisco — prime_infrastructure Cross-site request forgery (CSRF) vulnerability in Cisco Prime Infrastructure 1.2(0.103) and 2.0(0.0) allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCum49054 and CSCum49059. 2015-08-24 6.8 CVE-2015-6262
CISCO
cisco — application_control_engine_4700 The CLI in Cisco Application Control Engine (ACE) 4700 A5 3.0 and earlier allows local users to bypass intended access restrictions, and read or write to files, by entering an unspecified CLI command with a crafted file as this command’s input, aka Bug ID CSCur23662. 2015-08-26 4.3 CVE-2015-6265
CISCO
conntrack-tools_project — conntrack-tools conntrackd in conntrack-tools 1.4.2 and earlier does not ensure that the optional kernel modules are loaded before using them, which allows remote attackers to cause a denial of service (crash) via a (1) DCCP, (2) SCTP, or (3) ICMPv6 packet. 2015-08-24 5.0 CVE-2015-6496
CONFIRM
MLIST
MLIST
DEBIAN
CONFIRM
dell — sonicwall_netextender_firmware Unquoted Windows search path vulnerability in the autorun value in Dell SonicWall NetExtender with firmware before 7.5.1.2 and 8.x before 8.0.0.3 allows local users to gain privileges via a Trojan horse program in the %SYSTEMDRIVE% folder. 2015-08-26 4.4 CVE-2015-4173
BUGTRAQ
MISC
djangoproject — django contrib.sessions.middleware.SessionMiddleware in Django 1.8.x before 1.8.4, 1.7.x before 1.7.10, 1.4.x before 1.4.22, and possibly other versions allows remote attackers to cause a denial of service (session store consumption or session record removal) via a large number of requests to contrib.auth.views.logout, which triggers the creation of an empty session record. 2015-08-24 5.0 CVE-2015-5963
MISC
UBUNTU
djangoproject — django The (1) contrib.sessions.backends.base.SessionBase.flush and (2) cache_db.SessionStore.flush functions in Django 1.7.x before 1.7.10, 1.4.x before 1.4.22, and possibly other versions create empty sessions in certain circumstances, which allows remote attackers to cause a denial of service (session store consumption) via unspecified vectors. 2015-08-24 5.0 CVE-2015-5964
MISC
UBUNTU
drupal — drupal Cross-site scripting (XSS) vulnerability in the Autocomplete system in Drupal 6.x before 6.37 and 7.x before 7.39 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, related to uploading files. 2015-08-24 4.3 CVE-2015-6658
CONFIRM
drupal — drupal The Form API in Drupal 6.x before 6.37 and 7.x before 7.39 does not properly validate the form token, which allows remote attackers to conduct CSRF attacks that upload files in a different user’s account via vectors related to “file upload value callbacks.” 2015-08-24 6.8 CVE-2015-6660
CONFIRM
drupal — drupal Drupal 6.x before 6.37 and 7.x before 7.39 allows remote attackers to obtain sensitive node titles by reading the menu. 2015-08-24 5.0 CVE-2015-6661
CONFIRM
gnu — glibc The getaddrinfo function in glibc before 2.15, when compiled with libidn and the AI_IDN flag is used, allows context-dependent attackers to cause a denial of service (invalid free) and possibly execute arbitrary code via unspecified vectors, as demonstrated by an internationalized domain name to ping6. 2015-08-26 5.1 CVE-2013-7424
CONFIRM
CONFIRM
CONFIRM
CONFIRM
MLIST
REDHAT
gnu — gnutls Double free vulnerability in GnuTLS before 3.3.17 and 3.4.x before 3.4.4 allows remote attackers to cause a denial of service via a long DistinguishedName (DN) entry in a certificate. 2015-08-24 5.0 CVE-2015-6251
CONFIRM
CONFIRM
BID
MLIST
MLIST
CONFIRM
DEBIAN
hp — operations_manager_i Unspecified vulnerability in the execve system-call implementation in HP HP-UX B.11.11, B.11.23, and B.11.31 allows local users to gain privileges via unknown vectors. 2015-08-22 4.4 CVE-2015-2132
HP
