Category Archives: US-CERT

US-CERT Alerts – Alerts warn about vulnerabilities, incidents, and other security issues that pose a significant risk.

SB15-257: Vulnerability Summary for the Week of September 7, 2015

September 14, 2015 007admin Leave a comment

Original release date: September 14, 2015

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0
Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9
Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

High Vulnerabilities

Primary Vendor — Product	Description	Published	CVSS Score	Source & Patch Info
adobe — shockwave_player	Adobe Shockwave Player before 12.2.0.162 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-6681.	2015-09-08	10.0	CVE-2015-6680 CONFIRM
adobe — shockwave_player	Adobe Shockwave Player before 12.2.0.162 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-6680.	2015-09-08	10.0	CVE-2015-6681 CONFIRM
ffmpeg — ffmpeg	The decode_ihdr_chunk function in libavcodec/pngdec.c in FFmpeg before 2.7.2 does not enforce uniqueness of the IHDR (aka image header) chunk in a PNG image, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via a crafted image with two or more of these chunks.	2015-09-05	7.5	CVE-2015-6818 CONFIRM
ffmpeg — ffmpeg	Multiple integer underflows in the ff_mjpeg_decode_frame function in libavcodec/mjpegdec.c in FFmpeg before 2.7.2 allow remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted MJPEG data.	2015-09-05	7.5	CVE-2015-6819 CONFIRM
ffmpeg — ffmpeg	The ff_sbr_apply function in libavcodec/aacsbr.c in FFmpeg before 2.7.2 does not check for a matching AAC frame syntax element before proceeding with Spectral Band Replication calculations, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted AAC data.	2015-09-05	7.5	CVE-2015-6820 CONFIRM
ffmpeg — ffmpeg	The ff_mpv_common_init function in libavcodec/mpegvideo.c in FFmpeg before 2.7.2 does not properly maintain the encoding context, which allows remote attackers to cause a denial of service (invalid pointer access) or possibly have unspecified other impact via crafted MPEG data.	2015-09-05	7.5	CVE-2015-6821 CONFIRM
ffmpeg — ffmpeg	The destroy_buffers function in libavcodec/sanm.c in FFmpeg before 2.7.2 does not properly maintain height and width values in the video context, which allows remote attackers to cause a denial of service (segmentation violation and application crash) or possibly have unspecified other impact via crafted LucasArts Smush video data.	2015-09-05	7.5	CVE-2015-6822 CONFIRM
ffmpeg — ffmpeg	The allocate_buffers function in libavcodec/alac.c in FFmpeg before 2.7.2 does not initialize certain context data, which allows remote attackers to cause a denial of service (segmentation violation) or possibly have unspecified other impact via crafted Apple Lossless Audio Codec (ALAC) data.	2015-09-05	7.5	CVE-2015-6823 CONFIRM
ffmpeg — ffmpeg	The sws_init_context function in libswscale/utils.c in FFmpeg before 2.7.2 does not initialize certain pixbuf data structures, which allows remote attackers to cause a denial of service (segmentation violation) or possibly have unspecified other impact via crafted video data.	2015-09-05	7.5	CVE-2015-6824 CONFIRM
ffmpeg — ffmpeg	The ff_frame_thread_init function in libavcodec/pthread_frame.c in FFmpeg before 2.7.2 mishandles certain memory-allocation failures, which allows remote attackers to cause a denial of service (invalid pointer access) or possibly have unspecified other impact via a crafted file, as demonstrated by an AVI file.	2015-09-05	7.5	CVE-2015-6825 CONFIRM
ffmpeg — ffmpeg	The ff_rv34_decode_init_thread_copy function in libavcodec/rv34.c in FFmpeg before 2.7.2 does not initialize certain structure members, which allows remote attackers to cause a denial of service (invalid pointer access) or possibly have unspecified other impact via crafted (1) RV30 or (2) RV40 RealVideo data.	2015-09-05	7.5	CVE-2015-6826 CONFIRM
isc — bind	buffer.c in named in ISC BIND 9.x before 9.9.7-P3 and 9.10.x before 9.10.2-P4 allows remote attackers to cause a denial of service (assertion failure and daemon exit) by creating a zone containing a malformed DNSSEC key and issuing a query for a name in that zone.	2015-09-04	7.8	CVE-2015-5722 CONFIRM
isc — bind	openpgpkey_61.c in named in ISC BIND 9.9.7 before 9.9.7-P3 and 9.10.x before 9.10.2-P4 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via a crafted DNS response.	2015-09-04	7.1	CVE-2015-5986 CONFIRM
libvdpau_project — libvdpau	libvdpau before 1.1.1, when used in a setuid or setgid application, allows local users to gain privileges via unspecified vectors, related to the VDPAU_DRIVER_PATH environment variable.	2015-09-08	7.2	CVE-2015-5198 CONFIRM UBUNTU MLIST
libvdpau_project — libvdpau	Directory traversal vulnerability in dlopen in libvdpau before 1.1.1 allows local users to gain privileges via the VDPAU_DRIVER environment variable.	2015-09-08	7.2	CVE-2015-5199 CONFIRM UBUNTU MLIST
microsoft — edge	Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Memory Corruption Vulnerability,” a different vulnerability than CVE-2015-2491 and CVE-2015-2541.	2015-09-08	9.3	CVE-2015-2485 MS MS
microsoft — edge	Microsoft Internet Explorer 7 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Memory Corruption Vulnerability,” a different vulnerability than CVE-2015-2487, CVE-2015-2490, CVE-2015-2492, CVE-2015-2494, CVE-2015-2498, and CVE-2015-2499.	2015-09-08	9.3	CVE-2015-2486 MS MS
microsoft — internet_explorer	Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Memory Corruption Vulnerability,” a different vulnerability than CVE-2015-2486, CVE-2015-2490, CVE-2015-2492, CVE-2015-2494, CVE-2015-2498, and CVE-2015-2499.	2015-09-08	9.3	CVE-2015-2487 MS
microsoft — internet_explorer	Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Memory Corruption Vulnerability,” a different vulnerability than CVE-2015-2486, CVE-2015-2487, CVE-2015-2492, CVE-2015-2494, CVE-2015-2498, and CVE-2015-2499.	2015-09-08	9.3	CVE-2015-2490 MS
microsoft — internet_explorer	Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Memory Corruption Vulnerability,” a different vulnerability than CVE-2015-2485 and CVE-2015-2541.	2015-09-08	9.3	CVE-2015-2491 MS
microsoft — internet_explorer	Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Memory Corruption Vulnerability,” a different vulnerability than CVE-2015-2486, CVE-2015-2487, CVE-2015-2490, CVE-2015-2494, CVE-2015-2498, and CVE-2015-2499.	2015-09-08	9.3	CVE-2015-2492 MS
microsoft — internet_explorer	The (1) VBScript and (2) JScript engines in Microsoft Internet Explorer 8 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Scripting Engine Memory Corruption Vulnerability.”	2015-09-08	9.3	CVE-2015-2493 MS
microsoft — edge	Microsoft Internet Explorer 7 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Memory Corruption Vulnerability,” a different vulnerability than CVE-2015-2486, CVE-2015-2487, CVE-2015-2490, CVE-2015-2492, CVE-2015-2498, and CVE-2015-2499.	2015-09-08	9.3	CVE-2015-2494 MS MS
microsoft — internet_explorer	Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Memory Corruption Vulnerability,” a different vulnerability than CVE-2015-2486, CVE-2015-2487, CVE-2015-2490, CVE-2015-2492, CVE-2015-2494, and CVE-2015-2499.	2015-09-08	9.3	CVE-2015-2498 MS
microsoft — internet_explorer	Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Memory Corruption Vulnerability,” a different vulnerability than CVE-2015-2486, CVE-2015-2487, CVE-2015-2490, CVE-2015-2492, CVE-2015-2494, and CVE-2015-2498.	2015-09-08	9.3	CVE-2015-2499 MS
microsoft — internet_explorer	Microsoft Internet Explorer 7 and 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Memory Corruption Vulnerability.”	2015-09-08	9.3	CVE-2015-2500 MS
microsoft — internet_explorer	Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Memory Corruption Vulnerability.”	2015-09-08	9.3	CVE-2015-2501 MS
microsoft — .net_framework	Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6 improperly counts objects before performing an array copy, which allows remote attackers to (1) execute arbitrary code via a crafted XAML browser application (XBAP) or (2) bypass Code Access Security restrictions via a crafted .NET Framework application, aka “.NET Elevation of Privilege Vulnerability.”	2015-09-08	9.3	CVE-2015-2504 MS
microsoft — windows_10	atmfd.dll in the Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows remote attackers to cause a denial of service (system crash) via a crafted OpenType font, aka “OpenType Font Parsing Vulnerability.”	2015-09-08	9.3	CVE-2015-2506 MS
microsoft — windows_10	The Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows local users to gain privileges via a crafted application, aka “Font Driver Elevation of Privilege Vulnerability,” a different vulnerability than CVE-2015-2512.	2015-09-08	7.2	CVE-2015-2507 MS
microsoft — windows_10	The Adobe Type Manager Library in Microsoft Windows 10 allows local users to gain privileges via a crafted application, aka “Font Driver Elevation of Privilege Vulnerability.”	2015-09-08	7.2	CVE-2015-2508 MS
microsoft — windows_7	Windows Media Center in Microsoft Windows Vista SP2, Windows 7 SP1, Windows 8, and Windows 8.1 allows user-assisted remote attackers to execute arbitrary code via a crafted Media Center link (mcl) file, aka “Windows Media Center RCE Vulnerability.”	2015-09-08	9.3	CVE-2015-2509 MS
microsoft — live_meeting_console	Buffer overflow in the Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2, Office 2007 SP3, Office 2010 SP2, Lync 2010, Lync 2010 Attendee, Lync 2013 SP1, Lync Basic 2013 SP1, and Live Meeting 2007 Console allows remote attackers to execute arbitrary code via a crafted OpenType font, aka “Graphics Component Buffer Overflow Vulnerability.”	2015-09-08	9.3	CVE-2015-2510 MS
microsoft — windows_10	The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows local users to gain privileges via a crafted application, aka “Win32k Memory Corruption Elevation of Privilege Vulnerability,” a different vulnerability than CVE-2015-2517, CVE-2015-2518, and CVE-2015-2546.	2015-09-08	7.2	CVE-2015-2511 MS
microsoft — windows_10	The Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows local users to gain privileges via a crafted application, aka “Font Driver Elevation of Privilege Vulnerability,” a different vulnerability than CVE-2015-2507.	2015-09-08	7.2	CVE-2015-2512 MS
microsoft — windows_10	Windows Journal in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows remote attackers to execute arbitrary code via a crafted .jnt file, aka “Windows Journal RCE Vulnerability,” a different vulnerability than CVE-2015-2514 and CVE-2015-2530.	2015-09-08	9.3	CVE-2015-2513 MS
microsoft — windows_10	Windows Journal in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows remote attackers to execute arbitrary code via a crafted .jnt file, aka “Windows Journal RCE Vulnerability,” a different vulnerability than CVE-2015-2513 and CVE-2015-2530.	2015-09-08	9.3	CVE-2015-2514 MS
microsoft — windows_10	The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows local users to gain privileges via a crafted application, aka “Win32k Memory Corruption Elevation of Privilege Vulnerability,” a different vulnerability than CVE-2015-2511, CVE-2015-2518, and CVE-2015-2546.	2015-09-08	7.2	CVE-2015-2517 MS
microsoft — windows_10	The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows local users to gain privileges via a crafted application, aka “Win32k Memory Corruption Elevation of Privilege Vulnerability,” a different vulnerability than CVE-2015-2511, CVE-2015-2517, and CVE-2015-2546.	2015-09-08	7.2	CVE-2015-2518 MS
microsoft — windows_10	Integer overflow in Windows Journal in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows remote attackers to execute arbitrary code via a crafted .jnt file, aka “Windows Journal Integer Overflow RCE Vulnerability.”	2015-09-08	9.3	CVE-2015-2519 MS
microsoft — excel	Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel for Mac 2011 and 2016, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka “Microsoft Office Memory Corruption Vulnerability.”	2015-09-08	9.3	CVE-2015-2520 MS
microsoft — excel	Microsoft Excel 2007 SP3, Excel 2010 SP2, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka “Microsoft Office Memory Corruption Vulnerability.”	2015-09-08	9.3	CVE-2015-2521 MS
microsoft — excel	Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel for Mac 2011 and 2016, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka “Microsoft Office Memory Corruption Vulnerability.”	2015-09-08	9.3	CVE-2015-2523 MS
microsoft — windows_10	Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 do not properly constrain impersonation levels, which allows local users to gain privileges via a crafted application, aka “Windows Task Management Elevation of Privilege Vulnerability,” a different vulnerability than CVE-2015-2528.	2015-09-08	7.2	CVE-2015-2524 MS
microsoft — windows_10	Task Scheduler in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows local users to bypass intended filesystem restrictions and delete arbitrary files via unspecified vectors, aka “Windows Task File Deletion Elevation of Privilege Vulnerability.”	2015-09-08	7.2	CVE-2015-2525 MS
microsoft — windows_10	The process-initialization implementation in win32k.sys in the kernel-mode drivers in Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 does not properly constrain impersonation levels, which allows local users to gain privileges via a crafted application, aka “Win32k Elevation of Privilege Vulnerability.”	2015-09-08	7.2	CVE-2015-2527 MS
microsoft — windows_10	Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 do not properly constrain impersonation levels, which allows local users to gain privileges via a crafted application, aka “Windows Task Management Elevation of Privilege Vulnerability,” a different vulnerability than CVE-2015-2524.	2015-09-08	7.2	CVE-2015-2528 MS
microsoft — windows_10	Windows Journal in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows remote attackers to execute arbitrary code via a crafted .jnt file, aka “Windows Journal RCE Vulnerability,” a different vulnerability than CVE-2015-2513 and CVE-2015-2514.	2015-09-08	9.3	CVE-2015-2530 MS
microsoft — internet_explorer	Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Memory Corruption Vulnerability,” a different vulnerability than CVE-2015-2485 and CVE-2015-2491.	2015-09-08	9.3	CVE-2015-2541 MS
microsoft — edge	Microsoft Internet Explorer 10 and 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Memory Corruption Vulnerability.”	2015-09-08	9.3	CVE-2015-2542 MS MS
microsoft — office	Microsoft Office 2007 SP3, 2010 SP2, 2013 SP1, and 2013 RT SP1 allows remote attackers to execute arbitrary code via a crafted EPS image, aka “Microsoft Office Malformed EPS File Vulnerability.”	2015-09-08	9.3	CVE-2015-2545 MS
microsoft — windows_10	The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows local users to gain privileges via a crafted application, aka “Win32k Memory Corruption Elevation of Privilege Vulnerability,” a different vulnerability than CVE-2015-2511, CVE-2015-2517, and CVE-2015-2518.	2015-09-08	7.2	CVE-2015-2546 MS

