Category Archives: US-CERT

US-CERT Alerts – Alerts warn about vulnerabilities, incidents, and other security issues that pose a significant risk.

Fiat Chrysler Automobiles (FCA) Uconnect Vulnerability

Original release date: July 27, 2015

A vulnerability affecting the Uconnect software from FCA has been reported. Exploitation of this vulnerability may allow an unauthorized user to take remote control of an affected vehicle, but the attack requires access to Sprint’s cellular network, which connects FCA vehicles to the Internet. Sprint has blocked the port used for attacks. FCA and the National Highway Transportation Safety Administration (NHTSA) have also initiated a safety recall for all potentially affected Chrysler, Dodge, Jeep, and Ram models. See the NHTSA recall announcement for a complete list.

US-CERT recommends that users review ICS Alert 15-203-01 and Vulnerability Note VU#819439 for more information. Uconnect users are encouraged to review the NHTSA recall announcement and apply the software update.


This product is provided subject to this Notification and this Privacy & Use policy.

SB15-208: Vulnerability Summary for the Week of July 20, 2015

Original release date: July 27, 2015

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0

  • Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9

  • Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
adobe — air Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler before 18.0.0.180 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-3117, CVE-2015-3123, CVE-2015-3130, CVE-2015-3133, CVE-2015-3134, and CVE-2015-4431. 2015-07-20 10.0 CVE-2015-5124
CONFIRM
cisco — application_policy_infrastructure_controller_(apic) Cisco Application Policy Infrastructure Controller (APIC) devices with software before 1.0(3o) and 1.1 before 1.1(1j) and Nexus 9000 ACI devices with software before 11.0(4o) and 11.x before 11.1(1j) do not properly restrict access to the APIC filesystem, which allows remote authenticated users to obtain root privileges via unspecified use of the APIC cluster-management configuration feature, aka Bug IDs CSCuu72094 and CSCuv11991. 2015-07-24 9.0 CVE-2015-4235
CISCO
cisco — unified_meetingplace_web_conferencing The password-change feature in Cisco Unified MeetingPlace Web Conferencing 8.5 before 8.5(5) MR3 and 8.6 before 8.6(2) does not check the session ID or require entry of the current password, which allows remote attackers to reset arbitrary passwords via a crafted HTTP request, aka Bug ID CSCuu51839. 2015-07-24 10.0 CVE-2015-4262
CISCO
cisco — unified_computing_system The Manager component in Cisco Unified Computing System (UCS) 2.2(3b) on B Blade Server devices allows local users to gain privileges for executing arbitrary CLI commands by leveraging access to the subordinate fabric interconnect, aka Bug ID CSCut32778. 2015-07-20 7.2 CVE-2015-4279
CISCO
cisco — videoscape_policy_resource_manager Cisco Videoscape Policy Resource Manager (PRM) 3.5.4 allows remote attackers to cause a denial of service (CPU and memory consumption, and TCP service outage) via (1) a SYN flood or (2) another type of TCP traffic flood, aka Bug IDs CSCuu35104 and CSCuu35128. 2015-07-21 7.8 CVE-2015-4283
CISCO
eaton — proview Eaton Cooper Power Systems ProView 4.0 and 5.0 before 5.0 11 on Form 6 controls and Idea and IdeaPLUS relays generates TCP initial sequence number (ISN) values linearly, which makes it easier for remote attackers to spoof TCP sessions by predicting an ISN value. 2015-07-19 9.3 CVE-2014-9196
MISC
emc — avamar_server Directory traversal vulnerability in EMC Avamar Server 7.x before 7.1.2 and Avamar Virtual Addition (AVE) 7.x before 7.1.2 allows remote attackers to read arbitrary files by using the Avamar Desktop/Laptop client interface to send crafted parameters. 2015-07-23 7.8 CVE-2015-4527
BUGTRAQ
fca — uconnect Unspecified vulnerability in Uconnect 15.26.1, as used in certain Fiat Chrysler Automobiles (FCA), allows remote attackers in the same cellular network to control vehicle movement, cause human harm or physical damage, or modify dashboard settings via vectors related to modification of entertainment-system firmware and access of the CAN bus due to insufficient “Radio security protection,” as demonstrated on a 2014 Jeep Cherokee Limited FWD. 2015-07-21 8.3 CVE-2015-5611
MISC
MISC
MISC
MISC
MISC
MISC
gemalto_safenet_luna_hsm — – Unspecified vulnerability on the Gemalto SafeNet Luna HSM has unknown impact and attack vectors. 2015-07-22 10.0 CVE-2015-5464
CONFIRM
