Category Archives: US-CERT

US-CERT Alerts – Alerts warn about vulnerabilities, incidents, and other security issues that pose a significant risk.

OpenSSL Patches Multiple Vulnerabilities

Original release date: June 12, 2015

OpenSSL has released updates addressing multiple vulnerabilities, one of which allows a remote attacker to downgrade vulnerable TLS connections to 512-bit export-grade cryptography—an attack known as Logjam (CVE-2015-4000). Exploitation of some of these vulnerabilities could allow the attacker to read and modify data passed over the connection.

Updates available include:

  • OpenSSL 1.0.2b for 1.0.2 users
  • OpenSSL 1.0.1n for 1.0.1 users
  • OpenSSL 1.0.0s for 1.0.0d (and below) users
  • OpenSSL 0.9.8zg for 0.9.8r (and below) users

Users and administrators are encouraged to review the OpenSSL Security Advisory and apply the necessary updates.


This product is provided subject to this Notification and this Privacy & Use policy.

IC3 Issues Alert on Gift Card Scams

Original release date: June 11, 2015

The Internet Crime Complaint Center (IC3) has released an alert warning consumers of fraud around the resale of gift cards. The secondary gift card market has grown in recent years, and criminal activity has been identified on sites facilitating such exchanges. When purchasing gift cards, look for reputable merchants who will ensure resold cards contain correct balances.

US-CERT encourages consumers to review the IC3 Alert for more details on avoiding gift card fraud and US-CERT Security Tip ST07-001 for information on shopping safely online.


This product is provided subject to this Notification and this Privacy & Use policy.

Cisco IOS XR Denial-of-Service Vulnerability

Original release date: June 11, 2015

Cisco has identified a vulnerability that could allow an unauthenticated remote attacker to cause a denial-of-service condition. The vulnerability is due to improper processing of malformed IPv6 packets carrying extension headers. A Cisco Carrier Routing System 3 (CRS-3) running a version of Cisco IOS XR software prior to 4.2.1 is affected by this vulnerability.

Users and administrators are encouraged to review the Cisco Security Advisory and apply the necessary updates.


This product is provided subject to this Notification and this Privacy & Use policy.

Ubuntu Releases Security Update

Original release date: June 11, 2015

Ubuntu has released 10 security updates to address multiple vulnerabilities affecting Ubuntu 15.04, 14.10, 14.04 LTS, and 12.04 LTS.  Exploitation of one of these vulnerabilities may allow a remote attacker to take control of the affected system.

US-CERT encourages users and administrators to review Ubuntu Security Notices USN-2629-1USN-2630-1, USN-2631-1, USN-2632-1, USN-2633-1, USN-2634-1, USN-2635-1, USN-2636-1, USN-2637-1, and USN-2638-1 and apply the necessary updates.


This product is provided subject to this Notification and this Privacy & Use policy.

VMWare Releases Security Updates for Multiple Products

Original release date: June 09, 2015

VMWare has released four updates to address vulnerabilities in VMWare Workstation, Player, Fusion, and Horizon Client. Exploitation of some of these vulnerabilities could allow denial-of-service condition or remote code execution on the Windows OS running these programs.

Users and administrators are encouraged to review VMWare Security Advisory VMSA-2015-0004 and apply the necessary updates.


This product is provided subject to this Notification and this Privacy & Use policy.

Microsoft Releases June 2015 Security Bulletin

Original release date: June 09, 2015

Microsoft has released eight updates to address vulnerabilities in Microsoft Windows. Exploitation of some of these vulnerabilities could allow remote code execution or elevation of privileges.

US-CERT encourages users and administrators to review Microsoft Security Bulletins MS15-056 through MS15-064 and apply the necessary updates.


This product is provided subject to this Notification and this Privacy & Use policy.

Adobe Releases Security Updates for Flash Player

Original release date: June 09, 2015

Adobe has released security updates to address multiple vulnerabilities in Flash Player for Windows, Macintosh, and Linux. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system.

Users and administrators are encouraged to review Adobe Security Bulletin APSB15-11 and apply the necessary updates.


This product is provided subject to this Notification and this Privacy & Use policy.