Medium Vulnerabilities

Primary Vendor — Product	Description	Published	CVSS Score	Source & Patch Info
cisco — telepresence_system_software_ix	Cisco TelePresence IX5000 8.0.3 stores a private key associated with an X.509 certificate under the web root with insufficient access control, which allows remote attackers to obtain cleartext versions of HTTPS traffic or spoof devices via a direct request to the certificate directory, aka Bug ID CSCuu63501.	2015-09-04	5.0	CVE-2015-6276 CISCO
freebit — elphonebtnv6_activex_control	Buffer overflow in the ExecCall method in c2lv6.ocx in the FreeBit ELPhoneBtnV6 ActiveX control allows remote attackers to execute arbitrary code via a crafted HTML document, related to the discontinued “Click to Live” service.	2015-09-07	6.8	CVE-2015-5624 JVNDB JVN
guide-park — bbs_x102	Cross-site scripting (XSS) vulnerability in guide-park.com BBS X102 1.03 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.	2015-09-05	4.3	CVE-2015-2985 JVNDB JVN
lemon-s_php — twit_bbs	Cross-site scripting (XSS) vulnerability in index.php in LEMON-S PHP Twit BBS allows remote attackers to inject arbitrary web script or HTML via the imagetitle parameter.	2015-09-07	4.3	CVE-2015-2989 JVNDB JVN
libvdpau_project — libvdpau	The trace functionality in libvdpau before 1.1.1, when used in a setuid or setgid application, allows local users to write to arbitrary files via unspecified vectors.	2015-09-08	6.3	CVE-2015-5200 CONFIRM UBUNTU MLIST
microsoft — internet_explorer	Microsoft Internet Explorer 10 and 11 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka “Information Disclosure Vulnerability.”	2015-09-08	5.0	CVE-2015-2483 MS
microsoft — internet_explorer	Microsoft Internet Explorer 10 and 11 uses an incorrect flag during certain filesystem accesses, which allows remote attackers to delete arbitrary files via unspecified vectors, aka “Tampering Vulnerability.”	2015-09-08	6.4	CVE-2015-2484 MS
microsoft — internet_explorer	Microsoft Internet Explorer 11 allows remote attackers to gain privileges via a crafted web site, as demonstrated by a transition from Low Integrity to Medium Integrity, aka “Elevation of Privilege Vulnerability.”	2015-09-08	4.3	CVE-2015-2489 MS
microsoft — exchange_server	Outlook Web Access (OWA) in Microsoft Exchange Server 2013 Cumulative Update 8 and 9 and SP1 allows remote attackers to obtain sensitive stacktrace information via a crafted request, aka “Exchange Information Disclosure Vulnerability.”	2015-09-08	5.0	CVE-2015-2505 MS
microsoft — windows_10	Windows Journal in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows remote attackers to cause a denial of service (data loss) via a crafted .jnt file, aka “Windows Journal DoS Vulnerability.”	2015-09-08	4.3	CVE-2015-2516 MS
microsoft — .net_framework	Microsoft .NET Framework 4.5, 4.5.1, 4.5.2, and 4.6 allows remote attackers to cause a denial of service to an ASP.NET web site via crafted requests, aka “MVC Denial of Service Vulnerability.”	2015-09-08	5.0	CVE-2015-2526 MS
microsoft — lync_server	Cross-site scripting (XSS) vulnerability in the jQuery engine in Microsoft Lync Server 2013 and Skype for Business Server 2015 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka “Skype for Business Server and Lync Server XSS Information Disclosure Vulnerability.”	2015-09-08	4.3	CVE-2015-2531 MS
microsoft — lync_server	Cross-site scripting (XSS) vulnerability in Microsoft Lync Server 2013 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka “Lync Server XSS Information Disclosure Vulnerability.”	2015-09-08	4.3	CVE-2015-2532 MS
microsoft — windows_server_2008	Active Directory in Microsoft Windows Server 2008 SP2 and R2 SP1 and Server 2012 Gold and R2 allows remote authenticated users to cause a denial of service (service outage) by creating multiple machine accounts, aka “Active Directory Denial of Service Vulnerability.”	2015-09-08	4.0	CVE-2015-2535 MS
microsoft — lync_server	Cross-site scripting (XSS) vulnerability in Microsoft Lync Server 2013 and Skype for Business Server 2015 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka “Skype for Business Server and Lync Server XSS Elevation of Privilege Vulnerability.”	2015-09-08	4.3	CVE-2015-2536 MS
microsoft — exchange_server	Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2013 Cumulative Update 8 and 9 allows remote attackers to inject arbitrary web script or HTML via a crafted e-mail message, aka “Exchange Spoofing Vulnerability.”	2015-09-08	4.3	CVE-2015-2543 MS
microsoft — exchange_server	Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2013 Cumulative Update 8 and 9 and SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted e-mail message, aka “Exchange Spoofing Vulnerability.”	2015-09-08	4.3	CVE-2015-2544 MS
neojapan — desknet_neo	Directory traversal vulnerability in zhtml.cgi in NEOJAPAN desknet NEO 2.0R1.0 through 2.5R1.4 allows remote authenticated users to read arbitrary files via a crafted parameter.	2015-09-04	4.0	CVE-2015-2990 CONFIRM JVNDB JVN
nscripter_project — nscripter	Buffer overflow in NScripter before 3.00 allows remote attackers to execute arbitrary code via crafted save data.	2015-09-04	6.8	CVE-2015-2991 CONFIRM JVNDB JVN
opendocman — opendocman	Cross-site scripting (XSS) vulnerability in OpenDocMan before 1.3.4 allows remote attackers to inject arbitrary web script or HTML via the redirection parameter.	2015-09-07	4.3	CVE-2015-5625 JVNDB JVN
openstack — compute	OpenStack Compute (nova) 2015.1 through 2015.1.1, 2014.2.3, and earlier does not stop the migration process when the instance is deleted, which allows remote authenticated users to cause a denial of service (disk, network, and other resource consumption) by resizing and then deleting an instance.	2015-09-08	6.8	CVE-2015-3241 CONFIRM REDHAT
rakuto — rktsns2	Cross-site scripting (XSS) vulnerability in rakuto.net hitSuji (rktSNS2) 0.2.2b allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.	2015-09-05	4.3	CVE-2015-2986 JVNDB JVN
redhat — openshift_origin	The API server in OpenShift Origin 1.0.5 allows remote attackers to cause a denial of service (master process crash) via crafted JSON data.	2015-09-08	4.0	CVE-2015-5250 CONFIRM CONFIRM REDHAT
spice_project — spice	Race condition in the worker_update_monitors_config function in SPICE 0.12.4 allows a remote authenticated guest user to cause a denial of service (heap-based memory corruption and QEMU-KVM crash) or possibly execute arbitrary code on the host via unspecified vectors.	2015-09-08	6.9	CVE-2015-3247 SECTRACK REDHAT REDHAT REDHAT

Low Vulnerabilities

Primary Vendor — Product	Description	Published	CVSS Score	Source & Patch Info
microsoft — sharepoint_foundation	Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Foundation 2013 SP1 allows remote authenticated users to inject arbitrary web script or HTML via crafted content, aka “Microsoft SharePoint XSS Spoofing Vulnerability.”	2015-09-08	3.5	CVE-2015-2522 MS
microsoft — windows_10	The kernel in Microsoft Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, and Windows 10 allows local users to bypass the ASLR protection mechanism via a crafted application, aka “Kernel ASLR Bypass Vulnerability.”	2015-09-08	2.1	CVE-2015-2529 MS
microsoft — windows_10	Hyper-V in Microsoft Windows 8.1, Windows Server 2012 R2, and Windows 10 improperly processes ACL settings, which allows local users to bypass intended network-traffic restrictions via a crafted application, aka “Hyper-V Security Feature Bypass Vulnerability.”	2015-09-08	1.9	CVE-2015-2534 MS
redhat — enterprise_virtualization	The Web Admin interface in Red Hat Enterprise Virtualization Manager (RHEV-M) allows local users to bypass the timeout function by selecting a VM in the VM grid view.	2015-09-08	3.7	CVE-2015-1841 SECTRACK REDHAT

This product is provided subject to this Notification and this Privacy & Use policy.

US-CERT

Microsoft Releases September 2015 Security Bulletin

September 8, 2015 007admin Leave a comment

Original release date: September 08, 2015

Microsoft has released 12 updates to address vulnerabilities in Microsoft Windows. Exploitation of some of these vulnerabilities could allow an attacker to take control of an affected system.

US-CERT encourages users and administrators to review Microsoft Security Bulletins MS15-094 through MS15-105 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

US-CERT

Adobe Releases Security Update for Shockwave Player

September 8, 2015 007admin Leave a comment

Original release date: September 08, 2015

Adobe has released a security update to address vulnerabilities in Shockwave Player. Exploitation of these vulnerabilities may allow a remote attacker to take control of an affected system.

Users and administrators are encouraged to review Adobe Security Bulletin APSB15-22 and apply the necessary update.

This product is provided subject to this Notification and this Privacy & Use policy.

US-CERT

SB15-250: Vulnerability Summary for the Week of August 31, 2015

September 7, 2015 007admin Leave a comment

Original release date: September 07, 2015

High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0
Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9
Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9