google — chrome Use-after-free vulnerability in the GPU process implementation in Google Chrome before 44.0.2403.89 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging the continued availability of a GPUChannelHost data structure during Blink shutdown, related to content/browser/gpu/browser_gpu_channel_host_factory.cc and content/renderer/render_thread_impl.cc. 2015-07-22 7.5 CVE-2015-1272
CONFIRM
MISC
CONFIRM
CONFIRM
google — chrome Use-after-free vulnerability in content/browser/indexed_db/indexed_db_backing_store.cc in the IndexedDB implementation in Google Chrome before 44.0.2403.89 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging an abort action before a certain write operation. 2015-07-22 7.5 CVE-2015-1276
CONFIRM
CONFIRM
CONFIRM
google — chrome Use-after-free vulnerability in the accessibility implementation in Google Chrome before 44.0.2403.89 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging lack of certain validity checks for accessibility-tree data structures. 2015-07-22 7.5 CVE-2015-1277
CONFIRM
CONFIRM
CONFIRM
CONFIRM
google — chrome Integer overflow in the CJBig2_Image::expand function in fxcodec/jbig2/JBig2_Image.cpp in PDFium, as used in Google Chrome before 44.0.2403.89, allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via large height and stride values. 2015-07-22 7.5 CVE-2015-1279
CONFIRM
CONFIRM
CONFIRM
CONFIRM
google — chrome SkPictureShader.cpp in Skia, as used in Google Chrome before 44.0.2403.89, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging access to a renderer process and providing crafted serialized data. 2015-07-22 7.5 CVE-2015-1280
CONFIRM
CONFIRM
CONFIRM
google — chrome The LocalFrame::isURLAllowed function in core/frame/LocalFrame.cpp in Blink, as used in Google Chrome before 44.0.2403.89, does not properly check for a page’s maximum number of frames, which allows remote attackers to cause a denial of service (invalid count value and use-after-free) or possibly have unspecified other impact via crafted JavaScript code that makes many createElement calls for IFRAME elements. 2015-07-22 7.5 CVE-2015-1284
CONFIRM
CONFIRM
CONFIRM
google — chrome Multiple unspecified vulnerabilities in Google Chrome before 44.0.2403.89 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. 2015-07-22 7.5 CVE-2015-1289
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
ibm — db2 The scalar-function implementation in IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 before FP5, and 10.5 through FP5 on Linux, UNIX, and Windows allows remote attackers to cause a denial of service or execute arbitrary code via unspecified vectors. 2015-07-19 8.0 CVE-2015-1935
CONFIRM
AIXAPAR
AIXAPAR
AIXAPAR
AIXAPAR
microsoft — windows_7 Buffer underflow in atmfd.dll in the Windows Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a crafted OpenType font, aka “OpenType Font Driver Vulnerability.” 2015-07-20 9.3 CVE-2015-2426
CERT-VN
MS
MISC
nvidia — gpu_driver The NVIDIA GPU driver for FreeBSD R352 before 352.09, 346 before 346.72, R349 before 349.16, R343 before 343.36, R340 before 340.76, R337 before 337.25, R334 before 334.21, R331 before 331.113, and R304 before 304.125 allows local users with certain permissions to read or write arbitrary kernel memory via unspecified vectors that trigger an untrusted pointer dereference. 2015-07-17 7.2 CVE-2015-3625
CONFIRM
siemens — siprotec_firmware The EN100 module with firmware before 4.25 for Siemens SIPROTEC 4 and SIPROTEC Compact devices allows remote attackers to cause a denial of service via crafted packets on UDP port 50000. 2015-07-18 7.8 CVE-2015-5374
CONFIRM
sysphonic — thetis Multiple SQL injection vulnerabilities in Sysphonic Thetis before 2.3.0 allow remote attackers to execute arbitrary SQL commands via unspecified vectors. 2015-07-19 7.5 CVE-2015-2972
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
JVNDB
JVN
tibco — silver_fabric_enabler_for_spotfire_webplayer Multiple unspecified vulnerabilities in TIBCO Spotfire Client and Spotfire Web Player Client in Spotfire Analyst before 5.5.2, 6.0.x before 6.0.3, 6.5.x before 6.5.3, and 7.0.x before 7.0.1; Spotfire Analytics Platform for AWS 6.5 and 7.0.x before 7.0.1; Spotfire Automation Services before 5.5.2, 6.0.x before 6.0.3, 6.5.x before 6.5.3, and 7.0.x before 7.0.1; Spotfire Deployment Kit before 5.5.2, 6.0.x before 6.0.3, 6.5.x before 6.5.3, and 7.0.x before 7.0.1; Spotfire Desktop before 6.5.2 and 7.0.x before 7.0.1; Spotfire Desktop Language Packs 7.0.x before 7.0.1; Spotfire Professional before 5.5.2, 6.0.x before 6.0.3, 6.5.x before 6.5.3, and 7.0.x before 7.0.1; Spotfire Web Player before 5.5.2, 6.0.x before 6.0.3, 6.5.x before 6.5.3, and 7.0.x before 7.0.1; and Silver Fabric Enabler for Spotfire Web Player before 2.1.1 allow remote attackers to execute arbitrary code or obtain sensitive information via unknown vectors. 2015-07-21 7.5 CVE-2015-4554
CONFIRM
CONFIRM