SB15-159: Vulnerability Summary for the Week of June 1, 2015

Original release date: June 08, 2015

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0

  • Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9

  • Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
arcserve — arcserve_unified_data_protection Directory traversal vulnerability in Arcserve UDP before 5.0 Update 4 allows remote attackers to obtain sensitive information or cause a denial of service via a crafted file path to the (1) reportFileServlet or (2) exportServlet servlet. 2015-05-29 9.4 CVE-2015-4068
MISC
MISC
CONFIRM
arcserve — arcserve_unified_data_protection The EdgeServiceImpl web service in Arcserve UDP before 5.0 Update 4 allows remote attackers to obtain sensitive credentials via a crafted SOAP request to the (1) getBackupPolicy or (2) getBackupPolicies method. 2015-05-29 7.8 CVE-2015-4069
MISC
MISC
CONFIRM
avm — fritz!box AVM Fritz!Box allows remote attackers to execute arbitrary commands via shell metacharacters in the var:lang parameter to cgi-bin/webcm. 2015-05-29 10.0 CVE-2014-9727
MISC
OSVDB
EXPLOIT-DB
cisco — dta_control_system Cisco DTA Control System (DTACS) 4.0.0.9 and Cisco Headend System Release allow remote attackers to cause a denial of service (CPU and memory consumption, and TCP service outage) via (1) a SYN flood or (2) another type of TCP traffic flood, aka Bug IDs CSCus50642, CSCus50662, CSCus50625, CSCus50657, and CSCus68315. 2015-05-30 7.8 CVE-2015-0744
CISCO
cisco — unified_communications_manager Cisco IP Phone 7861, when firmware from Cisco Unified Communications Manager 10.3(1) is used, allows remote attackers to cause a denial of service via crafted packets, aka Bug ID CSCus81800. 2015-05-29 7.8 CVE-2015-0751
CISCO
cisco — finesse Cisco Finesse 10.5(1) allows remote authenticated users to obtain sensitive information or cause a denial of service (CPU and memory consumption) via a crafted XML document, aka Bug ID CSCut95810. 2015-05-29 7.5 CVE-2015-0754
CISCO
cisco — anyconnect_secure_mobility_client Cisco AnyConnect Secure Mobility Client before 3.1(8009) and 4.x before 4.0(2052) on Linux does not properly implement unspecified internal functions, which allows local users to obtain root privileges via crafted vpnagent options, aka Bug ID CSCus86790. 2015-06-04 7.2 CVE-2015-0761
CISCO
dell — netvault_backup Integer overflow in the libnv6 module in Dell NetVault Backup before 10.0.5 allows remote attackers to execute arbitrary code via crafted template string specifiers in a serialized object, which triggers a heap-based buffer overflow. 2015-05-29 10.0 CVE-2015-4067
MISC
fusionforge — fusionforge The Git plugin for FusionForge before 6.0rc4 allows remote attackers to execute arbitrary code via an unspecified parameter when creating a secondary Git repository. 2015-06-02 10.0 CVE-2015-0850
CONFIRM
DEBIAN
ibm — powervc IBM PowerVC 1.2.0.x through 1.2.0.4, 1.2.1.x through 1.2.1.2, and 1.2.2.x through 1.2.2.2 does not require authentication for the ceilometer NoSQL database, which allows remote attackers to read or write to arbitrary database records, and consequently obtain administrator privileges, via a session on port 27017. 2015-05-30 7.5 CVE-2015-1937
CONFIRM
AIXAPAR
ipsec-tools — ipsec-tools racoon/gssapi.c in IPsec-Tools 0.8.2 allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon crash) via a series of crafted UDP requests. 2015-05-29 7.8 CVE-2015-4047
MISC
SECTRACK
BID
MLIST
MLIST
DEBIAN
FULLDISC
FULLDISC
MISC
milw0rm_project — milw0rm_clone_script SQL injection vulnerability in related.php in Milw0rm Clone Script 1.0 allows remote attackers to execute arbitrary SQL commands via the program parameter. 2015-05-29 7.5 CVE-2015-4137
BID
FULLDISC
MISC