High Vulnerabilities

Primary Vendor — Product	Description	Published	CVSS Score	Source & Patch Info
call-cc — chicken	Buffer overflow in CHICKEN 4.9.0.x before 4.9.0.2, 4.9.x before 4.9.1, and before 5.0 allows attackers to have unspecified impact via a positive START argument to the “substring-index[-ci] procedures.”	2015-08-28	7.5	CVE-2014-9651 MLIST MLIST
check_mk_project — check_mk	Check_MK 1.2.2p2, 1.2.2p3, and 1.2.3i5 allows remote authenticated users to execute arbitrary Python code via a crafted rules.mk file in a snapshot. NOTE: this can be exploited by remote attackers by leveraging CVE-2014-2330.	2015-08-31	8.5	CVE-2014-2331 BUGTRAQ BUGTRAQ
cisco — integrated_management_controller_supervisor	The JavaServer Pages (JSP) component in Cisco Integrated Management Controller (IMC) Supervisor before 1.0.0.1 and UCS Director (formerly Cloupia Unified Infrastructure Controller) before 5.2.0.1 allows remote attackers to write to arbitrary files via crafted HTTP requests, aka Bug IDs CSCus36435 and CSCus62625.	2015-09-03	9.4	CVE-2015-6259 CISCO
cisco — ios_xe	Cisco IOS XE before 2.2.3 on ASR 1000 devices allows remote attackers to cause a denial of service (Embedded Services Processor crash) via a crafted L2TP packet, aka Bug IDs CSCsw95722 and CSCsw95496.	2015-08-28	7.8	CVE-2015-6267 CISCO
cisco — ios_xe	Cisco IOS XE before 2.2.3 on ASR 1000 devices allows remote attackers to cause a denial of service (Embedded Services Processor crash) via a crafted IPv4 UDP packet, aka Bug ID CSCsw95482.	2015-08-28	7.8	CVE-2015-6268 CISCO
cisco — ios_xe	Cisco IOS XE before 2.2.3 on ASR 1000 devices allows remote attackers to cause a denial of service (Embedded Services Processor crash) via a crafted (1) IPv4 or (2) IPv6 packet, aka Bug ID CSCsw69990.	2015-08-31	7.8	CVE-2015-6269 CISCO
cisco — ios_xe	Cisco IOS XE before 2.2.3 on ASR 1000 devices allows remote attackers to cause a denial of service (Embedded Services Processor crash) via a crafted IPv6 packet, aka Bug ID CSCsv98555.	2015-08-31	7.8	CVE-2015-6270 CISCO
cisco — ios_xe	Cisco IOS XE 2.1.0 through 2.4.3 and 2.5.0 on ASR 1000 devices, when NAT Application Layer Gateway is used, allows remote attackers to cause a denial of service (Embedded Services Processor crash) via a crafted SIP packet, aka Bug IDs CSCta74749 and CSCta77008.	2015-08-31	7.8	CVE-2015-6271 CISCO
cisco — ios_xe	Cisco IOS XE 2.1.0 through 2.2.3 and 2.3.0 on ASR 1000 devices, when NAT Application Layer Gateway is used, allows remote attackers to cause a denial of service (Embedded Services Processor crash) via a crafted H.323 packet, aka Bug ID CSCsx35393, CSCsx07094, and CSCsw93064.	2015-08-31	7.8	CVE-2015-6272 CISCO
cisco — ios_xe	Cisco IOS XE before 3.1.2S on ASR 1000 devices mishandles the automatic setup of Virtual Fragment Reassembly (VFR) by certain firewall and NAT components, which allows remote attackers to cause a denial of service (Embedded Services Processor crash) via crafted IP packets, aka Bug IDs CSCtf87624, CSCte93229, CSCtd19103, and CSCti63623.	2015-08-28	7.8	CVE-2015-6273 CISCO
cyberoam — cr500ing-xp	SQL injection vulnerability in the Sophos Cyberoam CR500iNG-XP firewall appliance with CyberoamOS 10.6.2 MR-1 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter to login.xml.	2015-09-04	7.5	CVE-2015-6811 EXPLOIT-DB MISC
emc — atmos	The XML parser in EMC Atmos before 2.2.3.426 and 2.3.x before 2.3.1.0 allows remote authenticated users to read arbitrary files or cause a denial of service (CPU and memory consumption) via an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.	2015-09-03	7.5	CVE-2015-4538 BUGTRAQ
emc — documentum_content_server	EMC Documentum Content Server before 7.1P20 and 7.2.x before 7.2P04 does not properly verify authorization for dm_job object access, which allows remote authenticated users to obtain superuser privileges via crafted object operations. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-4626.	2015-09-03	9.0	CVE-2015-4544 BUGTRAQ
fortinet — forticlient	The (1) mdare64_48.sys, (2) mdare32_48.sys, (3) mdare32_52.sys, and (4) mdare64_52.sys drivers in Fortinet FortiClient before 5.2.4 allows local users to write to arbitrary memory locations via a 0x226108 ioctl call.	2015-09-03	7.2	CVE-2015-5735 SECTRACK CONFIRM MISC
fortinet — forticlient	The Fortishield.sys driver in Fortinet FortiClient before 5.2.4 allows local users to execute arbitrary code with kernel privileges by setting the callback function in a (1) 0x220024 or (2) 0x220028 ioctl call.	2015-09-03	7.2	CVE-2015-5736 SECTRACK CONFIRM MISC
fortinet — forticlient	The (1) mdare64_48.sys, (2) mdare32_48.sys, (3) mdare32_52.sys, (4) mdare64_52.sys, and (5) Fortishield.sys drivers in Fortinet FortiClient before 5.2.4 do not properly restrict access to the API for management of processes and the Windows registry, which allows local users to obtain a privileged handle to a PID and possibly have unspecified other impact, as demonstrated by a 0x2220c8 ioctl call.	2015-09-03	7.2	CVE-2015-5737 SECTRACK CONFIRM MISC
gnu — gnutls	Double free vulnerability in lib/x509/x509_ext.c in GnuTLS before 3.3.14 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted CRL distribution point.	2015-09-02	7.5	CVE-2015-3308 CONFIRM CONFIRM UBUNTU MLIST MLIST
google — chrome	Use-after-free vulnerability in the SkMatrix::invertNonIdentity function in core/SkMatrix.cpp in Skia, as used in Google Chrome before 45.0.2454.85, allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering the use of matrix elements that lead to an infinite result during an inversion calculation.	2015-09-03	7.5	CVE-2015-1294 CONFIRM CONFIRM CONFIRM
google — chrome	Multiple use-after-free vulnerabilities in the PrintWebViewHelper class in components/printing/renderer/print_web_view_helper.cc in Google Chrome before 45.0.2454.85 allow user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact by triggering nested IPC messages during preparation for printing, as demonstrated by messages associated with PDF documents in conjunction with messages about printer capabilities.	2015-09-03	7.5	CVE-2015-1295 CONFIRM CONFIRM CONFIRM
google — chrome	The WebRequest API implementation in extensions/browser/api/web_request/web_request_api.cc in Google Chrome before 45.0.2454.85 does not properly consider a request’s source before accepting the request, which allows remote attackers to bypass intended access restrictions via a crafted (1) app or (2) extension.	2015-09-03	7.5	CVE-2015-1297 CONFIRM CONFIRM CONFIRM
google — chrome	Use-after-free vulnerability in the shared-timer implementation in Blink, as used in Google Chrome before 45.0.2454.85, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging erroneous timer firing, related to ThreadTimers.cpp and Timer.cpp.	2015-09-03	7.5	CVE-2015-1299 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM
google — chrome	Multiple unspecified vulnerabilities in Google Chrome before 45.0.2454.85 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.	2015-09-03	7.5	CVE-2015-1301 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM
google — chrome	Multiple unspecified vulnerabilities in Google V8 before 4.5.103.29, as used in Google Chrome before 45.0.2454.85, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.	2015-09-03	7.5	CVE-2015-6580 CONFIRM
google — chrome	Double free vulnerability in the opj_j2k_copy_default_tcp_and_create_tcd function in j2k.c in OpenJPEG before r3002, as used in PDFium in Google Chrome before 45.0.2454.85, allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by triggering a memory-allocation failure.	2015-09-03	7.5	CVE-2015-6581 CONFIRM CONFIRM CONFIRM CONFIRM
gsm — sim_card_editor	Stack-based buffer overflow in GSM SIM Utility (aka SIM Card Editor) 6.6 allows remote attackers to execute arbitrary code via a long entry in a .sms file.	2015-08-28	10.0	CVE-2015-1171 MISC MISC MISC
hp — intelligent_provisioning	Unspecified vulnerability in HP Intelligent Provisioning 1.00 through 1.62(a), 2.00, and 2.10 allows remote attackers to execute arbitrary code via unknown vectors.	2015-08-31	10.0	CVE-2015-2135 HP
invisionpower — invision_power_board	Invision Power Services IPS Community Suite (aka Invision Power Board, IPB, or Power Board) before 4.0.12.1 allows remote attackers to cause a denial of service (loop and memory consumption) via a crafted URL.	2015-09-04	7.8	CVE-2015-6812 CONFIRM
ippusbxd_project — ippusbxd	IPPUSBXD before 1.22 listens on all interfaces, which allows remote attackers to obtain access to USB connected printers via a direct request.	2015-09-01	7.5	CVE-2015-6520 CONFIRM CONFIRM UBUNTU MLIST MLIST
linux — linux_kernel	arch/x86/entry/entry_64.S in the Linux kernel before 4.1.6 on the x86_64 platform improperly relies on espfix64 during nested NMI processing, which allows local users to gain privileges by triggering an NMI within a certain instruction window.	2015-08-31	7.2	CVE-2015-3290 CONFIRM CONFIRM MLIST MLIST CONFIRM CONFIRM
linux — linux_kernel	Array index error in the tcm_vhost_make_tpg function in drivers/vhost/scsi.c in the Linux kernel before 4.0 might allow guest OS users to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted VHOST_SCSI_SET_ENDPOINT ioctl call. NOTE: the affected function was renamed to vhost_scsi_make_tpg before the vulnerability was announced.	2015-08-31	7.2	CVE-2015-4036 CONFIRM CONFIRM MLIST CONFIRM
linux — linux_kernel	arch/x86/entry/entry_64.S in the Linux kernel before 4.1.6 on the x86_64 platform mishandles IRET faults in processing NMIs that occurred during userspace execution, which might allow local users to gain privileges by triggering an NMI.	2015-08-31	7.2	CVE-2015-5157 CONFIRM MLIST CONFIRM CONFIRM
linux — linux_kernel	The (1) udp_recvmsg and (2) udpv6_recvmsg functions in the Linux kernel before 4.0.6 do not properly consider yielding a processor, which allows remote attackers to cause a denial of service (system hang) via incorrect checksums within a UDP packet flood.	2015-08-31	7.8	CVE-2015-5364 MISC CONFIRM CONFIRM MLIST CONFIRM CONFIRM
mediawiki — mediawiki	The ApiBase::getWatchlistUser function in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 does not perform token comparison in constant time, which allows remote attackers to guess the watchlist token and bypass CSRF protection via a timing attack.	2015-09-01	7.5	CVE-2015-6728 MLIST MLIST MLIST FEDORA
mozilla — firefox	Use-after-free vulnerability in the CanvasRenderingContext2D implementation in Mozilla Firefox before 40.0.3 and Firefox ESR 38.x before 38.2.1 allows remote attackers to execute arbitrary code by leveraging improper interaction between resize events and changes to Cascading Style Sheets (CSS) token sequences for a CANVAS element.	2015-08-29	10.0	CVE-2015-4497 CONFIRM CONFIRM CONFIRM
mozilla — firefox	The add-on installation feature in Mozilla Firefox before 40.0.3 and Firefox ESR 38.x before 38.2.1 allows remote attackers to bypass an intended user-confirmation requirement by constructing a crafted data: URL and triggering navigation to an arbitrary http: or https: URL at a certain early point in the installation process.	2015-08-29	7.5	CVE-2015-4498 CONFIRM CONFIRM
netsweeper — netsweeper	WebUpgrade in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to bypass authentication and create a system backup tarball, restart the server, or stop the filters on the server via a ‘ (single quote) character in the login and password parameters to webupgrade/webupgrade.php. NOTE: this was originally reported as an SQL injection vulnerability, but this may be inaccurate.	2015-09-04	9.4	CVE-2014-9605 CONFIRM CONFIRM CONFIRM EXPLOIT-DB
pacemaker/corosync_configuration_system_project — pacemaker/corosync_configuration_system	The pcsd web UI in PCS 0.9.139 and earlier allows remote authenticated users to execute arbitrary commands via “escape characters” in a URL.	2015-09-03	8.5	CVE-2015-5190 CONFIRM REDHAT
ricoh — dl-1_sr10	Buffer overflow in Ricoh DL FTP Server 1.1.0.6 and earlier allows remote attackers to execute arbitrary code via a long USER command.	2015-08-31	7.5	CVE-2015-6750 MISC
siemens — simatic_s7_1200_cpu	Cross-site request forgery (CSRF) vulnerability in the web server on Siemens SIMATIC S7-1200 CPU devices with firmware before 4.1.3 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.	2015-08-30	7.5	CVE-2015-5698 MISC CONFIRM
tibco — messaging_appliance	Buffer overflow in the HTTP administrative interface in TIBCO Rendezvous before 8.4.4, Rendezvous Network Server before 1.1.1, Substation ES before 2.9.0, and Messaging Appliance before 8.7.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via unspecified vectors, related to the Rendezvous Daemon (rvd), Routing Daemon (rvrd), Secure Daemon (rvsd), Secure Routing Daemon (rvsrd), Gateway Daemon (rvgd), Daemon Adapter (rvda), Cache (rvcache), Agent (rva), and Relay Agent (rvrad) components.	2015-08-30	7.5	CVE-2015-4555 CONFIRM CONFIRM