Back to top

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
apache — http_server The read_request_line function in server/protocol.c in the Apache HTTP Server 2.4.12 does not initialize the protocol structure member, which allows remote attackers to cause a denial of service (NULL pointer dereference and process crash) by sending a request that lacks a method to an installation that enables the INCLUDES filter and has an ErrorDocument 400 directive specifying a local URI. 2015-07-20 5.0 CVE-2015-0253
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apache — http_server The chunked transfer coding implementation in the Apache HTTP Server before 2.4.14 does not properly parse chunk headers, which allows remote attackers to conduct HTTP request smuggling attacks via a crafted request, related to mishandling of large chunk-size values and invalid chunk-extension characters in modules/http/http_filters.c. 2015-07-20 5.0 CVE-2015-3183
CONFIRM
CONFIRM
CONFIRM
apache — http_server The ap_some_auth_required function in server/request.c in the Apache HTTP Server 2.4.x before 2.4.14 does not consider that a Require directive may be associated with an authorization setting rather than an authentication setting, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging the presence of a module that relies on the 2.2 API behavior. 2015-07-20 4.3 CVE-2015-3185
CONFIRM
CONFIRM
CONFIRM
blackberry — blackberry_link mc_demux_mp4_ds.ax in an unspecified third-party codec demux in BlackBerry Link before 1.2.3.53 with installer before 1.1.0.22 allows remote attackers to execute arbitrary code via a crafted MP4 file. 2015-07-19 6.8 CVE-2015-4111
CONFIRM
cisco — webex_training_center Cross-site scripting (XSS) vulnerability in Cisco WebEx Meeting Center allows remote attackers to inject arbitrary web script or HTML via an unspecified value, aka Bug ID CSCuv01955. 2015-07-21 4.3 CVE-2015-4246
CISCO
cisco — prime_collaboration Cisco Prime Collaboration Assurance 10.0 allows remote attackers to cause a denial of service (HTTP service outage) via a crafted HTTP request, aka Bug ID CSCum38844. 2015-07-18 5.0 CVE-2015-4280
CISCO
cisco — webex_meetings_server Cross-site request forgery (CSRF) vulnerability in Cisco WebEx Meetings Server 2.5 MR1 allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCus56150 and CSCus56146. 2015-07-22 6.8 CVE-2015-4281
CISCO
cisco — ios_xr The Concurrent Data Management Replication process in Cisco IOS XR 5.3.0 on ASR 9000 devices allows remote attackers to cause a denial of service (BGP process reload) via malformed BGPv4 packets, aka Bug ID CSCur70670. 2015-07-22 5.0 CVE-2015-4284
CISCO
cisco — ios_xr The Local Packet Transport Services (LPTS) implementation in Cisco IOS XR 5.1.2, 5.1.3, 5.2.1, and 5.2.2 on ASR9k devices makes incorrect decisions about the opening of TCP and UDP ports during the processing of flow base entries, which allows remote attackers to cause a denial of service (resource consumption) by sending traffic to these ports continuously, aka Bug ID CSCur88273. 2015-07-23 5.0 CVE-2015-4285
CISCO
cisco — adaptive_security_appliance_software The TLS implementation in the Cavium cryptographic-module firmware, as distributed with Cisco Adaptive Security Appliance (ASA) Software 9.1(5.21) and other products, does not verify the MAC field, which allows man-in-the-middle attackers to spoof TLS content by modifying packets, aka Bug ID CSCuu52976. 2015-07-18 4.3 CVE-2015-4458
CISCO