netapp — oncommand_workflow_automation The installer in NetApp OnCommand Workflow Automation before 2.2.1P1 and 3.x before 3.0P1 sets up the Java Debugging Wire Protocol (JDWP) service, which allows remote attackers to execute arbitrary code via unspecified vectors. 2015-05-31 10.0 CVE-2015-3292
CONFIRM
qemu — qemu QEMU does not properly restrict write access to the PCI config space for certain PCI pass-through devices, which mighy allow local x86 HVM guests to gain privileges, cause a denial of service (host crash), obtain sensitive information, or possibly have other unspecified impact via unknown vectors. 2015-06-03 7.2 CVE-2015-4106
CONFIRM
sap — gui Stack-based buffer overflow in the LZC decompression implementation (CsObjectInt::CsDecomprLZC function in vpa106cslzc.cpp) in SAP MaxDB 7.5 and 7.6, Netweaver Application Server ABAP, Netweaver Application Server Java, Netweaver RFC SDK, GUI, RFC SDK, SAPCAR archive tool, and other products allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via unspecified vectors, aka SAP Security Note 2124806, 2121661, 2127995, and 2125316. 2015-06-02 7.5 CVE-2015-2282
BUGTRAQ
MISC
FULLDISC
FULLDISC
MISC
sap — hana_web-based_development_workbench SQL injection vulnerability in SAP HANA Web-based Development Workbench allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Notes 2153892. 2015-06-02 7.5 CVE-2015-4159
FULLDISC
sap — ase_database_platform SQL injection vulnerability in SAP ASE Database Platform allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Notes: 2152278. 2015-06-02 7.5 CVE-2015-4160
FULLDISC
sap — afaria SAP Afaria does not properly restrict access to unspecified functionality, which allows remote attackers to obtain sensitive information, gain privileges, or have other unspecified impact via unknown vectors, SAP Security Note 2155690. 2015-06-02 7.5 CVE-2015-4161
FULLDISC
visual_mining — netcharts_server Directory traversal vulnerability in saveFile.jsp in the development installation in Visual Mining NetChart allows remote attackers to write to arbitrary files via unspecified vectors. 2015-05-29 10.0 CVE-2015-4031
MISC
visual_mining — netcharts_server projectContents.jsp in the Developer tools in Visual Mining NetCharts Server allows remote attackers to rename arbitrary files, and consequently execute them, via unspecified vectors. 2015-05-29 10.0 CVE-2015-4032
MISC
wavelink — terminal_emulation Heap-based buffer overflow in the License Server (LicenseServer.exe) in Wavelink Terminal Emulation (TE) allows remote attackers to execute arbitrary code via a large HTTP header. 2015-05-29 10.0 CVE-2015-4059
MISC
wavelink — connectpro Heap-based buffer overflow in the TermProxy (WLTermProxyService.exe) service in Wavelink ConnectPro allows remote attackers to execute arbitrary code via a large HTTP header. 2015-05-29 10.0 CVE-2015-4060
MISC
wouter_verhelst — nbd The modern style negotiation in Network Block Device (nbd-server) 2.9.22 through 3.3 allows remote attackers to cause a denial of service (root process termination) by (1) closing the connection during negotiation or (2) specifying a name for a non-existent export. 2015-05-29 7.8 CVE-2013-7441
CONFIRM
CONFIRM
MLIST
MLIST
DEBIAN
MLIST
wouter_verhelst — nbd nbd-server.c in Network Block Device (nbd-server) before 3.11 does not properly handle signals, which allows remote attackers to cause a denial of service (deadlock) via unspecified vectors. 2015-05-29 7.8 CVE-2015-0847
CONFIRM
MLIST
DEBIAN
MLIST
xen — xen Xen 3.3.x through 4.5.x does not properly restrict access to PCI MSI mask bits, which allows local x86 HVM guest users to cause a denial of service (unexpected interrupt and host crash) via unspecified vectors. 2015-06-03 7.8 CVE-2015-4104
CONFIRM