Medium Vulnerabilities

Primary Vendor — Product	Description	Published	CVSS Score	Source & Patch Info
basware — banking	Basware Banking (Maksuliikenne) before 9.10.0.0 does not encrypt communication between the client and the backend server, which allows man-in-the-middle attackers to obtain encryption keys, user credentials, and other sensitive information by sniffing the network or modify this traffic by inserting packets into the client-server data stream.	2015-08-31	5.8	CVE-2015-0943 MISC FULLDISC
basware — banking	Basware Banking (Maksuliikenne) before 8.90.07.X uses a hardcoded password for the ANCO account, which allows remote authenticated users to bypass intended access restrictions by leveraging knowledge of this password. NOTE: this identifier was SPLIT from CVE-2015-0942 per ADT2 and ADT3 due to different vulnerability types and different affected versions.	2015-08-31	6.5	CVE-2015-6742 MISC FULLDISC
basware — banking	Basware Banking (Maksuliikenne) 8.90.07.X uses a hardcoded password for an unspecified account, which allows remote authenticated users to bypass intended access restrictions by leveraging knowledge of this password. NOTE: this identifier was SPLIT from CVE-2015-0942 per ADT2 and ADT3 due to different vulnerability types and different affected versions.	2015-08-31	6.5	CVE-2015-6743 MISC FULLDISC
basware — banking	Basware Banking (Maksuliikenne) before 8.90.07.X relies on the client to enforce (1) login verification, (2) audit trail creation, and (3) account locking, which allows remote attackers to “disrupt security-critical functions” by “dropping network traffic.” NOTE: this identifier was SPLIT from CVE-2015-0942 per ADT2 and ADT3 due to different vulnerability type and different affected versions.	2015-08-31	4.3	CVE-2015-6744 MISC FULLDISC
basware — banking	Basware Banking (Maksuliikenne) 8.90.07.X relies on the client to enforce account locking, which allows local users to bypass that security mechanism by deleting the entry from the locking table. NOTE: this identifier was SPLIT from CVE-2015-0942 per ADT2 and ADT3 due to different vulnerability type and different affected versions. NOTE: this vulnerability exists because of an incorrect fix for CVE-2015-6744.	2015-08-31	4.6	CVE-2015-6745 MISC FULLDISC
basware — banking	Basware Banking (Maksuliikenne) 8.90.07.X does not properly prevent access to private keys, which allows remote attackers to spoof communications with banks via unspecified vectors. NOTE: this identifier was SPLIT from CVE-2015-0942 per ADT2 due to different vulnerability types. NOTE: this vulnerability exists because of an incorrect fix for CVE-2015-6746.	2015-08-31	5.0	CVE-2015-6747 MISC FULLDISC
bedita — bedita	Multiple cross-site scripting (XSS) vulnerabilities in BEdita before 3.6.0 allow remote attackers to inject arbitrary web script or HTML via the (1) cfg[projectName] parameter to index.php/admin/saveConfig, the (2) data[stats_provider_url] parameter to index.php/areas/saveArea, or the (3) data[description] parameter to index.php/areas/saveSection.	2015-09-04	4.3	CVE-2015-6809 CONFIRM EXPLOIT-DB CONFIRM
bestpractical — request_tracker	Cross-site scripting (XSS) vulnerability in the cryptography interface in Request Tracker (RT) before 4.2.12 allows remote attackers to inject arbitrary web script or HTML via a crafted public key.	2015-09-03	4.3	CVE-2015-6506 CONFIRM CONFIRM CONFIRM DEBIAN
check_mk_project — check_mk	Multiple cross-site request forgery (CSRF) vulnerabilities in the Multisite GUI in Check_MK before 1.2.5i2 allow remote attackers to hijack the authentication of users for requests that (1) upload arbitrary snapshots, (2) delete arbitrary files, or possibly have other unspecified impact via unknown vectors.	2015-08-31	6.8	CVE-2014-2330 BID BUGTRAQ CONFIRM
check_mk_project — check_mk	Check_MK before 1.2.2p3 and 1.2.3x before 1.2.3i5 allows remote authenticated users to delete arbitrary files via a request to an unspecified link, related to “Insecure Direct Object References.” NOTE: this can be exploited by remote attackers by leveraging CVE-2014-2330.	2015-08-31	5.5	CVE-2014-2332 BUGTRAQ BUGTRAQ
cisco — telepresence_video_communication_server_software	A local file script in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 allows local users to gain privileges for OS command execution via invalid parameters, aka Bug ID CSCuv10556.	2015-09-02	6.9	CVE-2015-4330 CISCO
cisco — identity_services_engine_software	The guest portal in Cisco Identity Services Engine (ISE) 3300 1.2(0.899) does not restrict access to uploaded HTML documents, which allows remote attackers to obtain sensitive information from customized documents via a direct request, aka Bug ID CSCuo78045.	2015-08-28	5.0	CVE-2015-6266 CISCO
cisco — asr_1000_series_software	The IPv4 implementation on Cisco ASR 1000 devices with software 15.5(3)S allows remote attackers to cause a denial of service (ESP QFP CPU consumption) by triggering packet fragmentation and reassembly, aka Bug ID CSCuv71273.	2015-09-02	5.0	CVE-2015-6274 CISCO
cisco — 1000v	The ARP implementation in Cisco NX-OS on Nexus 1000V devices for VMware vSphere 5.2(1)SV3(1.4), Nexus 3000 devices 7.3(0)ZD(0.47), Nexus 4000 devices 4.1(2)E1, Nexus 9000 devices 7.3(0)ZD(0.61), and MDS 9000 devices 7.0(0)HSK(0.353) and SAN-OS NX-OS on MDS 9000 devices 7.0(0)HSK(0.353) allows remote attackers to cause a denial of service (ARP process restart) via crafted packet-header fields, aka Bug ID CSCut25292.	2015-09-02	6.1	CVE-2015-6277 CISCO
documentcloud — navis_documentcloud	Cross-site scripting (XSS) vulnerability in js/window.php in the Navis DocumentCloud plugin before 0.1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the wpbase parameter.	2015-09-01	4.3	CVE-2015-2807 CONFIRM MISC FULLDISC MISC
geddyjs — geddy	Directory traversal vulnerability in lib/app/index.js in Geddy before 13.0.8 for Node.js allows remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the PATH_INFO to the default URI.	2015-09-04	5.0	CVE-2015-5688 CONFIRM CONFIRM MISC CONFIRM CONFIRM
google — chrome	The ContainerNode::parserRemoveChild function in core/dom/ContainerNode.cpp in Blink, as used in Google Chrome before 45.0.2454.85, does not check whether a node is expected, which allows remote attackers to bypass the Same Origin Policy or cause a denial of service (DOM tree corruption) via a web site with crafted JavaScript code and IFRAME elements.	2015-09-03	6.4	CVE-2015-1291 CONFIRM CONFIRM CONFIRM
google — chrome	The NavigatorServiceWorker::serviceWorker function in modules/serviceworkers/NavigatorServiceWorker.cpp in Blink, as used in Google Chrome before 45.0.2454.85, allows remote attackers to bypass the Same Origin Policy by accessing a Service Worker.	2015-09-03	5.0	CVE-2015-1292 CONFIRM CONFIRM CONFIRM CONFIRM
google — chrome	The DOM implementation in Blink, as used in Google Chrome before 45.0.2454.85, allows remote attackers to bypass the Same Origin Policy via unspecified vectors.	2015-09-03	5.0	CVE-2015-1293 CONFIRM CONFIRM
google — chrome	The UnescapeURLWithAdjustmentsImpl implementation in net/base/escape.cc in Google Chrome before 45.0.2454.85 does not prevent display of Unicode LOCK characters in the omnibox, which makes it easier for remote attackers to spoof the SSL lock icon by placing one of these characters at the end of a URL, as demonstrated by the omnibox in localizations for right-to-left languages.	2015-09-03	5.0	CVE-2015-1296 CONFIRM CONFIRM CONFIRM CONFIRM
google — chrome	The RuntimeEventRouter::OnExtensionUninstalled function in extensions/browser/api/runtime/runtime_api.cc in Google Chrome before 45.0.2454.85 does not ensure that the setUninstallURL preference corresponds to the URL of a web site, which allows user-assisted remote attackers to trigger access to an arbitrary URL via a crafted extension that is uninstalled.	2015-09-03	4.3	CVE-2015-1298 CONFIRM CONFIRM CONFIRM
google — chrome	The FrameFetchContext::updateTimingInfoForIFrameNavigation function in core/loader/FrameFetchContext.cpp in Blink, as used in Google Chrome before 45.0.2454.85, does not properly restrict the availability of IFRAME Resource Timing API times, which allows remote attackers to obtain sensitive information via crafted JavaScript code that leverages a history.back call.	2015-09-03	5.0	CVE-2015-1300 CONFIRM CONFIRM CONFIRM
google — chrome	The decompose function in platform/transforms/TransformationMatrix.cpp in Blink, as used in Google Chrome before 45.0.2454.85, does not verify that a matrix inversion succeeded, which allows remote attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted web site.	2015-09-03	6.8	CVE-2015-6582 CONFIRM CONFIRM CONFIRM CONFIRM
google — chrome	Google Chrome before 45.0.2454.85 does not display a location bar for a hosted app’s window after navigation away from the installation site, which might make it easier for remote attackers to spoof content via a crafted app, related to browser.cc and hosted_app_browser_controller.cc.	2015-09-03	4.3	CVE-2015-6583 CONFIRM CONFIRM CONFIRM CONFIRM
innominate — mguard_firmware	The IPsec SA establishment process on Innominate mGuard devices with firmware 8.x before 8.1.7 allows remote authenticated users to cause a denial of service (VPN service restart) by leveraging a peer relationship to send a crafted configuration with compression.	2015-08-30	4.0	CVE-2015-3966 MISC CONFIRM
linux — linux_kernel	The UDF filesystem implementation in the Linux kernel before 3.18.2 does not validate certain lengths, which allows local users to cause a denial of service (buffer over-read and system crash) via a crafted filesystem image, related to fs/udf/inode.c and fs/udf/symlink.c.	2015-08-31	4.9	CVE-2014-9728 CONFIRM CONFIRM CONFIRM CONFIRM MLIST CONFIRM CONFIRM CONFIRM CONFIRM
linux — linux_kernel	The udf_read_inode function in fs/udf/inode.c in the Linux kernel before 3.18.2 does not ensure a certain data-structure size consistency, which allows local users to cause a denial of service (system crash) via a crafted UDF filesystem image.	2015-08-31	4.9	CVE-2014-9729 CONFIRM CONFIRM MLIST CONFIRM CONFIRM
linux — linux_kernel	The udf_pc_to_char function in fs/udf/symlink.c in the Linux kernel before 3.18.2 relies on component lengths that are unused, which allows local users to cause a denial of service (system crash) via a crafted UDF filesystem image.	2015-08-31	4.9	CVE-2014-9730 CONFIRM CONFIRM MLIST CONFIRM CONFIRM
linux — linux_kernel	Memory leak in the __key_link_end function in security/keys/keyring.c in the Linux kernel before 4.1.4 allows local users to cause a denial of service (memory consumption) via many add_key system calls that refer to existing keys.	2015-08-31	4.9	CVE-2015-1333 CONFIRM CONFIRM MLIST CONFIRM CONFIRM
linux — linux_kernel	Race condition in net/sctp/socket.c in the Linux kernel before 4.1.2 allows local users to cause a denial of service (list corruption and panic) via a rapid series of system calls related to sockets, as demonstrated by setsockopt calls.	2015-08-31	4.9	CVE-2015-3212 CONFIRM CONFIRM CONFIRM CONFIRM
linux — linux_kernel	The bpf_int_jit_compile function in arch/x86/net/bpf_jit_comp.c in the Linux kernel before 4.0.6 allows local users to cause a denial of service (system crash) by creating a packet filter and then loading crafted BPF instructions that trigger late convergence by the JIT compiler.	2015-08-31	4.9	CVE-2015-4700 CONFIRM CONFIRM MLIST CONFIRM CONFIRM
linux — linux_kernel	The (1) udp_recvmsg and (2) udpv6_recvmsg functions in the Linux kernel before 4.0.6 provide inappropriate -EAGAIN return values, which allows remote attackers to cause a denial of service (EPOLLET epoll application read outage) via an incorrect checksum in a UDP packet, a different vulnerability than CVE-2015-5364.	2015-08-31	5.0	CVE-2015-5366 CONFIRM CONFIRM MLIST CONFIRM CONFIRM
linux — linux_kernel	Use-after-free vulnerability in the path_openat function in fs/namei.c in the Linux kernel 3.x and 4.x before 4.0.4 allows local users to cause a denial of service or possibly have unspecified other impact via O_TMPFILE filesystem operations that leverage a duplicate cleanup operation.	2015-08-31	4.6	CVE-2015-5706 CONFIRM CONFIRM MLIST CONFIRM MISC CONFIRM
linux — linux_kernel	The perf_callchain_user_64 function in arch/powerpc/perf/callchain.c in the Linux kernel before 4.0.2 on ppc64 platforms allows local users to cause a denial of service (infinite loop) via a deep 64-bit userspace backtrace.	2015-08-31	4.9	CVE-2015-6526 CONFIRM CONFIRM MLIST CONFIRM CONFIRM
mediawiki — mediawiki	The Special:Contributions page in MediaWiki before 1.22.0 allows remote attackers to determine if an IP is autoblocked via the “Change block” text.	2015-09-01	5.0	CVE-2013-7444 CONFIRM MLIST CONFIRM MLIST MLIST FEDORA
mediawiki — mediawiki	The Special:DeletedContributions page in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 allows remote attackers to determine if an IP is autoblocked via the “Change block” text.	2015-09-01	5.0	CVE-2015-6727 CONFIRM MLIST CONFIRM MLIST MLIST FEDORA
mediawiki — mediawiki	Cross-site scripting (XSS) vulnerability in thumb.php in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 allows remote attackers to inject arbitrary web script or HTML via the rel404 parameter, which is not properly handled in an error page.	2015-09-01	4.3	CVE-2015-6729 MLIST MLIST MLIST FEDORA
mediawiki — mediawiki	Cross-site scripting (XSS) vulnerability in thumb.php in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 allows remote attackers to inject arbitrary web script or HTML via the f parameter, which is not properly handled in an error page, related to “ForeignAPI images.”	2015-09-01	4.3	CVE-2015-6730 MLIST MLIST MLIST FEDORA
mediawiki — mediawiki	GeSHi, as used in the SyntaxHighlight_GeSHi extension and MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2, allows remote attackers to cause a denial of service (resource consumption) via unspecified vectors.	2015-09-01	5.0	CVE-2015-6733 CONFIRM MLIST MLIST MLIST FEDORA
mediawiki — mediawiki	Cross-site scripting (XSS) vulnerability in contrib/cssgen.php in the GeSHi, as used in the SyntaxHighlight_GeSHi extension and MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.	2015-09-01	4.3	CVE-2015-6734 CONFIRM MLIST MLIST MLIST FEDORA
mybb — mybb	Cross-site scripting (XSS) vulnerability in the quick edit function in xmlhttp.php in MyBB (aka MyBulletinBoard) before 1.8.5 allows remote attackers to inject arbitrary web script or HTML via the content of a post.	2015-09-03	4.3	CVE-2015-4552 CONFIRM MISC
octobercms — october	Cross-site scripting (XSS) vulnerability in October CMS build 271 and earlier allows remote attackers to inject arbitrary web script or HTML via the caption tag of a profile image.	2015-09-04	4.3	CVE-2015-5612 CONFIRM CONFIRM MLIST MLIST
ok_web_server_project — ok_web_server	Cross-site scripting (XSS) vulnerability in libahttp/err.c in OkCupid OKWS (OK Web Server) allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to a non-existent page, which is not properly handled in a 404 error page.	2015-08-31	4.3	CVE-2014-3148 MISC MISC CONFIRM MISC
openafs — openafs	The vlserver in OpenAFS before 1.6.13 allows remote authenticated users to cause a denial of service (out-of-bounds read and crash) via a crafted regular expression in a VL_ListAttributesN2 RPC.	2015-09-02	4.0	CVE-2015-6587 CONFIRM MLIST CONFIRM DEBIAN
pacemaker/corosync_configuration_system_project — pacemaker/corosync_configuration_system	Race condition in pcsd in PCS 0.9.139 and earlier uses a global variable to validate usernames, which allows remote authenticated users to gain privileges by sending a command that is checked for security after another user is authenticated.	2015-09-03	4.9	CVE-2015-5189 CONFIRM REDHAT
php_font_lib_project — php_font_lib	Cross-site scripting (XSS) vulnerability in www/make_subset.php in PHP Font Lib before 0.3.1 allows remote attackers to inject arbitrary web script or HTML via the name parameter.	2015-08-31	4.3	CVE-2014-2570 CONFIRM CONFIRM BID BUGTRAQ OSVDB MISC
pligg — pligg_cms	Cross-site request forgery (CSRF) vulnerability in Pligg CMS 2.0.2 allows remote attackers to hijack the authentication of administrators for requests that add an administrator via a request to admin/admin_users.php.	2015-08-31	6.8	CVE-2015-6655 EXPLOIT-DB
qemu — qemu	The pit_ioport_read in i8254.c in the Linux kernel before 2.6.33 and QEMU before 2.3.1 does not distinguish between read lengths and write lengths, which might allow guest OS users to execute arbitrary code on the host OS by triggering use of an invalid index.	2015-08-31	6.9	CVE-2015-3214 CONFIRM CONFIRM MLIST CONFIRM CONFIRM
quiz_project — quiz	The Quiz extension for MediaWiki allows remote attackers to cause a denial of service via regex metacharacters in a regular expression.	2015-09-01	5.0	CVE-2015-6736 MLIST MLIST MLIST FEDORA
semanticforms_project — semanticforms	Multiple cross-site scripting (XSS) vulnerabilities in the SemanticForms extension for MediaWiki allow remote attackers to inject arbitrary web script or HTML via a (1) section_, (2) template_, (3) label_*, or (4) new_template parameter to Special:CreateForm or (5) target or (6) alt_form parameter to Special:FormEdit.	2015-09-01	4.3	CVE-2015-6731 CONFIRM MLIST MLIST MLIST FEDORA
semanticforms_project — semanticforms	Multiple cross-site scripting (XSS) vulnerabilities in the SemanticForms extension for MediaWiki allow remote attackers to inject arbitrary web script or HTML via the (1) wpSummary parameter to Special:FormEdit, the (2) “Template label (optional)” field in a form, or a (3) Field name in a template.	2015-09-01	4.3	CVE-2015-6732 CONFIRM CONFIRM CONFIRM MLIST MLIST MLIST FEDORA
siemens — compas	The Siemens COMPAS Mobile application before 1.6 for Android does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.	2015-08-31	5.8	CVE-2015-5717 CONFIRM
softing — fg-x00_profibus_firmware	Cross-site scripting (XSS) vulnerability in Softing FG-100 PROFIBUS Single Channel (FG-100-PB) with firmware FG-x00-PB_V2.02.0.00 allows remote attackers to inject arbitrary web script or HTML via the DEVICE_NAME parameter to cgi-bin/CFGhttp/.	2015-08-31	4.3	CVE-2014-6616 BID BUGTRAQ MISC
timedmediahandler_project — timedmediahandler	The reset functionality in the TimedMediaHandler extension for MediaWiki does not create a new transcode, which allows remote attackers to cause a denial of service (transcode deletion) by resetting a transcode.	2015-09-01	5.0	CVE-2015-6735 CONFIRM MLIST MLIST MLIST FEDORA
webgroupmedia — cerb	Cross-site request forgery (CSRF) vulnerability in ajax.php in Cerb before 7.0.4 allows remote attackers to hijack the authentication of administrators for requests that add an administrator account via a saveWorkerPeek action.	2015-09-03	6.8	CVE-2015-6545 MISC CONFIRM BUGTRAQ CONFIRM
widgets_project — widgets	Cross-site scripting (XSS) vulnerability in the Widgets extension for MediaWiki allows remote attackers to inject arbitrary web script or HTML via vectors involving base64 encoded content.	2015-09-01	4.3	CVE-2015-6737 MLIST MLIST MLIST FEDORA