ghisler — total_commander The FileInfo plugin before 2.22 for Ghisler Total Commander allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via (1) a large Size value in the Archive Member Header of a COFF Archive Library file, (2) a large Number Of Symbols value in the 1st Linker Member of a COFF Archive Library file, (3) a large Resource Table Count value in the LE Header of a Linear Executable file, or (4) a large value in a certain Object field in a Resource Table Entry in a Linear Executable file. 2015-07-21 5.0 CVE-2015-2869
CERT-VN
MISC
MISC
google — chrome The ucnv_io_getConverterName function in common/ucnv_io.cpp in International Components for Unicode (ICU), as used in Google Chrome before 44.0.2403.89, mishandles converter names with initial x- substrings, which allows remote attackers to cause a denial of service (read of uninitialized memory) or possibly have unspecified other impact via a crafted file. 2015-07-22 6.8 CVE-2015-1270
CONFIRM
CONFIRM
CONFIRM
CONFIRM
google — chrome PDFium, as used in Google Chrome before 44.0.2403.89, does not properly handle certain out-of-memory conditions, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted PDF document that triggers a large memory allocation. 2015-07-22 6.8 CVE-2015-1271
CONFIRM
CONFIRM
CONFIRM
google — chrome Heap-based buffer overflow in j2k.c in OpenJPEG before r3002, as used in PDFium in Google Chrome before 44.0.2403.89, allows remote attackers to cause a denial of service or possibly have unspecified other impact via invalid JPEG2000 data in a PDF document. 2015-07-22 6.8 CVE-2015-1273
CONFIRM
CONFIRM
CONFIRM
google — chrome Google Chrome before 44.0.2403.89 does not ensure that the auto-open list omits all dangerous file types, which makes it easier for remote attackers to execute arbitrary code by providing a crafted file and leveraging a user’s previous “Always open files of this type” choice, related to download_commands.cc and download_prefs.cc. 2015-07-22 6.8 CVE-2015-1274
CONFIRM
CONFIRM
CONFIRM
google — chrome Cross-site scripting (XSS) vulnerability in org/chromium/chrome/browser/UrlUtilities.java in Google Chrome before 44.0.2403.89 on Android allows remote attackers to inject arbitrary web script or HTML via a crafted intent: URL, as demonstrated by a trailing alert(document.cookie);// substring, aka “Universal XSS (UXSS).” 2015-07-22 4.3 CVE-2015-1275
CONFIRM
CONFIRM
CONFIRM
google — chrome content/browser/web_contents/web_contents_impl.cc in Google Chrome before 44.0.2403.89 does not ensure that a PDF document’s modal dialog is closed upon navigation to an interstitial page, which allows remote attackers to spoof URLs via a crafted document, as demonstrated by the alert_dialog.pdf document. 2015-07-22 4.3 CVE-2015-1278
CONFIRM
CONFIRM
CONFIRM
CONFIRM
google — chrome core/loader/ImageLoader.cpp in Blink, as used in Google Chrome before 44.0.2403.89, does not properly determine the V8 context of a microtask, which allows remote attackers to bypass Content Security Policy (CSP) restrictions by providing an image from an unintended source. 2015-07-22 4.3 CVE-2015-1281
CONFIRM
CONFIRM
CONFIRM
google — chrome Multiple use-after-free vulnerabilities in fpdfsdk/src/javascript/Document.cpp in PDFium, as used in Google Chrome before 44.0.2403.89, allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF document, related to the (1) Document::delay and (2) Document::DoFieldDelay functions. 2015-07-22 6.8 CVE-2015-1282
CONFIRM
CONFIRM
CONFIRM
google — chrome Multiple integer overflows in the XML_GetBuffer function in Expat through 2.1.0, as used in Google Chrome before 44.0.2403.89 and other products, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted XML data, a related issue to CVE-2015-2716. 2015-07-22 6.8 CVE-2015-1283