hp — systems_insight_manager HP Systems Insight Manager (SIM) before 7.5.0, as used in HP Matrix Operating Environment before 7.5.0 and other products, allows remote authenticated users to obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2015-5403. 2015-08-26 4.0 CVE-2015-2139
HP
HP
hp — systems_insight_manager HP Systems Insight Manager (SIM) before 7.5.0, as used in HP Matrix Operating Environment before 7.5.0 and other products, allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors. 2015-08-26 6.5 CVE-2015-2140
HP
HP
hp — hspa+_gobi_4g The HP lt4112 LTE/HSPA+ Gobi 4G module with firmware before 12.500.00.15.1803 on EliteBook, ElitePad, Elite, ProBook, Spectre, ZBook, and mt41 Thin Client devices allows local users to gain privileges via unspecified vectors. 2015-08-27 6.9 CVE-2015-5367
HP
hp — systems_insight_manager HP Systems Insight Manager (SIM) before 7.5.0, as used in HP Matrix Operating Environment before 7.5.0 and other products, allows remote authenticated users to obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2015-2139. 2015-08-26 4.0 CVE-2015-5403
HP
HP
hp — systems_insight_manager HP Systems Insight Manager (SIM) before 7.5.0, as used in HP Matrix Operating Environment before 7.5.0 and other products, allows remote authenticated users to obtain sensitive information, modify data, or cause a denial of service via unspecified vectors. 2015-08-26 6.5 CVE-2015-5405
HP
HP
hp — centralview_credit_risk_control HP CentralView Fraud Risk Management 11.1, 11.2, and 11.3; CentralView Revenue Leakage Control 4.1, 4.2, and 4.3; CentralView Dealer Performance Audit 2.0 and 2.1; CentralView Credit Risk Control 2.1, 2.2, and 2.3; CentralView Roaming Fraud Control 2.1, 2.2, and 2.3; and CentralView Subscription Fraud Prevention 2.0 and 2.1 allow remote attackers to obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2015-5406 and CVE-2015-5408. 2015-08-22 6.0 CVE-2015-5407
HP
hp — centralview_credit_risk_control HP CentralView Fraud Risk Management 11.1, 11.2, and 11.3; CentralView Revenue Leakage Control 4.1, 4.2, and 4.3; CentralView Dealer Performance Audit 2.0 and 2.1; CentralView Credit Risk Control 2.1, 2.2, and 2.3; CentralView Roaming Fraud Control 2.1, 2.2, and 2.3; and CentralView Subscription Fraud Prevention 2.0 and 2.1 allow remote attackers to obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2015-5406 and CVE-2015-5407. 2015-08-22 6.0 CVE-2015-5408
HP
hp — version_control_repository_manager HP Version Control Repository Manager (VCRM) before 7.5.0 allows remote authenticated users to execute arbitrary code or cause a denial of service via unspecified vectors. 2015-08-26 6.5 CVE-2015-5410
HP
hp — version_control_repository_manager HP Version Control Repository Manager (VCRM) before 7.5.0 allows remote authenticated users to obtain sensitive information via unspecified vectors. 2015-08-26 6.8 CVE-2015-5411
HP
hp — version_control_repository_manager Cross-site request forgery (CSRF) vulnerability in HP Version Control Repository Manager (VCRM) before 7.5.0 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors. 2015-08-26 6.0 CVE-2015-5412
HP
hp — version_control_repository_manager HP Version Control Repository Manager (VCRM) before 7.5.0 allows remote authenticated users to gain privileges and obtain sensitive information via unspecified vectors. 2015-08-26 4.0 CVE-2015-5413
HP
hp — matrix_operating_environment HP Matrix Operating Environment before 7.5.0 allows remote attackers to obtain sensitive information via unspecified vectors. 2015-08-26 5.0 CVE-2015-5430
HP
hp — matrix_operating_environment HP Matrix Operating Environment before 7.5.0 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors. 2015-08-26 6.5 CVE-2015-5431
HP