Low Vulnerabilities

Primary Vendor — Product	Description	Published	CVSS Score	Source & Patch Info
basware — banking	Basware Banking (Maksuliikenne) before 8.90.07.X stores private keys in plaintext in the SQL database, which allows remote attackers to spoof communications with banks via unspecified vectors. NOTE: this identifier was SPLIT from CVE-2015-0942 per ADT2 due to different vulnerability types.	2015-08-31	2.1	CVE-2015-6746 MISC FULLDISC
check_mk_project — check_mk	Multiple cross-site scripting (XSS) vulnerabilities in Check_MK before 1.2.2p3 and 1.2.3x before 1.2.3i5 allow remote authenticated users to inject arbitrary web script or HTML via the (1) agent string for a check_mk agent, a (2) crafted request to a monitored host, which is not properly handled by the logwatch module, or other unspecified vectors.	2015-08-31	3.5	CVE-2014-2329 BUGTRAQ BUGTRAQ
fortinet — forticlient	The (1) mdare64_48.sys, (2) mdare32_48.sys, (3) mdare32_52.sys, and (4) mdare64_52.sys drivers in Fortinet FortiClient before 5.2.4 allows local users to read arbitrary kernel memory via a 0x22608C ioctl call.	2015-09-03	2.1	CVE-2015-4077 SECTRACK CONFIRM MISC
invisionpower — invision_power_board	Cross-site scripting (XSS) vulnerability in Invision Power Services IPS Community Suite (aka Invision Power Board, IPB, or Power Board) 4.x before 4.0.12.1 allows remote authenticated users to inject arbitrary web script or HTML via the event_location[address] array parameter to calendar/submit/.	2015-09-04	3.5	CVE-2015-6810 EXPLOIT-DB CONFIRM
levelten_interactive — spotlight	Cross-site scripting (XSS) vulnerability in the Spotlight module 7.x-1.x before 7.x-1.5 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via a node title.	2015-09-04	3.5	CVE-2015-6808 MISC CONFIRM
linux — linux_kernel	The UDF filesystem implementation in the Linux kernel before 3.18.2 does not ensure that space is available for storing a symlink target’s name along with a trailing character, which allows local users to obtain sensitive information via a crafted filesystem image, related to fs/udf/symlink.c and fs/udf/unicode.c.	2015-08-31	2.1	CVE-2014-9731 CONFIRM CONFIRM MLIST CONFIRM CONFIRM
linux — linux_kernel	arch/x86/entry/entry_64.S in the Linux kernel before 4.1.6 on the x86_64 platform does not properly determine when nested NMI processing is occurring, which allows local users to cause a denial of service (skipped NMI) by modifying the rsp register, issuing a syscall instruction, and triggering an NMI.	2015-08-31	2.1	CVE-2015-3291 CONFIRM CONFIRM MLIST CONFIRM CONFIRM
linux — linux_kernel	The get_bitmap_file function in drivers/md/md.c in the Linux kernel before 4.1.6 does not initialize a certain bitmap data structure, which allows local users to obtain sensitive information from kernel memory via a GET_BITMAP_FILE ioctl call.	2015-08-31	2.1	CVE-2015-5697 CONFIRM CONFIRM MLIST CONFIRM CONFIRM
mass_contact_project — mass_contact	Cross-site scripting (XSS) vulnerability in the Mass Contact module 6.x-1.x before 6.x-1.6 and 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the “administer mass contact” permission to inject arbitrary web script or HTML via a category label.	2015-09-04	2.1	CVE-2015-6807 MISC CONFIRM CONFIRM
medhabidotcom — mdc_private_message	Cross-site scripting (XSS) vulnerability in the MDC Private Message plugin 1.0.0 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the message field in a private message.	2015-09-02	3.5	CVE-2015-6805 EXPLOIT-DB
path_breadcrumbs_project — path_breadcrumbs	Cross-site scripting (XSS) vulnerability in the administration interface in the Path Breadcrumbs module 7.x-3.x before 7.x-3.3 for Drupal allows remote authenticated users with the “Administer Path Breadcrumbs” permission to inject arbitrary web script or HTML via unspecified vectors.	2015-08-31	2.1	CVE-2015-6754 MISC CONFIRM
polycom — realpresence_cloudaxis_suite	Cross-site scripting (XSS) vulnerability in Polycom RealPresence CloudAXIS Suite before 1.7.0 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.	2015-09-03	3.5	CVE-2015-1516 MISC
quick_edit_project — quick_edit	Multiple cross-site scripting (XSS) vulnerabilities in the Quick Edit module 7.x-1.x before 7.x-1.2 for Drupal allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via an (1) entity title, related to in-place editing, or a (2) node title.	2015-08-31	3.5	CVE-2015-6753 MISC CONFIRM
search_api_autocomplete_project — search_api_autocomplete	Cross-site scripting (XSS) vulnerability in the Search API Autocomplete module 7.x-1.x before 7.x-1.3 for Drupal, when the search index is configured to use the HTML filter processor, allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors, which are not properly handled in the returned suggestions.	2015-08-31	2.1	CVE-2015-6752 MISC CONFIRM
time_tracker_project — time_tracker	Multiple cross-site scripting (XSS) vulnerabilities in the Time Tracker module 7.x-1.x before 7.x-1.4 for Drupal allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via a (1) notes added to a time entry or (2) activity used to categorize time tracker entries.	2015-08-31	3.5	CVE-2015-6751 MISC CONFIRM CONFIRM
type74 — ed	Type74 ED before 4.0 misuses 128-bit ECB encryption for small files, which makes it easier for attackers to obtain plaintext data via differential cryptanalysis of a file with an original length smaller than 128 bits.	2015-08-28	2.6	CVE-2015-2987 CONFIRM CONFIRM JVNDB JVN
xen — xen	The xenmem_add_to_physmap_one function in arch/arm/mm.c in Xen 4.5.x, 4.4.x, and earlier does not limit the number of printk console messages when reporting a failure to retrieve a reference on a foreign page, which allows remote domains to cause a denial of service by leveraging permissions to map the memory of a foreign guest.	2015-09-03	2.1	CVE-2015-6654 CONFIRM SECTRACK
youtube_embed_project — youtube_embed	Cross-site scripting (XSS) vulnerability in includes/options-profiles.php in the YouTube Embed plugin before 3.3.3 for WordPress allows remote administrators to inject arbitrary web script or HTML via the Profile name field (youtube_embed_name parameter).	2015-08-31	3.5	CVE-2015-6535 CONFIRM BUGTRAQ MISC

This product is provided subject to this Notification and this Privacy & Use policy.

US-CERT

Cisco Releases Security Updates

September 3, 2015 007admin Leave a comment

Original release date: September 03, 2015

Cisco has released security updates to address vulnerabilities in its Integrated Management Controller (IMC) Supervisor, and the UCS Director (formally known as Cloupia Unified Infrastructure Controller). Exploitation of these vulnerabilities may allow a remote attacker to gain unauthorized access, or cause a denial-of-service condition.

US-CERT encourages users and administrators to review the Cisco Security Advisory, and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

US-CERT

Internet Systems Consortium (ISC) Releases Security Updates for BIND

September 2, 2015 007admin Leave a comment

Original release date: September 02, 2015

ISC has released security updates to address vulnerabilities in BIND. Exploitation of these vulnerabilities may allow a remote attacker to cause a denial-of-service condition.

Available updates include:

BIND 9 version 9.9.7-P3
BIND 9 version 9.10.2-P4

Users and administrators are encouraged to review ISC Knowledge Base Articles AA-01291 and AA-01287 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

US-CERT

Google Releases Security Update for Chrome

September 1, 2015 007admin Leave a comment

Original release date: September 01, 2015

Google has released Chrome version 45.0.2454.85 to address multiple vulnerabilities for Windows, Mac, and Linux. Exploitation of one of these vulnerabilities may allow an attacker to take control of an affected system.

US-CERT encourages users and administrators to review the Chrome Releases page and apply the necessary update.

This product is provided subject to this Notification and this Privacy & Use policy.