CONFIRM
CONFIRM
CONFIRM
google — chrome The XSSAuditor::canonicalize function in core/html/parser/XSSAuditor.cpp in the XSS auditor in Blink, as used in Google Chrome before 44.0.2403.89, does not properly choose a truncation point, which makes it easier for remote attackers to obtain sensitive information via an unspecified linear-time attack. 2015-07-22 5.0 CVE-2015-1285
CONFIRM
CONFIRM
CONFIRM
google — chrome Cross-site scripting (XSS) vulnerability in the V8ContextNativeHandler::GetModuleSystem function in extensions/renderer/v8_context_native_handler.cc in Google Chrome before 44.0.2403.89 allows remote attackers to inject arbitrary web script or HTML by leveraging the lack of a certain V8 context restriction, aka a Blink “Universal XSS (UXSS).” 2015-07-22 4.3 CVE-2015-1286
CONFIRM
CONFIRM
CONFIRM
CONFIRM
google — chrome Blink, as used in Google Chrome before 44.0.2403.89, enables a quirks-mode exception that limits the cases in which a Cascading Style Sheets (CSS) document is required to have the text/css content type, which allows remote attackers to bypass the Same Origin Policy via a crafted web site, related to core/fetch/CSSStyleSheetResource.cpp. 2015-07-22 4.3 CVE-2015-1287
CONFIRM
CONFIRM
CONFIRM
google — chrome The Spellcheck API implementation in Google Chrome before 44.0.2403.89 does not use an HTTPS session for downloading a Hunspell dictionary, which allows man-in-the-middle attackers to deliver incorrect spelling suggestions or possibly have unspecified other impact via a crafted file, a related issue to CVE-2015-1263. 2015-07-22 6.8 CVE-2015-1288
CONFIRM
CONFIRM
CONFIRM
google — chrome The regular-expression implementation in Google V8, as used in Google Chrome before 44.0.2403.89, mishandles interrupts, which allows remote attackers to cause a denial of service (application crash) via crafted JavaScript code, as demonstrated by an error in garbage collection during allocation of a stack-overflow exception message. 2015-07-22 5.0 CVE-2015-5605
CONFIRM
CONFIRM
CONFIRM
CONFIRM
hp — system_management_homepage Cross-site request forgery (CSRF) vulnerability in HP System Management Homepage (SMH) before 7.5.0 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors. 2015-07-21 6.0 CVE-2015-2134
HP
ibm — db2 IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 before FP5, and 10.5 through FP5 on Linux, UNIX, and Windows allows remote authenticated users to read arbitrary text files via a crafted XML/XSLT function in a SELECT statement. 2015-07-19 4.0 CVE-2014-8910
CONFIRM
AIXAPAR
AIXAPAR
AIXAPAR
AIXAPAR
ibm — db2 IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 before FP5, and 10.5 through FP5 on Linux, UNIX, and Windows allows remote authenticated users to cause a denial of service (daemon crash) by leveraging an unspecified scalar function in a SQL statement. 2015-07-19 6.8 CVE-2015-0157
CONFIRM
AIXAPAR
AIXAPAR
AIXAPAR
AIXAPAR
ibm — db2 IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 before FP5, and 10.5 through FP5 on Linux, UNIX, and Windows allows remote authenticated users to read certain administrative files via crafted use of an automated-maintenance policy stored procedure. 2015-07-19 4.0 CVE-2015-1883
CONFIRM
AIXAPAR
AIXAPAR
AIXAPAR
AIXAPAR
ibm — business_process_manager The REST API in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, 8.5.5 through 8.5.5.0, and 8.5.6 through 8.5.6.0 allows remote authenticated users to bypass intended access restrictions on task-variable value changes via unspecified vectors. 2015-07-21 4.0 CVE-2015-1905
CONFIRM
AIXAPAR