hp — virtual_connect_enterprise_manager_sdk HP Virtual Connect Enterprise Manager (VCEM) SDK before 7.5.0, as used in HP Matrix Operating Environment before 7.5.0 and other products, allows remote authenticated users to obtain sensitive information via unspecified vectors. 2015-08-26 4.0 CVE-2015-5433
HP
HP
ibm — websphere_application_server IBM WebSphere Application Server 7.x before 7.0.0.39, 8.0.x before 8.0.0.11, and 8.5.x before 8.5.5.7 and WebSphere Virtual Enterprise before 7.0.0.7 allow remote attackers to obtain potentially sensitive information about the proxy-server software by reading the HTTP Via header. 2015-08-22 5.0 CVE-2015-1932
CONFIRM
AIXAPAR
ibm — domino Open redirect vulnerability in the web server in IBM Domino 8.5 before 8.5.3 FP6 IF9 and 9.0 before 9.0.1 FP4 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks or cross-site scripting (XSS) attacks via a crafted URL, aka SPR SJAR9DNGDA. 2015-08-22 5.8 CVE-2015-2014
CONFIRM
ibm — domino Cross-site scripting (XSS) vulnerability in pubnames.ntf (aka the Directory template) in the web server in IBM Domino before 9.0.0 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka SPR KLYH8WBPRN. 2015-08-22 4.3 CVE-2015-2015
CONFIRM
ibm — websphere_application_server IBM WebSphere Application Server 7.x before 7.0.0.39, 8.0.x before 8.0.0.11, and 8.5.x before 8.5.5.7 allows remote attackers to spoof servlets and obtain sensitive information via unspecified vectors. 2015-08-22 5.0 CVE-2015-4938
CONFIRM
AIXAPAR
ibm — tivoli_storage_fastback_for_microsoft_exchange The mailbox-restore feature in IBM Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server 6.1 before 6.1.3.6, 6.3 before 6.3.1.3, 6.4 before 6.4.1.4, and 7.1 before 7.1.0.2; Tivoli Storage FlashCopy Manager: FlashCopy Manager for Microsoft Exchange Server 2.1, 2.2, 3.1 before 3.1.1.5, 3.2 before 3.2.1.7, and 4.1 before 4.1.1; and Tivoli Storage Manager FastBack for Microsoft Exchange 6.1 before 6.1.5.4 does not ensure that the correct mailbox is selected, which allows remote authenticated users to obtain sensitive information via a duplicate alias name. 2015-08-23 4.0 CVE-2015-4950
CONFIRM
AIXAPAR
AIXAPAR
iodata — wn-g54/r2_firmware I-O DATA DEVICE WN-G54/R2 routers with firmware before 1.03 and NP-BBRS routers allow remote attackers to cause a denial of service (SSDP reflection) via UPnP requests. 2015-08-22 5.0 CVE-2015-2984
CONFIRM
JVNDB
JVN
kernel — linux-pam The _unix_run_helper_binary function in the pam_unix module in Linux-PAM (aka pam) before 1.2.1, when unable to directly access passwords, allows local users to enumerate usernames or cause a denial of service (hang) via a large password. 2015-08-24 5.8 CVE-2015-3238
MISC
MISC
CONFIRM
MLIST
REDHAT
openbsd — openssh Use-after-free vulnerability in the mm_answer_pam_free_ctx function in monitor.c in sshd in OpenSSH before 7.0 on non-OpenBSD platforms might allow local users to gain privileges by leveraging control of the sshd uid to send an unexpectedly early MONITOR_REQ_PAM_FREE_CTX request. 2015-08-23 6.9 CVE-2015-6564
CONFIRM
MLIST
CONFIRM
FULLDISC
openstack — neutron OpenStack Neutron before 2014.2.4 (juno) and 2015.1.x before 2015.1.1 (kilo), when using the IPTables firewall driver, allows remote authenticated users to cause a denial of service (L2 agent crash) by adding an address pair that is rejected by the ipset tool. 2015-08-26 4.0 CVE-2015-3221
CONFIRM
REDHAT
MLIST
php_kobo — photo_gallery_cms_free Cross-site scripting (XSS) vulnerability in jquery.lightbox-0.5.min.js in PHP Kobo Photo Gallery CMS for PC, smartphone and feature phone 1.0.1 Free and earlier allows remote authenticated users to inject arbitrary web script or HTML via unspecified input to admin.php. 2015-08-22 4.3 CVE-2015-2982
CONFIRM