US-CERT

SB15-243: Vulnerability Summary for the Week of August 24, 2015

August 31, 2015 007admin Leave a comment

Original release date: August 31, 2015

High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0
Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9
Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9

High Vulnerabilities

Primary Vendor — Product	Description	Published	CVSS Score	Source & Patch Info
actiontec — _ncs01_firmware	Actiontec GT784WN modems with firmware before NCS01-1.0.13 have hardcoded credentials, which makes it easier for remote attackers to obtain root access by connecting to the web administration interface.	2015-08-23	8.3	CVE-2015-2904 CERT-VN
adobe — air	Use-after-free vulnerability in Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-5127, CVE-2015-5130, CVE-2015-5134, CVE-2015-5539, CVE-2015-5540, CVE-2015-5550, CVE-2015-5551, CVE-2015-5556, CVE-2015-5557, CVE-2015-5559, CVE-2015-5561, CVE-2015-5563, CVE-2015-5564, and CVE-2015-5565.	2015-08-24	10.0	CVE-2015-5566 CONFIRM
apache — tapestry	Apache Tapestry before 5.3.6 relies on client-side object storage without checking whether a client has modified an object, which allows remote attackers to cause a denial of service (resource consumption) or execute arbitrary code via crafted serialized data.	2015-08-22	7.8	CVE-2014-1972 CONFIRM CONFIRM JVNDB JVN
apache — activemq	The LDAPLoginModule implementation the Java Authentication and Authorization Service (JAAS) in Apache ActiveMQ 5.x before 5.10.1 allows remote attackers to bypass authentication by logging in with an empty password and valid username, which triggers an unauthenticated bind. NOTE: this identifier has been SPLIT per ADT2 due to different vulnerability types. See CVE-2015-6524 for the use of wildcard operators in usernames.	2015-08-24	7.5	CVE-2014-3612 BID MLIST REDHAT REDHAT CONFIRM
drupal — drupal	SQL injection vulnerability in the SQL comment filtering system in the Database API in Drupal 7.x before 7.39 allows remote attackers to execute arbitrary SQL commands via an SQL comment.	2015-08-24	7.5	CVE-2015-6659 CONFIRM
f5 — big-ip_access_policy_manager	Memory leak in the virtual server component in F5 Big-IP LTM, AAM, AFM, Analytics, APM, ASM, GTM, Link Controller, and PEM 11.5.x before 11.5.1 HF10, 11.5.3 before HF1, and 11.6.0 before HF5, BIG-IQ Cloud, Device, and Security 4.4.0 through 4.5.0, and BIG-IQ ADC 4.5.0 allows remote attackers to cause a denial of service (memory consumption) via a large number of crafted ICMP packets.	2015-08-24	7.8	CVE-2015-5058 CONFIRM SECTRACK
hp — operations_manager_i	Unspecified vulnerability in HP Operations Manager i (OMi) 9.22, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote attackers to execute arbitrary code via unknown vectors.	2015-08-22	10.0	CVE-2015-2137 HP
hp — hspa+_gobi_4g	The HP lt4112 LTE/HSPA+ Gobi 4G module with firmware before 12.500.00.15.1803 on EliteBook, ElitePad, Elite, ProBook, Spectre, ZBook, and mt41 Thin Client devices allows remote attackers to modify data or cause a denial of service, or execute arbitrary code, via unspecified vectors.	2015-08-27	7.8	CVE-2015-5368 HP
hp — systems_insight_manager	HP Systems Insight Manager (SIM) before 7.5.0, as used in HP Matrix Operating Environment before 7.5.0 and other products, allows local users to gain privileges, and consequently obtain sensitive information, modify data, or cause a denial of service, via unspecified vectors.	2015-08-26	7.2	CVE-2015-5402 HP HP
hp — systems_insight_manager	HP Systems Insight Manager (SIM) before 7.5.0, as used in HP Matrix Operating Environment before 7.5.0 and other products, allows remote attackers to obtain sensitive information or modify data via unspecified vectors.	2015-08-26	7.5	CVE-2015-5404 HP HP
hp — centralview_credit_risk_control	HP CentralView Fraud Risk Management 11.1, 11.2, and 11.3; CentralView Revenue Leakage Control 4.1, 4.2, and 4.3; CentralView Dealer Performance Audit 2.0 and 2.1; CentralView Credit Risk Control 2.1, 2.2, and 2.3; CentralView Roaming Fraud Control 2.1, 2.2, and 2.3; and CentralView Subscription Fraud Prevention 2.0 and 2.1 allow remote attackers to obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2015-5407 and CVE-2015-5408.	2015-08-22	9.0	CVE-2015-5406 HP
hp — version_control_repository_manager	Buffer overflow in HP Version Control Repository Manager (VCRM) before 7.5.0 allows remote authenticated users to modify data or cause a denial of service via unspecified vectors.	2015-08-26	7.5	CVE-2015-5409 HP
hp — keyview	Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2875.	2015-08-24	7.5	CVE-2015-5416 HP
hp — keyview	Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2876.	2015-08-24	7.5	CVE-2015-5417 HP
hp — keyview	Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2877.	2015-08-24	7.5	CVE-2015-5418 HP
hp — keyview	Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2879.	2015-08-24	7.5	CVE-2015-5419 HP
hp — keyview	Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2880.	2015-08-24	7.5	CVE-2015-5420 HP
hp — keyview	Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2881.	2015-08-24	7.5	CVE-2015-5421 HP
hp — keyview	Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2883.	2015-08-24	7.5	CVE-2015-5422 HP
hp — keyview	Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2884.	2015-08-24	7.5	CVE-2015-5423 HP
hp — keyview	Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2885.	2015-08-24	7.5	CVE-2015-5424 HP
hp — matrix_operating_environment	HP Matrix Operating Environment before 7.5.0 allows remote attackers to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2015-5428 and CVE-2015-5429.	2015-08-26	7.5	CVE-2015-5427 HP
hp — matrix_operating_environment	HP Matrix Operating Environment before 7.5.0 allows remote attackers to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2015-5427 and CVE-2015-5429.	2015-08-26	7.5	CVE-2015-5428 HP
hp — matrix_operating_environment	HP Matrix Operating Environment before 7.5.0 allows remote attackers to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2015-5427 and CVE-2015-5428.	2015-08-26	7.5	CVE-2015-5429 HP
hp — virtual_connect_enterprise_manager_sdk	HP Virtual Connect Enterprise Manager (VCEM) SDK before 7.5.0, as used in HP Matrix Operating Environment before 7.5.0 and other products, allows remote attackers to obtain sensitive information or modify data via unspecified vectors.	2015-08-26	7.5	CVE-2015-5432 HP HP
ibm — systems_director	IBM Systems Director 5.2.x, 6.1.x, 6.2.0.x, 6.2.1.x, 6.3.0.0, 6.3.1.x, 6.3.2.x, 6.3.3.x, 6.3.5.0, and 6.3.6.0 improperly processes events, which allows local users to gain privileges via unspecified vectors.	2015-08-23	7.2	CVE-2015-1992 CONFIRM AIXAPAR CONFIRM
libevent_project — libevent	Multiple integer overflows in the evbuffer API in Libevent 1.4.x before 1.4.15, 2.0.x before 2.0.22, and 2.1.x before 2.1.5-beta allow context-dependent attackers to cause a denial of service or possibly have other unspecified impact via “insanely large inputs” to the (1) evbuffer_add, (2) evbuffer_expand, or (3) bufferevent_write function, which triggers a heap-based buffer overflow or an infinite loop. NOTE: this identifier has been SPLIT per ADT3 due to different affected versions. See CVE-2015-6525 for the functions that are only affected in 2.0 and later.	2015-08-24	7.5	CVE-2014-6272 DEBIAN MLIST
libevent_project — libevent	Multiple integer overflows in the evbuffer API in Libevent 2.0.x before 2.0.22 and 2.1.x before 2.1.5-beta allow context-dependent attackers to cause a denial of service or possibly have other unspecified impact via “insanely large inputs” to the (1) evbuffer_add, (2) evbuffer_prepend, (3) evbuffer_expand, (4) exbuffer_reserve_space, or (5) evbuffer_read function, which triggers a heap-based buffer overflow or an infinite loop. NOTE: this identifier was SPLIT from CVE-2014-6272 per ADT3 due to different affected versions.	2015-08-24	7.5	CVE-2015-6525 DEBIAN MLIST
mobile_devices — c4_obd-ii_dongle_firmware	DISPUTED Mobile Devices (aka MDI) C4 OBD-II dongles with firmware 2.x and 3.4.x, as used in Metromile Pulse and other products, store SSH private keys that are the same across different customers’ installations, which makes it easier for remote attackers to obtain access by leveraging knowledge of a private key from another installation. NOTE: the vendor states “This was a flaw for the developer/debugging devices (again not possible in production versions).”	2015-08-23	9.0	CVE-2015-2906 CONFIRM CERT-VN MISC
mobile_devices — c4_obd-ii_dongle_firmware	DISPUTED Mobile Devices (aka MDI) C4 OBD-II dongles with firmware 2.x and 3.4.x, as used in Metromile Pulse and other products, have hardcoded SSH credentials, which makes it easier for remote attackers to obtain access by leveraging knowledge of the required username and password. NOTE: the vendor states “This was a flaw for the developer/debugging devices (again not possible in production versions).”	2015-08-23	9.0	CVE-2015-2907 CONFIRM CERT-VN MISC
mobile_devices — c4_obd-ii_dongle_firmware	DISPUTED Mobile Devices (aka MDI) C4 OBD-II dongles with firmware 2.x and 3.4.x, as used in Metromile Pulse and other products, do not validate firmware updates, which allows remote attackers to execute arbitrary code by specifying an update server. NOTE: the vendor states “This was a flaw for the developer/debugging devices, and was fixed in production version about 3 years ago.”	2015-08-23	9.0	CVE-2015-2908 CONFIRM CERT-VN MISC
openbsd — openssh	sshd in OpenSSH 6.8 and 6.9 uses world-writable permissions for TTY devices, which allows local users to cause a denial of service (terminal disruption) or possibly have unspecified other impact by writing to a device, as demonstrated by writing an escape sequence.	2015-08-23	7.2	CVE-2015-6565 MLIST CONFIRM
polarssl — polarssl	Memory leak in PolarSSL before 1.2.12 and 1.3.x before 1.3.9 allows remote attackers to cause a denial of service (memory consumption) via a large number of crafted X.509 certificates. NOTE: this identifier has been SPLIT per ADT3 due to different affected versions. See CVE-2014-9744 for the ClientHello message issue.	2015-08-24	7.8	CVE-2014-8628 CONFIRM CONFIRM SUSE
polarssl — polarssl	Memory leak in PolarSSL before 1.3.9 allows remote attackers to cause a denial of service (memory consumption) via a large number of ClientHello messages. NOTE: this identifier was SPLIT from CVE-2014-8628 per ADT3 due to different affected versions.	2015-08-24	7.8	CVE-2014-9744 CONFIRM SUSE
redhat — openshift	Red Hat OpenShift Enterprise 3.0.0.0 does not properly check permissions, which allows remote authenticated users with build permissions to execute arbitrary shell commands with root permissions on arbitrary build pods via unspecified vectors.	2015-08-24	8.5	CVE-2015-5222 REDHAT