ibm — infosphere_master_data_management IBM InfoSphere Master Data Management Collaborative Edition 9.1, 10.1, 11.0, 11.3, and 11.4 before FP03 allows remote authenticated users to obtain sensitive information via a crafted request, which reveals the full path in an error message. 2015-07-19 4.0 CVE-2015-1982
CONFIRM
ibm — infosphere_master_data_management IBM InfoSphere Master Data Management Collaborative Edition 9.1, 10.1, 11.0, 11.3, and 11.4 before FP03 allows remote authenticated users to bypass intended access restrictions and read arbitrary profiles via unspecified vectors, as demonstrated by discovering usernames for use in brute-force attacks. 2015-07-19 4.0 CVE-2015-1984
CONFIRM
kaseya — virtual_system_administrator Directory traversal vulnerability in Kaseya Virtual System Administrator (VSA) 7.x before 7.0.0.29, 8.x before 8.0.0.18, 9.0 before 9.0.0.14, and 9.1 before 9.1.0.4 allows remote authenticated users to read arbitrary files via a crafted HTTP request. 2015-07-20 4.0 CVE-2015-2862
CERT-VN
kaseya — virtual_system_administrator Open redirect vulnerability in Kaseya Virtual System Administrator (VSA) 7.x before 7.0.0.29, 8.x before 8.0.0.18, 9.0 before 9.0.0.14, and 9.1 before 9.1.0.4 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. 2015-07-20 4.3 CVE-2015-2863
CERT-VN
microsoft — malicious_software_removal_tool Race condition in Microsoft Malicious Software Removal Tool (MSRT) before 5.26 allows local users to gain privileges via a crafted DLL, aka “MSRT Race Condition Vulnerability.” 2015-07-20 6.9 CVE-2015-2418
CONFIRM
netiq — security_solutions_for_iseries Multiple stack-based buffer overflows in the SafeShellExecute method in the NetIQExecObject.NetIQExec.1 ActiveX control in NetIQExec.dll in NetIQ Security Solutions for iSeries 8.1 allow remote attackers to execute arbitrary code via long arguments, aka ZDI-CAN-2699. 2015-07-18 6.8 CVE-2015-0795
CONFIRM
MISC
novell — groupwise Multiple cross-site scripting (XSS) vulnerabilities in WebAccess in Novell GroupWise 2012 before Support Pack 4 and 2014 before Support Pack 2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2015-07-22 4.3 CVE-2014-0611
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
seeds — acmailer Directory traversal vulnerability in Seeds acmailer before 3.8.18 and 3.9.x before 3.9.12 Beta allows remote authenticated users to delete arbitrary files via a crafted string. 2015-07-19 5.5 CVE-2015-2971
CONFIRM
JVNDB
JVN
solarwinds — n-able_n-central The RSM (aka RSMWinService) service in SolarWinds N-Able N-Central before 9.5.1.4514 uses the same password decryption key across different customers’ installations, which makes it easier for remote authenticated users to obtain the cleartext domain-administrator password by locating the encrypted password within HTML source code and then leveraging knowledge of this key from another installation. 2015-07-21 4.0 CVE-2015-5610
CERT-VN
wireshark — wireshark The dissect_wccp2r1_address_table_info function in epan/dissectors/packet-wccp.c in the WCCP dissector in Wireshark 1.12.x before 1.12.6 does not properly determine whether enough memory is available for storing IP address strings, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. 2015-07-21 5.0 CVE-2015-4651
CONFIRM
CONFIRM
CONFIRM
wireshark — wireshark epan/dissectors/packet-gsm_a_dtap.c in the GSM DTAP dissector in Wireshark 1.12.x before 1.12.6 does not properly validate digit characters, which allows remote attackers to cause a denial of service (application crash) via a crafted packet, related to the de_emerg_num_list and de_bcd_num functions. 2015-07-21 4.3 CVE-2015-4652
CONFIRM
CONFIRM
CONFIRM