JVNDB
JVN
php_kobo — photo_gallery_cms_free Cross-site request forgery (CSRF) vulnerability in admin.php in PHP Kobo Photo Gallery CMS for PC, smartphone and feature phone 1.0.1 Free and earlier allows remote attackers to hijack the authentication of arbitrary users. 2015-08-22 6.8 CVE-2015-2983
CONFIRM
JVNDB
JVN
picketlink — picketlink The invokeNextValve function in identity/federation/bindings/tomcat/idp/AbstractIDPValve.java in PicketLink before 2.8.0.Beta1 does not properly check role based authorization, which allows remote authenticated users to gain access to restricted application resources via a (1) direct request or (2) request through an SP initiated flow. 2015-08-26 4.0 CVE-2015-3158
CONFIRM
CONFIRM
CONFIRM
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
redhat — mod_cluster Cross-site scripting (XSS) vulnerability in the manager web interface in mod_cluster before 1.3.2.Alpha1 allows remote attackers to inject arbitrary web script or HTML via a crafted MCMP message. 2015-08-24 4.3 CVE-2015-0298
CONFIRM
REDHAT
REDHAT
rubygems — rubygems RubyGems 2.0.x before 2.0.17, 2.2.x before 2.2.5, and 2.4.x before 2.4.8 does not validate the hostname when fetching gems or making API request, which allows remote attackers to redirect requests to arbitrary domains via a crafted DNS SRV record with a domain that is suffixed with the original domain name, aka a “DNS hijack attack.” NOTE: this vulnerability exists because to an incomplete fix for CVE-2015-3900. 2015-08-25 4.3 CVE-2015-4020
MISC
MISC
CONFIRM
CONFIRM
CONFIRM
sap — netweaver XML external entity (XXE) vulnerability in SAP NetWeaver Portal 7.4 allows remote attackers to read arbitrary files and possibly have other unspecified impact via crafted XML data, aka SAP Security Note 2168485. 2015-08-24 6.8 CVE-2015-6662
MISC
sap — afaria Cross-site scripting (XSS) vulnerability in the Client form in the Device Inspector page in SAP Afaria 7 allows remote attackers to inject arbitrary web script or HTML via crafted client name data, aka SAP Security Note 2152669. 2015-08-24 4.3 CVE-2015-6663
MISC
sap — mobile_platform XML external entity (XXE) vulnerability in the application import functionality in SAP Mobile Platform 2.3 allows remote attackers to read arbitrary files and possibly have other unspecified impact via crafted XML data, aka SAP Security Note 2152227. 2015-08-24 6.8 CVE-2015-6664
MISC
sgi — xfsprogs xfs_metadump in xfsprogs before 3.2.4 does not properly obfuscate file data, which allows remote attackers to obtain sensitive information by reading a generated image. 2015-08-25 5.0 CVE-2012-2150
CONFIRM
MLIST
MLIST
MLIST
SUSE
FEDORA
FEDORA
FEDORA
trend_micro — deep_discovery_inspector Multiple cross-site scripting (XSS) vulnerabilities in Trend Micro Deep Discovery Inspector (DDI) on Deep Discovery Threat appliances with software before 3.5.1477, 3.6.x before 3.6.1217, 3.7.x before 3.7.1248, 3.8.x before 3.8.1263, and other versions allow remote attackers to inject arbitrary web script or HTML via (1) crafted input to index.php that is processed by certain Internet Explorer 7 configurations or (2) crafted input to the widget feature. 2015-08-23 4.3 CVE-2015-2872
CERT-VN
CONFIRM
trend_micro — deep_discovery_inspector Trend Micro Deep Discovery Inspector (DDI) on Deep Discovery Threat appliances with software before 3.5.1477, 3.6.x before 3.6.1217, 3.7.x before 3.7.1248, 3.8.x before 3.8.1263, and other versions allows remote attackers to obtain sensitive information or change the configuration via a direct request to the (1) system log URL, (2) whitelist URL, or (3) blacklist URL. 2015-08-23 5.5 CVE-2015-2873
CERT-VN
CONFIRM