Back to top

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
apache — camel XML external entity (XXE) vulnerability in the XML converter setup in converter/jaxp/XmlConverter.java in Apache Camel before 2.13.4 and 2.14.x before 2.14.2 allows remote attackers to read arbitrary files via an external entity in an SAXSource. 2015-06-03 5.0 CVE-2015-0263
CONFIRM
CONFIRM
SECTRACK
REDHAT
apache — camel Multiple XML external entity (XXE) vulnerabilities in builder/xml/XPathBuilder.java in Apache Camel before 2.13.4 and 2.14.x before 2.14.2 allow remote attackers to read arbitrary files via an external entity in an invalid XML (1) String or (2) GenericFile object in an XPath query. 2015-06-03 5.0 CVE-2015-0264
CONFIRM
CONFIRM
SECTRACK
REDHAT
apache — jackrabbit XML external entity (XXE) vulnerability in Apache Jackrabbit before 2.0.6, 2.2.x before 2.2.14, 2.4.x before 2.4.6, 2.6.x before 2.6.6, 2.8.x before 2.8.1, and 2.10.x before 2.10.1 allows remote attackers to read arbitrary files and send requests to intranet servers via a crafted WebDAV request. 2015-05-29 6.4 CVE-2015-1833
EXPLOIT-DB
CONFIRM
BID
CONFIRM
MLIST
apache — sling_api Multiple cross-site scripting (XSS) vulnerabilities in Apache Sling API before 2.2.2 and Apache Sling Servlets Post before 2.1.2 allow remote attackers to inject arbitrary web script or HTML via the URI, related to (1) org/apache/sling/api/servlets/HtmlResponse and (2) org/apache/sling/servlets/post/HtmlResponse. 2015-06-02 4.3 CVE-2015-2944
CONFIRM
JVNDB
JVN
beckwithelectric — m-2001d_digital_tapchanger_control Beckwith Electric M-6200 Digital Voltage Regulator Control with firmware before D-0198V04.07.00, M-6200A Digital Voltage Regulator Control with firmware before D-0228V02.01.07, M-2001D Digital Tapchanger Control with firmware before D-0214V01.10.04, M-6283A Three Phase Digital Capacitor Bank Control with firmware before D-0346V03.00.02, M-6280A Digital Capacitor Bank Control with firmware before D-0254V03.05.05, and M-6280 Digital Capacitor Bank Control do not properly generate TCP initial sequence number (ISN) values, which makes it easier for remote attackers to spoof TCP sessions by predicting an ISN value. 2015-06-05 6.4 CVE-2014-9201
MISC
blue_coat — ssl_visibility_appliance_sv1800_firmware Cross-site request forgery (CSRF) vulnerability in the WebUI component in Blue Coat SSL Visibility Appliance SV800, SV1800, SV2800, and SV3800 3.6.x through 3.8.x before 3.8.4 allows remote attackers to hijack the authentication of administrators. 2015-05-30 4.3 CVE-2015-2852
CERT-VN
CONFIRM
blue_coat — ssl_visibility_appliance_sv1800_firmware Session fixation vulnerability in the WebUI component in Blue Coat SSL Visibility Appliance SV800, SV1800, SV2800, and SV3800 3.6.x through 3.8.x before 3.8.4 allows remote attackers to hijack web sessions by providing a session ID. 2015-05-30 6.8 CVE-2015-2853
CERT-VN
CONFIRM
blue_coat — ssl_visibility_appliance_sv1800_firmware The WebUI component in Blue Coat SSL Visibility Appliance SV800, SV1800, SV2800, and SV3800 3.6.x through 3.8.x before 3.8.4 does not send a restrictive X-Frame-Options HTTP header, which allows remote attackers to conduct clickjacking attacks via vectors involving an IFRAME element. 2015-05-30 4.3 CVE-2015-2854
CERT-VN
CONFIRM
blue_coat — ssl_visibility_appliance_sv1800_firmware The WebUI component in Blue Coat SSL Visibility Appliance SV800, SV1800, SV2800, and SV3800 3.6.x through 3.8.x before 3.8.4 does not set the secure flag for the administrator’s cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session, a different vulnerability than CVE-2015-4138. 2015-05-30 4.3 CVE-2015-2855
CERT-VN
CONFIRM
blue_coat — ssl_visibility_appliance_sv1800_firmware The WebUI component in Blue Coat SSL Visibility Appliance SV800, SV1800, SV2800, and SV3800 3.6.x through 3.8.x before 3.8.4 does not include the HTTPOnly flag in a Set-Cookie header for the administrator’s cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie, a different vulnerability than CVE-2015-2855. 2015-05-30 4.3 CVE-2015-4138
CERT-VN
CONFIRM