Back to top

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
ibm — rational_collaborative_lifecycle_management Cross-site scripting (XSS) vulnerability in Jazz Team Server in Jazz Foundation in IBM Rational Collaborative Lifecycle Management (CLM) 4.x before 4.0.7 IF6 and 5.x before 5.0.2 IF5; Rational Quality Manager (RQM) 4.x before 4.0.7 IF6 and 5.x before 5.0.2 IF5; Rational Team Concert (RTC) 4.x before 4.0.7 IF6 and 5.x before 5.0.2 IF5; Rational Requirements Composer (RRC) 4.x through 4.0.7; and Rational DOORS Next Generation (RDNG) 4.x before 4.0.7 IF6 and 5.x before 5.0.2 IF5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. 2015-07-19 3.5 CVE-2015-0130
CONFIRM
ibm — business_process_manager Cross-site scripting (XSS) vulnerability in the REST API in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, 8.5.5 through 8.5.5.0, and 8.5.6 through 8.5.6.0 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. 2015-07-21 3.5 CVE-2015-1906
CONFIRM
AIXAPAR
ibm — db2 The Data Movement implementation in IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 before FP5, and 10.5 through FP5 on Linux, UNIX, and Windows allows remote authenticated users to bypass intended access restrictions and delete table rows via unspecified vectors. 2015-07-19 3.5 CVE-2015-1922
AIXAPAR
CONFIRM
AIXAPAR
AIXAPAR
AIXAPAR
ibm — infosphere_master_data_management Cross-site scripting (XSS) vulnerability in IBM InfoSphere Master Data Management Collaborative Edition 9.1, 10.1, 11.0, 11.3, and 11.4 before FP03 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. 2015-07-19 3.5 CVE-2015-1968
CONFIRM
ibm — case_manager Multiple cross-site scripting (XSS) vulnerabilities in the Error dialog in IBM Case Manager 5.2.1 before 5.2.1.2 allow remote authenticated users to inject arbitrary web script or HTML via crafted input to the (1) addressability or (2) comments component. 2015-07-19 3.5 CVE-2015-1979
CONFIRM
ibm — infosphere_master_data_management IBM InfoSphere Master Data Management Collaborative Edition 9.1, 10.1, 11.0, 11.3, and 11.4 before FP03 allows remote authenticated users to conduct clickjacking attacks via unspecified vectors. 2015-07-19 3.5 CVE-2015-1980
CONFIRM

Back to top


This product is provided subject to this Notification and this Privacy & Use policy.

WordPress Releases Security Update

Original release date: July 23, 2015

WordPress 4.2.2 and prior versions contain critical cross-site scripting vulnerabilities. Exploitation of these vulnerabilities could allow a remote attacker to take control of an affected website.

Users and administrators are encouraged to review the WordPress Security and Maintenance Release and upgrade to WordPress 4.2.3.


This product is provided subject to this Notification and this Privacy & Use policy.

Cisco Releases Security Updates

Original release date: July 23, 2015

Cisco has released security updates to address vulnerabilities in its Application Policy Infrastructure Controller, IOS software, and the Unified MeetingPlace Conferencing products. Exploitation of these vulnerabilities may allow a remote attacker to gain unauthorized access, cause a denial-of-service condition, or take control of the affected application.

US-CERT encourages users and administrators to review the Cisco Security Advisories cisco-sa-20150722-apic, cisco-sa-20150722-tftp, and cisco-sa-20150722-mp and apply the necessary updates.


This product is provided subject to this Notification and this Privacy & Use policy.

Google Releases Security Update for Chrome

Original release date: July 21, 2015

Google has released Chrome version 44.0.2403.89 for Windows, Mac, and Linux to address multiple vulnerabilities. Exploitation of one of these vulnerabilities may allow an attacker to take control of an affected system.

Users and administrators are encouraged to review the Chrome Releases page and apply the necessary update.


This product is provided subject to this Notification and this Privacy & Use policy.

Microsoft Releases Security Update

Original release date: July 20, 2015

Microsoft has released a security update to address a critical vulnerability in Windows. Exploitation of this vulnerability may allow a remote attacker to take control of an affected system.

US-CERT encourages users and administrators to review Microsoft Security Bulletin MS15-078 and apply the necessary update.


This product is provided subject to this Notification and this Privacy & Use policy.

Oracle Releases July 2015 Security Advisory

Original release date: July 14, 2015

Oracle has released security fixes to address 193 vulnerabilities as part of its quarterly Critical Patch Update. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system.

Users and administrators are encouraged to review the Oracle July 2015 Critical Patch Update and apply the necessary updates.


This product is provided subject to this Notification and this Privacy & Use policy.

TA15-195A: Adobe Flash and Microsoft Windows Vulnerabilities

Original release date: July 14, 2015 | Last revised: July 15, 2015

Systems Affected

Microsoft Windows systems with Adobe Flash Player installed.

Overview

Used in conjunction, recently disclosed vulnerabilities in Adobe Flash and Microsoft Windows may allow a remote attacker to execute arbitrary code with system privileges. Since attackers continue to target and find new vulnerabilities in popular, Internet-facing software, updating is not sufficient, and it is important to use exploit mitigation and other defensive techniques.