videolan — vlc_media_player VideoLAN VLC media player 2.2.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted 3GP file, which triggers the freeing of arbitrary pointers. 2015-08-25 6.8 CVE-2015-5949
MISC
CONFIRM
BUGTRAQ
MLIST
MLIST
DEBIAN
MISC
wireshark — wireshark The proto_tree_add_bytes_item function in epan/proto.c in the protocol-tree implementation in Wireshark 1.12.x before 1.12.7 does not properly terminate a data structure after a failure to locate a number within a string, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. 2015-08-24 4.3 CVE-2015-6241
CONFIRM
CONFIRM
CONFIRM
wireshark — wireshark The wmem_block_split_free_chunk function in epan/wmem/wmem_allocator_block.c in the wmem block allocator in the memory manager in Wireshark 1.12.x before 1.12.7 does not properly consider a certain case of multiple realloc operations that restore a memory chunk to its original size, which allows remote attackers to cause a denial of service (incorrect free operation and application crash) via a crafted packet. 2015-08-24 4.3 CVE-2015-6242
CONFIRM
CONFIRM
CONFIRM
wireshark — wireshark The dissector-table implementation in epan/packet.c in Wireshark 1.12.x before 1.12.7 mishandles table searches for empty strings, which allows remote attackers to cause a denial of service (application crash) via a crafted packet, related to the (1) dissector_get_string_handle and (2) dissector_get_default_string_handle functions. 2015-08-24 4.3 CVE-2015-6243
CONFIRM
CONFIRM
CONFIRM
wireshark — wireshark The dissect_zbee_secure function in epan/dissectors/packet-zbee-security.c in the ZigBee dissector in Wireshark 1.12.x before 1.12.7 improperly relies on length fields contained in packet data, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. 2015-08-24 4.3 CVE-2015-6244
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
wireshark — wireshark epan/dissectors/packet-gsm_rlcmac.c in the GSM RLC/MAC dissector in Wireshark 1.12.x before 1.12.7 uses incorrect integer data types, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. 2015-08-24 4.3 CVE-2015-6245
CONFIRM
CONFIRM
CONFIRM
wireshark — wireshark The dissect_wa_payload function in epan/dissectors/packet-waveagent.c in the WaveAgent dissector in Wireshark 1.12.x before 1.12.7 mishandles large tag values, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. 2015-08-24 4.3 CVE-2015-6246
CONFIRM
CONFIRM
CONFIRM
wireshark — wireshark The dissect_openflow_tablemod_v5 function in epan/dissectors/packet-openflow_v5.c in the OpenFlow dissector in Wireshark 1.12.x before 1.12.7 does not validate a certain offset value, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. 2015-08-24 4.3 CVE-2015-6247
CONFIRM
CONFIRM
CONFIRM
wireshark — wireshark The ptvcursor_add function in the ptvcursor implementation in epan/proto.c in Wireshark 1.12.x before 1.12.7 does not check whether the expected amount of data is available, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. 2015-08-24 4.3 CVE-2015-6248
CONFIRM
CONFIRM
CONFIRM
CONFIRM
wireshark — wireshark The dissect_wccp2r1_address_table_info function in epan/dissectors/packet-wccp.c in the WCCP dissector in Wireshark 1.12.x before 1.12.7 does not prevent the conflicting use of a table for both IPv4 and IPv6 addresses, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. 2015-08-24 4.3 CVE-2015-6249
CONFIRM
CONFIRM
CONFIRM
zend — zend_framework The Zend_Xml_Security::scan in ZendXml before 1.0.1 and Zend Framework before 1.12.14, 2.x before 2.4.6, and 2.5.x before 2.5.2, when running under PHP-FPM in a threaded environment, allows remote attackers to bypass security checks and conduct XML external entity (XXE) and XML entity expansion (XEE) attacks via multibyte encoded characters. 2015-08-25 6.8 CVE-2015-5161
EXPLOIT-DB
BID
DEBIAN
FULLDISC
MISC
FEDORA
MISC
CONFIRM