Medium Vulnerabilities

Primary Vendor — Product	Description	Published	CVSS Score	Source & Patch Info
actiontec — _ncs01_firmware	Cross-site request forgery (CSRF) vulnerability on Actiontec GT784WN modems with firmware before NCS01-1.0.13 allows remote attackers to hijack the authentication or intranet connectivity of arbitrary users.	2015-08-23	6.8	CVE-2015-2905 CERT-VN
adobe — livecycle_data_services	Apache Flex BlazeDS, as used in flex-messaging-core.jar in Adobe LiveCycle Data Services (LCDS) 3.0.x before 3.0.0.354170, 4.5 before 4.5.1.354169, 4.6.2 before 4.6.2.354169, and 4.7 before 4.7.0.354169 and other products, allows remote attackers to read arbitrary files via an AMF message containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.	2015-08-24	5.0	CVE-2015-3269 CONFIRM BUGTRAQ
apache — activemq	The LDAPLoginModule implementation the Java Authentication and Authorization Service (JAAS) in Apache ActiveMQ 5.x before 5.10.1 allows wildcard operators in usernames, which allows remote attackers to obtain credentials via a brute force attack. NOTE: this identifier was SPLIT from CVE-2014-3612 per ADT2 due to different vulnerability types.	2015-08-24	5.0	CVE-2015-6524 CONFIRM
apple — quicktime	Apple QuickTime before 7.7.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file, a different vulnerability than CVE-2015-5786.	2015-08-24	6.8	CVE-2015-5785 APPLE CONFIRM
apple — quicktime	Apple QuickTime before 7.7.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file, a different vulnerability than CVE-2015-5785.	2015-08-24	6.8	CVE-2015-5786 APPLE CONFIRM
chaos_tool_suite_project — ctools	Cross-site scripting (XSS) vulnerability in the Ajax handler in Drupal 7.x before 7.39 and the Ctools module 6.x-1.x before 6.x-1.14 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors involving a whitelisted HTML element, possibly related to the “a” tag.	2015-08-24	4.3	CVE-2015-6665 CONFIRM MISC CONFIRM
cisco — asr_5000_series_software	Cisco ASR 5000 devices with software 19.0.M0.60828 allow remote attackers to cause a denial of service (OSPF process restart) via crafted length fields in headers of OSPF packets, aka Bug ID CSCuv62820.	2015-08-22	5.0	CVE-2015-6256 CISCO
cisco — wireless_lan_controller_software	The Internet Access Point Protocol (IAPP) module on Cisco Wireless LAN Controller (WLC) devices with software 8.1(104.37) allows remote attackers to trigger incorrect traffic forwarding via crafted IPv6 packets, aka Bug ID CSCuv40033.	2015-08-22	5.0	CVE-2015-6258 CISCO
cisco — telepresence_video_communication_server_software	Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 allows remote authenticated users to bypass intended access restrictions and read configuration files by leveraging the Mobile and Remote Access (MRA) role and establishing a TFTP session, aka Bug ID CSCuv78531.	2015-08-26	4.0	CVE-2015-6261 CISCO
cisco — prime_infrastructure	Cross-site request forgery (CSRF) vulnerability in Cisco Prime Infrastructure 1.2(0.103) and 2.0(0.0) allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCum49054 and CSCum49059.	2015-08-24	6.8	CVE-2015-6262 CISCO
cisco — application_control_engine_4700	The CLI in Cisco Application Control Engine (ACE) 4700 A5 3.0 and earlier allows local users to bypass intended access restrictions, and read or write to files, by entering an unspecified CLI command with a crafted file as this command’s input, aka Bug ID CSCur23662.	2015-08-26	4.3	CVE-2015-6265 CISCO
conntrack-tools_project — conntrack-tools	conntrackd in conntrack-tools 1.4.2 and earlier does not ensure that the optional kernel modules are loaded before using them, which allows remote attackers to cause a denial of service (crash) via a (1) DCCP, (2) SCTP, or (3) ICMPv6 packet.	2015-08-24	5.0	CVE-2015-6496 CONFIRM MLIST MLIST DEBIAN CONFIRM
dell — sonicwall_netextender_firmware	Unquoted Windows search path vulnerability in the autorun value in Dell SonicWall NetExtender with firmware before 7.5.1.2 and 8.x before 8.0.0.3 allows local users to gain privileges via a Trojan horse program in the %SYSTEMDRIVE% folder.	2015-08-26	4.4	CVE-2015-4173 BUGTRAQ MISC
djangoproject — django	contrib.sessions.middleware.SessionMiddleware in Django 1.8.x before 1.8.4, 1.7.x before 1.7.10, 1.4.x before 1.4.22, and possibly other versions allows remote attackers to cause a denial of service (session store consumption or session record removal) via a large number of requests to contrib.auth.views.logout, which triggers the creation of an empty session record.	2015-08-24	5.0	CVE-2015-5963 MISC UBUNTU
djangoproject — django	The (1) contrib.sessions.backends.base.SessionBase.flush and (2) cache_db.SessionStore.flush functions in Django 1.7.x before 1.7.10, 1.4.x before 1.4.22, and possibly other versions create empty sessions in certain circumstances, which allows remote attackers to cause a denial of service (session store consumption) via unspecified vectors.	2015-08-24	5.0	CVE-2015-5964 MISC UBUNTU
drupal — drupal	Cross-site scripting (XSS) vulnerability in the Autocomplete system in Drupal 6.x before 6.37 and 7.x before 7.39 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, related to uploading files.	2015-08-24	4.3	CVE-2015-6658 CONFIRM
drupal — drupal	The Form API in Drupal 6.x before 6.37 and 7.x before 7.39 does not properly validate the form token, which allows remote attackers to conduct CSRF attacks that upload files in a different user’s account via vectors related to “file upload value callbacks.”	2015-08-24	6.8	CVE-2015-6660 CONFIRM
drupal — drupal	Drupal 6.x before 6.37 and 7.x before 7.39 allows remote attackers to obtain sensitive node titles by reading the menu.	2015-08-24	5.0	CVE-2015-6661 CONFIRM
gnu — glibc	The getaddrinfo function in glibc before 2.15, when compiled with libidn and the AI_IDN flag is used, allows context-dependent attackers to cause a denial of service (invalid free) and possibly execute arbitrary code via unspecified vectors, as demonstrated by an internationalized domain name to ping6.	2015-08-26	5.1	CVE-2013-7424 CONFIRM CONFIRM CONFIRM CONFIRM MLIST REDHAT
gnu — gnutls	Double free vulnerability in GnuTLS before 3.3.17 and 3.4.x before 3.4.4 allows remote attackers to cause a denial of service via a long DistinguishedName (DN) entry in a certificate.	2015-08-24	5.0	CVE-2015-6251 CONFIRM CONFIRM BID MLIST MLIST CONFIRM DEBIAN
hp — operations_manager_i	Unspecified vulnerability in the execve system-call implementation in HP HP-UX B.11.11, B.11.23, and B.11.31 allows local users to gain privileges via unknown vectors.	2015-08-22	4.4	CVE-2015-2132 HP
hp — systems_insight_manager	HP Systems Insight Manager (SIM) before 7.5.0, as used in HP Matrix Operating Environment before 7.5.0 and other products, allows remote authenticated users to obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2015-5403.	2015-08-26	4.0	CVE-2015-2139 HP HP
hp — systems_insight_manager	HP Systems Insight Manager (SIM) before 7.5.0, as used in HP Matrix Operating Environment before 7.5.0 and other products, allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors.	2015-08-26	6.5	CVE-2015-2140 HP HP
hp — hspa+_gobi_4g	The HP lt4112 LTE/HSPA+ Gobi 4G module with firmware before 12.500.00.15.1803 on EliteBook, ElitePad, Elite, ProBook, Spectre, ZBook, and mt41 Thin Client devices allows local users to gain privileges via unspecified vectors.	2015-08-27	6.9	CVE-2015-5367 HP
hp — systems_insight_manager	HP Systems Insight Manager (SIM) before 7.5.0, as used in HP Matrix Operating Environment before 7.5.0 and other products, allows remote authenticated users to obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2015-2139.	2015-08-26	4.0	CVE-2015-5403 HP HP
hp — systems_insight_manager	HP Systems Insight Manager (SIM) before 7.5.0, as used in HP Matrix Operating Environment before 7.5.0 and other products, allows remote authenticated users to obtain sensitive information, modify data, or cause a denial of service via unspecified vectors.	2015-08-26	6.5	CVE-2015-5405 HP HP
hp — centralview_credit_risk_control	HP CentralView Fraud Risk Management 11.1, 11.2, and 11.3; CentralView Revenue Leakage Control 4.1, 4.2, and 4.3; CentralView Dealer Performance Audit 2.0 and 2.1; CentralView Credit Risk Control 2.1, 2.2, and 2.3; CentralView Roaming Fraud Control 2.1, 2.2, and 2.3; and CentralView Subscription Fraud Prevention 2.0 and 2.1 allow remote attackers to obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2015-5406 and CVE-2015-5408.	2015-08-22	6.0	CVE-2015-5407 HP
hp — centralview_credit_risk_control	HP CentralView Fraud Risk Management 11.1, 11.2, and 11.3; CentralView Revenue Leakage Control 4.1, 4.2, and 4.3; CentralView Dealer Performance Audit 2.0 and 2.1; CentralView Credit Risk Control 2.1, 2.2, and 2.3; CentralView Roaming Fraud Control 2.1, 2.2, and 2.3; and CentralView Subscription Fraud Prevention 2.0 and 2.1 allow remote attackers to obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2015-5406 and CVE-2015-5407.	2015-08-22	6.0	CVE-2015-5408 HP
hp — version_control_repository_manager	HP Version Control Repository Manager (VCRM) before 7.5.0 allows remote authenticated users to execute arbitrary code or cause a denial of service via unspecified vectors.	2015-08-26	6.5	CVE-2015-5410 HP
hp — version_control_repository_manager	HP Version Control Repository Manager (VCRM) before 7.5.0 allows remote authenticated users to obtain sensitive information via unspecified vectors.	2015-08-26	6.8	CVE-2015-5411 HP
hp — version_control_repository_manager	Cross-site request forgery (CSRF) vulnerability in HP Version Control Repository Manager (VCRM) before 7.5.0 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors.	2015-08-26	6.0	CVE-2015-5412 HP
hp — version_control_repository_manager	HP Version Control Repository Manager (VCRM) before 7.5.0 allows remote authenticated users to gain privileges and obtain sensitive information via unspecified vectors.	2015-08-26	4.0	CVE-2015-5413 HP
hp — matrix_operating_environment	HP Matrix Operating Environment before 7.5.0 allows remote attackers to obtain sensitive information via unspecified vectors.	2015-08-26	5.0	CVE-2015-5430 HP
hp — matrix_operating_environment	HP Matrix Operating Environment before 7.5.0 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors.	2015-08-26	6.5	CVE-2015-5431 HP
hp — virtual_connect_enterprise_manager_sdk	HP Virtual Connect Enterprise Manager (VCEM) SDK before 7.5.0, as used in HP Matrix Operating Environment before 7.5.0 and other products, allows remote authenticated users to obtain sensitive information via unspecified vectors.	2015-08-26	4.0	CVE-2015-5433 HP HP
ibm — websphere_application_server	IBM WebSphere Application Server 7.x before 7.0.0.39, 8.0.x before 8.0.0.11, and 8.5.x before 8.5.5.7 and WebSphere Virtual Enterprise before 7.0.0.7 allow remote attackers to obtain potentially sensitive information about the proxy-server software by reading the HTTP Via header.	2015-08-22	5.0	CVE-2015-1932 CONFIRM AIXAPAR
ibm — domino	Open redirect vulnerability in the web server in IBM Domino 8.5 before 8.5.3 FP6 IF9 and 9.0 before 9.0.1 FP4 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks or cross-site scripting (XSS) attacks via a crafted URL, aka SPR SJAR9DNGDA.	2015-08-22	5.8	CVE-2015-2014 CONFIRM
ibm — domino	Cross-site scripting (XSS) vulnerability in pubnames.ntf (aka the Directory template) in the web server in IBM Domino before 9.0.0 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka SPR KLYH8WBPRN.	2015-08-22	4.3	CVE-2015-2015 CONFIRM
ibm — websphere_application_server	IBM WebSphere Application Server 7.x before 7.0.0.39, 8.0.x before 8.0.0.11, and 8.5.x before 8.5.5.7 allows remote attackers to spoof servlets and obtain sensitive information via unspecified vectors.	2015-08-22	5.0	CVE-2015-4938 CONFIRM AIXAPAR
ibm — tivoli_storage_fastback_for_microsoft_exchange	The mailbox-restore feature in IBM Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server 6.1 before 6.1.3.6, 6.3 before 6.3.1.3, 6.4 before 6.4.1.4, and 7.1 before 7.1.0.2; Tivoli Storage FlashCopy Manager: FlashCopy Manager for Microsoft Exchange Server 2.1, 2.2, 3.1 before 3.1.1.5, 3.2 before 3.2.1.7, and 4.1 before 4.1.1; and Tivoli Storage Manager FastBack for Microsoft Exchange 6.1 before 6.1.5.4 does not ensure that the correct mailbox is selected, which allows remote authenticated users to obtain sensitive information via a duplicate alias name.	2015-08-23	4.0	CVE-2015-4950 CONFIRM AIXAPAR AIXAPAR
iodata — wn-g54/r2_firmware	I-O DATA DEVICE WN-G54/R2 routers with firmware before 1.03 and NP-BBRS routers allow remote attackers to cause a denial of service (SSDP reflection) via UPnP requests.	2015-08-22	5.0	CVE-2015-2984 CONFIRM JVNDB JVN
kernel — linux-pam	The _unix_run_helper_binary function in the pam_unix module in Linux-PAM (aka pam) before 1.2.1, when unable to directly access passwords, allows local users to enumerate usernames or cause a denial of service (hang) via a large password.	2015-08-24	5.8	CVE-2015-3238 MISC MISC CONFIRM MLIST REDHAT
openbsd — openssh	Use-after-free vulnerability in the mm_answer_pam_free_ctx function in monitor.c in sshd in OpenSSH before 7.0 on non-OpenBSD platforms might allow local users to gain privileges by leveraging control of the sshd uid to send an unexpectedly early MONITOR_REQ_PAM_FREE_CTX request.	2015-08-23	6.9	CVE-2015-6564 CONFIRM MLIST CONFIRM FULLDISC
openstack — neutron	OpenStack Neutron before 2014.2.4 (juno) and 2015.1.x before 2015.1.1 (kilo), when using the IPTables firewall driver, allows remote authenticated users to cause a denial of service (L2 agent crash) by adding an address pair that is rejected by the ipset tool.	2015-08-26	4.0	CVE-2015-3221 CONFIRM REDHAT MLIST
php_kobo — photo_gallery_cms_free	Cross-site scripting (XSS) vulnerability in jquery.lightbox-0.5.min.js in PHP Kobo Photo Gallery CMS for PC, smartphone and feature phone 1.0.1 Free and earlier allows remote authenticated users to inject arbitrary web script or HTML via unspecified input to admin.php.	2015-08-22	4.3	CVE-2015-2982 CONFIRM JVNDB JVN
php_kobo — photo_gallery_cms_free	Cross-site request forgery (CSRF) vulnerability in admin.php in PHP Kobo Photo Gallery CMS for PC, smartphone and feature phone 1.0.1 Free and earlier allows remote attackers to hijack the authentication of arbitrary users.	2015-08-22	6.8	CVE-2015-2983 CONFIRM JVNDB JVN
picketlink — picketlink	The invokeNextValve function in identity/federation/bindings/tomcat/idp/AbstractIDPValve.java in PicketLink before 2.8.0.Beta1 does not properly check role based authorization, which allows remote authenticated users to gain access to restricted application resources via a (1) direct request or (2) request through an SP initiated flow.	2015-08-26	4.0	CVE-2015-3158 CONFIRM CONFIRM CONFIRM REDHAT REDHAT REDHAT REDHAT REDHAT
redhat — mod_cluster	Cross-site scripting (XSS) vulnerability in the manager web interface in mod_cluster before 1.3.2.Alpha1 allows remote attackers to inject arbitrary web script or HTML via a crafted MCMP message.	2015-08-24	4.3	CVE-2015-0298 CONFIRM REDHAT REDHAT
rubygems — rubygems	RubyGems 2.0.x before 2.0.17, 2.2.x before 2.2.5, and 2.4.x before 2.4.8 does not validate the hostname when fetching gems or making API request, which allows remote attackers to redirect requests to arbitrary domains via a crafted DNS SRV record with a domain that is suffixed with the original domain name, aka a “DNS hijack attack.” NOTE: this vulnerability exists because to an incomplete fix for CVE-2015-3900.	2015-08-25	4.3	CVE-2015-4020 MISC MISC CONFIRM CONFIRM CONFIRM
sap — netweaver	XML external entity (XXE) vulnerability in SAP NetWeaver Portal 7.4 allows remote attackers to read arbitrary files and possibly have other unspecified impact via crafted XML data, aka SAP Security Note 2168485.	2015-08-24	6.8	CVE-2015-6662 MISC
sap — afaria	Cross-site scripting (XSS) vulnerability in the Client form in the Device Inspector page in SAP Afaria 7 allows remote attackers to inject arbitrary web script or HTML via crafted client name data, aka SAP Security Note 2152669.	2015-08-24	4.3	CVE-2015-6663 MISC
sap — mobile_platform	XML external entity (XXE) vulnerability in the application import functionality in SAP Mobile Platform 2.3 allows remote attackers to read arbitrary files and possibly have other unspecified impact via crafted XML data, aka SAP Security Note 2152227.	2015-08-24	6.8	CVE-2015-6664 MISC
sgi — xfsprogs	xfs_metadump in xfsprogs before 3.2.4 does not properly obfuscate file data, which allows remote attackers to obtain sensitive information by reading a generated image.	2015-08-25	5.0	CVE-2012-2150 CONFIRM MLIST MLIST MLIST SUSE FEDORA FEDORA FEDORA
trend_micro — deep_discovery_inspector	Multiple cross-site scripting (XSS) vulnerabilities in Trend Micro Deep Discovery Inspector (DDI) on Deep Discovery Threat appliances with software before 3.5.1477, 3.6.x before 3.6.1217, 3.7.x before 3.7.1248, 3.8.x before 3.8.1263, and other versions allow remote attackers to inject arbitrary web script or HTML via (1) crafted input to index.php that is processed by certain Internet Explorer 7 configurations or (2) crafted input to the widget feature.	2015-08-23	4.3	CVE-2015-2872 CERT-VN CONFIRM
trend_micro — deep_discovery_inspector	Trend Micro Deep Discovery Inspector (DDI) on Deep Discovery Threat appliances with software before 3.5.1477, 3.6.x before 3.6.1217, 3.7.x before 3.7.1248, 3.8.x before 3.8.1263, and other versions allows remote attackers to obtain sensitive information or change the configuration via a direct request to the (1) system log URL, (2) whitelist URL, or (3) blacklist URL.	2015-08-23	5.5	CVE-2015-2873 CERT-VN CONFIRM
videolan — vlc_media_player	VideoLAN VLC media player 2.2.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted 3GP file, which triggers the freeing of arbitrary pointers.	2015-08-25	6.8	CVE-2015-5949 MISC CONFIRM BUGTRAQ MLIST MLIST DEBIAN MISC
wireshark — wireshark	The proto_tree_add_bytes_item function in epan/proto.c in the protocol-tree implementation in Wireshark 1.12.x before 1.12.7 does not properly terminate a data structure after a failure to locate a number within a string, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.	2015-08-24	4.3	CVE-2015-6241 CONFIRM CONFIRM CONFIRM
wireshark — wireshark	The wmem_block_split_free_chunk function in epan/wmem/wmem_allocator_block.c in the wmem block allocator in the memory manager in Wireshark 1.12.x before 1.12.7 does not properly consider a certain case of multiple realloc operations that restore a memory chunk to its original size, which allows remote attackers to cause a denial of service (incorrect free operation and application crash) via a crafted packet.	2015-08-24	4.3	CVE-2015-6242 CONFIRM CONFIRM CONFIRM
wireshark — wireshark	The dissector-table implementation in epan/packet.c in Wireshark 1.12.x before 1.12.7 mishandles table searches for empty strings, which allows remote attackers to cause a denial of service (application crash) via a crafted packet, related to the (1) dissector_get_string_handle and (2) dissector_get_default_string_handle functions.	2015-08-24	4.3	CVE-2015-6243 CONFIRM CONFIRM CONFIRM
wireshark — wireshark	The dissect_zbee_secure function in epan/dissectors/packet-zbee-security.c in the ZigBee dissector in Wireshark 1.12.x before 1.12.7 improperly relies on length fields contained in packet data, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.	2015-08-24	4.3	CVE-2015-6244 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM
wireshark — wireshark	epan/dissectors/packet-gsm_rlcmac.c in the GSM RLC/MAC dissector in Wireshark 1.12.x before 1.12.7 uses incorrect integer data types, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.	2015-08-24	4.3	CVE-2015-6245 CONFIRM CONFIRM CONFIRM
wireshark — wireshark	The dissect_wa_payload function in epan/dissectors/packet-waveagent.c in the WaveAgent dissector in Wireshark 1.12.x before 1.12.7 mishandles large tag values, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.	2015-08-24	4.3	CVE-2015-6246 CONFIRM CONFIRM CONFIRM
wireshark — wireshark	The dissect_openflow_tablemod_v5 function in epan/dissectors/packet-openflow_v5.c in the OpenFlow dissector in Wireshark 1.12.x before 1.12.7 does not validate a certain offset value, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.	2015-08-24	4.3	CVE-2015-6247 CONFIRM CONFIRM CONFIRM
wireshark — wireshark	The ptvcursor_add function in the ptvcursor implementation in epan/proto.c in Wireshark 1.12.x before 1.12.7 does not check whether the expected amount of data is available, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.	2015-08-24	4.3	CVE-2015-6248 CONFIRM CONFIRM CONFIRM CONFIRM
wireshark — wireshark	The dissect_wccp2r1_address_table_info function in epan/dissectors/packet-wccp.c in the WCCP dissector in Wireshark 1.12.x before 1.12.7 does not prevent the conflicting use of a table for both IPv4 and IPv6 addresses, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.	2015-08-24	4.3	CVE-2015-6249 CONFIRM CONFIRM CONFIRM
zend — zend_framework	The Zend_Xml_Security::scan in ZendXml before 1.0.1 and Zend Framework before 1.12.14, 2.x before 2.4.6, and 2.5.x before 2.5.2, when running under PHP-FPM in a threaded environment, allows remote attackers to bypass security checks and conduct XML external entity (XXE) and XML entity expansion (XEE) attacks via multibyte encoded characters.	2015-08-25	6.8	CVE-2015-5161 EXPLOIT-DB BID DEBIAN FULLDISC MISC FEDORA MISC CONFIRM