Description

The following vulnerabilities illustrate the need for ongoing mitigation techniques and prioritization of updates for highly targeted software:

  • Adobe Flash use-after-free and memory corruption vulnerabilities (CVE-2015-5119, CVE-2015-5122, CVE-2015-5123) Adobe Flash Player contains critical vulnerabilities within the ActionScript 3 ByteArray, opaqueBackground and BitmapData classes. Exploitation of these vulnerabilities could allow a remote attacker to execute arbitrary code on a vulnerable system.
  • Microsoft Windows Adobe Type Manager privilege escalation vulnerability (CVE-2015-2387)
    The Adobe Type Manager module contains a memory corruption vulnerability, which can allow an attacker to obtain system privileges on an affected Windows system. The Adobe Type Manager is a Microsoft Windows component present in every version since NT 4.0. The primary impact of exploiting this vulnerability is local privilege escalation.

Vulnerability Chaining

By convincing a user to visit a website or open a file containing specially crafted Flash content, an attacker could combine any one of the three Adobe Flash vulnerabilities with the Microsoft Windows vulnerability to take full control of an affected system.

A common attack vector for exploiting a Flash vulnerability is to entice a user to load Flash content in a web browser, and most web browsers have Flash installed and enabled. A second attack vector for Flash vulnerabilities is through a file (such as an email attachment) that embeds Flash content. Another technique leverages Object Linking and Embedding (OLE) capabilities in Microsoft Office documents to automatically download Flash content from a remote server.

An attacker who is able to execute arbitrary code through the Flash vulnerability could exploit the Adobe Type Manager vulnerability to gain elevated system privileges. The Adobe Type Manager vulnerability allows the attacker to bypass sandbox defenses (such as those found in Adobe Reader and Google Chrome) and low integrity protections (such as Protected Mode Internet Explorer and Protected View for Microsoft Office).

Impact

The Adobe Flash vulnerabilities can allow a remote attacker to execute arbitrary code. Exploitation of the Adobe Type Manager vulnerability could then allow the attacker to execute code with system privileges.

Solution

Since attackers regularly target widely deployed, Internet-accessible software such as Adobe Flash and Microsoft Windows, it is important to prioritize updates for these products to defend against known vulnerabilities.

Since attackers regularly discover new vulnerabilities for which updates do not exist, it is important to enable exploit mitigation and other defensive techniques.

Apply Security Updates

The Adobe Flash vulnerabilities (CVE-2015-5119, CVE-2015-5122, CVE-2015-5123) are addressed in Adobe Security Bulletins APSB15-16 and APSB15-18. Users are encouraged to review the Bulletins and apply the necessary updates.

The Microsoft Windows Adobe Type Manager vulnerability (CVE-2015-2387) is addressed in Microsoft security Bulletin MS15-077. Users are encouraged to review the Bulletin and apply the necessary updates.

Additional information regarding the vulnerabilities can be found in Vulnerability Notes VU#561288, VU#338736, VU#918568, and VU#103336.

Limit Flash Content

Do not run untrusted Flash content. Most web browsers have Flash enabled by default, however, it may be possible to enable click-to-play features. For information see  http://www.howtogeek.com/188059/how-to-enable-click-to-play-plugins-in-every-web-browser/

Use the Microsoft Enhanced Mitigation Experience Toolkit (EMET)

EMET can be used to help prevent exploitation of the Flash vulnerabilities. In particular, Attack Surface Reduction (ASR) can be configured to help restrict Microsoft Office and Internet Explorer from loading the Flash ActiveX control. See the following link for additional information: http://www.microsoft.com/en-us/download/details.aspx?id=46366

References

Revision History

  • July 14, 2015: Initial Release

This product is provided subject to this Notification and this Privacy & Use policy.

Microsoft Releases July 2015 Security Bulletin

Original release date: July 14, 2015

Microsoft has released 14 updates to address vulnerabilities in Microsoft Windows. Exploitation of some of these vulnerabilities could allow remote code execution or elevation of privileges.

US-CERT encourages users and administrators to review Microsoft Security Bulletins MS15-058 and MS15-065 through MS15-077 and apply the necessary updates.


This product is provided subject to this Notification and this Privacy & Use policy.

Adobe Releases Security Update for Shockwave Player

Original release date: July 14, 2015

Adobe has released a security update to address critical vulnerabilities in Shockwave Player for Windows and Macintosh. Exploitation of these vulnerabilities could allow an attacker to take control of an affected system.

Users and administrators are encouraged to review Adobe Security Bulletin APSB15-17 and apply the necessary update.


This product is provided subject to this Notification and this Privacy & Use policy.