Back to top

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
cisco — prime_infrastructure Cisco Prime Infrastructure (PI) 1.4(0.45) and earlier, when AAA authentication is used, allows remote authenticated users to bypass intended access restrictions via a username with a modified composition of lowercase and uppercase characters, aka Bug ID CSum59958. 2015-08-22 3.5 CVE-2015-4331
CISCO
emc — documentum_d2 Lockbox in EMC Documentum D2 before 4.5 uses a hardcoded passphrase when a server lacks a D2.Lockbox file, which makes it easier for remote authenticated users to decrypt admin tickets by locating this passphrase in a decompiled D2 JAR archive. 2015-08-22 3.5 CVE-2015-4537
BUGTRAQ
ibm — integration_bus IBM Integration Bus 9 and 10 before 10.0.0.1 and WebSphere Message Broker 7 before 7.0.0.8 and 8 before 8.0.0.7 do not ensure that the correct security profile is selected, which allows remote authenticated users to obtain sensitive information via unspecified vectors. 2015-08-23 3.5 CVE-2015-2018
CONFIRM
AIXAPAR
ibm — tivoli_storage_flashcopy_manager IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server 7.1 before 7.1.2, Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server 7.1 before 7.1.2, and Tivoli Storage FlashCopy Manager 4.1 before 4.1.2 place cleartext passwords in exception messages, which allows physically proximate attackers to obtain sensitive information by reading GUI pop-up windows, a different vulnerability than CVE-2015-6557. 2015-08-22 2.1 CVE-2015-4949
CONFIRM
AIXAPAR
ibm — tivoli_storage_flashcopy_manager IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server 5.5 before 5.5.6.1, 6.3 before 6.3.1.5, 6.4 before 6.4.1.7, and 7.1 before 7.1.2; Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server 5.5 before 5.5.1.1, 6.1 before 6.1.3.7, 6.3 before 6.3.1.5, 6.4 before 6.4.1.7, and 7.1 before 7.1.2; and Tivoli Storage FlashCopy Manager 3.1 before 3.1.1.5, 3.2 before 3.2.1.7, and 4.1 before 4.1.2, when application tracing is used, place cleartext passwords in exception messages, which allows physically proximate attackers to obtain sensitive information by reading trace output, a different vulnerability than CVE-2015-4949. 2015-08-22 2.1 CVE-2015-6557
CONFIRM
AIXAPAR
libunwind_project — libunwind Off-by-one error in the dwarf_to_unw_regnum function in include/dwarf_i.h in libunwind 1.1 allows local users to have unspecified impact via invalid dwarf opcodes. 2015-08-26 3.3 CVE-2015-3239
CONFIRM
REDHAT
CONFIRM
mantisbt — mantisbt Cross-site scripting (XSS) vulnerability in the “set configuration” box in the Configuration Report page (adm_config_report.php) in MantisBT 1.2.13 through 1.2.17 allows remote administrators to inject arbitrary web script or HTML via the config_option parameter, a different vulnerability than CVE-2014-8986. 2015-08-24 3.5 CVE-2014-8987
CONFIRM
MLIST
MLIST
MLIST
MLIST
MLIST
CONFIRM
openbsd — openssh The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD platforms accepts extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests, which allows local users to conduct impersonation attacks by leveraging any SSH login access in conjunction with control of the sshd uid to send a crafted MONITOR_REQ_PWNAM request, related to monitor.c and monitor_wrap.c. 2015-08-23 1.9 CVE-2015-6563
CONFIRM
MLIST
CONFIRM
FULLDISC
qemu — qemu The slirp_smb function in net/slirp.c in QEMU 2.3.0 and earlier creates temporary files with predictable names, which allows local users to cause a denial of service (instantiation failure) by creating /tmp/qemu-smb.*-* files before the program. 2015-08-26 1.9 CVE-2015-4037
CONFIRM
MLIST
MLIST
MLIST
DEBIAN
DEBIAN

Back to top


This product is provided subject to this Notification and this Privacy & Use policy.

Adobe Releases Security Update for ColdFusion

Original release date: August 28, 2015

Adobe has released a security update for ColdFusion to address a vulnerability. Exploitation of this vulnerability may allow a remote attacker to obtain sensitive information from an affected system.

Users and administrators are encouraged to review the Adobe Security Bulletin APSB15-21 and apply the necessary update.


This product is provided subject to this Notification and this Privacy & Use policy.

Mozilla Releases Security Updates for Firefox

Original release date: August 27, 2015

The Mozilla Foundation has released security updates to address a critical vulnerability in Firefox and Firefox ESR. Exploitation of this vulnerability may allow a remote attacker to take control of an affected system.

Available updates include:

  • Firefox 40.0.3
  • Firefox ESR 38.2.1

US-CERT encourages users and administrators to review the Security Advisories for Firefox and Firefox ESR and apply the necessary updates.


This product is provided subject to this Notification and this Privacy & Use policy.