Low Vulnerabilities

Primary Vendor — Product	Description	Published	CVSS Score	Source & Patch Info
cisco — prime_infrastructure	Cisco Prime Infrastructure (PI) 1.4(0.45) and earlier, when AAA authentication is used, allows remote authenticated users to bypass intended access restrictions via a username with a modified composition of lowercase and uppercase characters, aka Bug ID CSum59958.	2015-08-22	3.5	CVE-2015-4331 CISCO
emc — documentum_d2	Lockbox in EMC Documentum D2 before 4.5 uses a hardcoded passphrase when a server lacks a D2.Lockbox file, which makes it easier for remote authenticated users to decrypt admin tickets by locating this passphrase in a decompiled D2 JAR archive.	2015-08-22	3.5	CVE-2015-4537 BUGTRAQ
ibm — integration_bus	IBM Integration Bus 9 and 10 before 10.0.0.1 and WebSphere Message Broker 7 before 7.0.0.8 and 8 before 8.0.0.7 do not ensure that the correct security profile is selected, which allows remote authenticated users to obtain sensitive information via unspecified vectors.	2015-08-23	3.5	CVE-2015-2018 CONFIRM AIXAPAR
ibm — tivoli_storage_flashcopy_manager	IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server 7.1 before 7.1.2, Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server 7.1 before 7.1.2, and Tivoli Storage FlashCopy Manager 4.1 before 4.1.2 place cleartext passwords in exception messages, which allows physically proximate attackers to obtain sensitive information by reading GUI pop-up windows, a different vulnerability than CVE-2015-6557.	2015-08-22	2.1	CVE-2015-4949 CONFIRM AIXAPAR
ibm — tivoli_storage_flashcopy_manager	IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server 5.5 before 5.5.6.1, 6.3 before 6.3.1.5, 6.4 before 6.4.1.7, and 7.1 before 7.1.2; Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server 5.5 before 5.5.1.1, 6.1 before 6.1.3.7, 6.3 before 6.3.1.5, 6.4 before 6.4.1.7, and 7.1 before 7.1.2; and Tivoli Storage FlashCopy Manager 3.1 before 3.1.1.5, 3.2 before 3.2.1.7, and 4.1 before 4.1.2, when application tracing is used, place cleartext passwords in exception messages, which allows physically proximate attackers to obtain sensitive information by reading trace output, a different vulnerability than CVE-2015-4949.	2015-08-22	2.1	CVE-2015-6557 CONFIRM AIXAPAR
libunwind_project — libunwind	Off-by-one error in the dwarf_to_unw_regnum function in include/dwarf_i.h in libunwind 1.1 allows local users to have unspecified impact via invalid dwarf opcodes.	2015-08-26	3.3	CVE-2015-3239 CONFIRM REDHAT CONFIRM
mantisbt — mantisbt	Cross-site scripting (XSS) vulnerability in the “set configuration” box in the Configuration Report page (adm_config_report.php) in MantisBT 1.2.13 through 1.2.17 allows remote administrators to inject arbitrary web script or HTML via the config_option parameter, a different vulnerability than CVE-2014-8986.	2015-08-24	3.5	CVE-2014-8987 CONFIRM MLIST MLIST MLIST MLIST MLIST CONFIRM
openbsd — openssh	The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD platforms accepts extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests, which allows local users to conduct impersonation attacks by leveraging any SSH login access in conjunction with control of the sshd uid to send a crafted MONITOR_REQ_PWNAM request, related to monitor.c and monitor_wrap.c.	2015-08-23	1.9	CVE-2015-6563 CONFIRM MLIST CONFIRM FULLDISC
qemu — qemu	The slirp_smb function in net/slirp.c in QEMU 2.3.0 and earlier creates temporary files with predictable names, which allows local users to cause a denial of service (instantiation failure) by creating /tmp/qemu-smb.- files before the program.	2015-08-26	1.9	CVE-2015-4037 CONFIRM MLIST MLIST MLIST DEBIAN DEBIAN

This product is provided subject to this Notification and this Privacy & Use policy.

US-CERT

Adobe Releases Security Update for ColdFusion

August 28, 2015 007admin Leave a comment

Original release date: August 28, 2015

Adobe has released a security update for ColdFusion to address a vulnerability. Exploitation of this vulnerability may allow a remote attacker to obtain sensitive information from an affected system.

Users and administrators are encouraged to review the Adobe Security Bulletin APSB15-21 and apply the necessary update.

This product is provided subject to this Notification and this Privacy & Use policy.

US-CERT

Mozilla Releases Security Updates for Firefox

August 27, 2015 007admin Leave a comment

Original release date: August 27, 2015

The Mozilla Foundation has released security updates to address a critical vulnerability in Firefox and Firefox ESR. Exploitation of this vulnerability may allow a remote attacker to take control of an affected system.

Available updates include:

Firefox 40.0.3
Firefox ESR 38.2.1

US-CERT encourages users and administrators to review the Security Advisories for Firefox and Firefox ESR and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

007 Software

Category Archives: US-CERT

SB15-257: Vulnerability Summary for the Week of September 7, 2015

High Vulnerabilities

Medium Vulnerabilities

Low Vulnerabilities

Microsoft Releases September 2015 Security Bulletin

Adobe Releases Security Update for Shockwave Player

SB15-250: Vulnerability Summary for the Week of August 31, 2015

High Vulnerabilities

Medium Vulnerabilities

Low Vulnerabilities

Cisco Releases Security Updates

Internet Systems Consortium (ISC) Releases Security Updates for BIND

Google Releases Security Update for Chrome

SB15-243: Vulnerability Summary for the Week of August 24, 2015

High Vulnerabilities

Medium Vulnerabilities

Low Vulnerabilities

Adobe Releases Security Update for ColdFusion

Mozilla Releases Security Updates for Firefox

Software and Security Information