cisco — headend_digital_broadband_delivery_system CRLF injection vulnerability in the HTTP Header Handler in Digital Broadband Delivery System in Cisco Headend System Release allows remote attackers to inject arbitrary HTTP headers, and conduct HTTP response splitting attacks or cross-site scripting (XSS) attacks, via a crafted request, aka Bug ID CSCur25580. 2015-05-30 4.3 CVE-2015-0733
CISCO
cisco — headend_digital_broadband_delivery_system Cisco Headend System Release allows remote attackers to cause a denial of service (DHCP and TFTP outage) via a flood of crafted UDP traffic, aka Bug ID CSCus04097. 2015-05-30 5.0 CVE-2015-0743
CISCO
cisco — headend_digital_broadband_delivery_system Cisco Headend System Release allows remote attackers to read temporary script files or archive files, and consequently obtain sensitive information, via a crafted header in an HTTP request, aka Bug ID CSCus44909. 2015-05-30 5.0 CVE-2015-0745
CISCO
cisco — videoscape_conductor Cisco Conductor for Videoscape 3.0 and Cisco Headend System Release allow remote attackers to inject arbitrary cookies via a crafted HTTP request, aka Bug ID CSCuh25408. 2015-05-30 4.3 CVE-2015-0747
CISCO
cisco — telepresence_video_communication_server Cross-site scripting (XSS) vulnerability in Cisco TelePresence Video Communication Server (VCS) X8.5.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCut27635. 2015-05-29 4.3 CVE-2015-0752
CISCO
cisco — unified_web_and_e-mail_interaction_manager SQL injection vulnerability in Cisco Unified Email Interaction Manager (EIM) and Unified Web Interaction Manager (WIM) 9.0(2) allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuu30028. 2015-05-29 6.8 CVE-2015-0753
CISCO
cisco — anyconnect_secure_mobility_client The Posture module for Cisco Identity Services Engine (ISE), as distributed in Cisco AnyConnect Secure Mobility Client 4.0(64), allows local users to gain privileges via unspecified commands, aka Bug ID CSCut05797. 2015-05-29 6.8 CVE-2015-0755
CISCO
cisco — wireless_lan_controller Cisco Wireless LAN Controller (WLC) devices with software 7.4(1.1) allow remote attackers to cause a denial of service (wireless-networking outage) via crafted TCP traffic on the local network, aka Bug ID CSCug67104. 2015-05-29 6.1 CVE-2015-0756
CISCO
cisco — identity_services_engine_software The web framework in Cisco Identity Services Engine (ISE) 1.2(1.901) and 1.3(0.722) does not properly implement session handlers, which allows remote attackers to obtain sensitive information by reading web pages, as demonstrated by MnT reports, aka Bug ID CSCuq23140. 2015-05-29 5.0 CVE-2015-0757
CISCO
cisco — unified_meetingplace The web-based user interface in Cisco Unified MeetingPlace 8.6(1.9) allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka Bug ID CSCus97452. 2015-05-30 4.0 CVE-2015-0758
CISCO
cisco — headend_digital_broadband_delivery_system Cross-site request forgery (CSRF) vulnerability in Cisco Headend Digital Broadband Delivery System allows remote attackers to hijack the authentication of arbitrary users. 2015-06-02 6.8 CVE-2015-0759
CISCO
cisco — adaptive_security_appliance_software The IKEv1 implementation in Cisco ASA Software 7.x, 8.0.x, 8.1.x, and 8.2.x before 8.2.2.13 allows remote authenticated users to bypass XAUTH authentication via crafted IKEv1 packets, aka Bug ID CSCus47259. 2015-06-04 4.0 CVE-2015-0760
CISCO
cisco — unified_meetingplace Cross-site scripting (XSS) vulnerability in the management interface in Cisco Unified MeetingPlace 8.6(1.2) and 8.6(1.9) for Microsoft Outlook allows remote attackers to inject arbitrary web script or HTML via a crafted value in a URL, aka Bug ID CSCuu51400. 2015-06-04 4.3 CVE-2015-0762
CISCO
cisco — unified_meetingplace Cisco Unified MeetingPlace 8.6(1.2) does not properly validate session IDs in http URLs, which allows remote attackers to obtain sensitive session information via a crafted URL, aka Bug ID CSCuu60338. 2015-06-04 5.0 CVE-2015-0763
CISCO
cisco — unified_meetingplace Cisco Unified MeetingPlace 8.6(1.9) allows remote attackers to read arbitrary files via a crafted resource request, aka Bug ID CSCus95603. 2015-06-04 5.0 CVE-2015-0764
CISCO
cisco — ons_15454_system_software Cisco ONS 15454 System Software 10.30 and 10.301 allows remote attackers to cause a denial of service (tNetTask CPU consumption or card reset) via a flood of (1) IP or (2) Ethernet traffic, aka Bug ID CSCus57263. 2015-06-04 5.0 CVE-2015-0765
CISCO
cisco — firesight_system_software Multiple cross-site scripting (XSS) vulnerabilities in the administrative web interface in the Management Center component in Cisco FireSIGHT System Software 6.0.0 allow remote attackers to inject arbitrary web script or HTML via unspecified fields, aka Bug IDs CSCus93566, CSCut31557, and CSCut47196. 2015-06-04 4.3 CVE-2015-0766
CISCO
djangoproject — django The session.flush function in the cached_db backend in Django 1.8.x before 1.8.2 does not properly flush the session, which allows remote attackers to hijack user sessions via an empty string in the session key. 2015-06-02 5.0 CVE-2015-3982
CONFIRM
emc — rsa_web_threat_detection Cross-site request forgery (CSRF) vulnerability in EMC RSA Web Threat Detection before 5.1 allows remote attackers to hijack the authentication of arbitrary users. 2015-06-05 6.8 CVE-2015-0541
BUGTRAQ
f21 — jwt JWT.php in F21 JWT before 2.0 allows remote attackers to bypass signature verification via crafted tokens. 2015-06-05 5.0 CVE-2015-2951
CONFIRM
JVNDB
JVN
hp — smart_zero_core Unspecified vulnerability in Easy Setup Wizard in HP ThinPro Linux 4.1 through 5.1 and Smart Zero Core 4.3 and 4.4 allows local users to bypass intended access restrictions and gain privileges via unknown vectors. 2015-06-05 6.8 CVE-2015-2124
HP
ibm — infosphere_master_data_management_server Unspecified vulnerability in the Reference Data Management component in IBM InfoSphere Master Data Management 10.1, 11.0, 11.3 before FP3, and 11.4 allows remote authenticated users to gain privileges via unknown vectors. 2015-06-02 6.5 CVE-2015-1945
CONFIRM
ids — nc854 Directory traversal vulnerability in the NC854 and NC856 modules for IDS RTU 850C devices allows remote authenticated users to read arbitrary files via unspecified vectors involving an internal web server, as demonstrated by reading a TELNET credentials file. 2015-05-31 6.8 CVE-2015-3939
MISC
moodle — moodle mod/lti/ajax.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 does not consider the moodle/course:manageactivities and mod/lti:addinstance capabilities before proceeding with registered-tool list searches, which allows remote authenticated users to obtain sensitive information via requests to the LTI Ajax service. 2015-06-01 4.0 CVE-2015-0211
CONFIRM
MLIST
CONFIRM
moodle — moodle Multiple cross-site request forgery (CSRF) vulnerabilities in (1) editcategories.html and (2) editcategories.php in the Glossary module in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allow remote attackers to hijack the authentication of unspecified victims. 2015-06-01 6.8 CVE-2015-0213
CONFIRM
MLIST
CONFIRM
moodle — moodle message/externallib.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allows remote authenticated users to bypass a messaging-disabled setting via a web-services request, as demonstrated by a people-search request. 2015-06-01 4.0 CVE-2015-0214
CONFIRM
MLIST
CONFIRM
moodle — moodle calendar/externallib.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allows remote authenticated users to obtain sensitive calendar-event information via a web-services request. 2015-06-01 4.0 CVE-2015-0215
CONFIRM
MLIST
CONFIRM
moodle — moodle filter/mediaplugin/filter.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allows remote authenticated users to cause a denial of service (CPU consumption or partial outage) via a crafted string that is matched against an improper regular expression. 2015-06-01 6.8 CVE-2015-0217
CONFIRM
MLIST
CONFIRM
moodle — moodle Cross-site request forgery (CSRF) vulnerability in auth/shibboleth/logout.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allows remote attackers to hijack the authentication of arbitrary users for requests that trigger a logout. 2015-06-01 6.8 CVE-2015-0218
CONFIRM
MLIST
CONFIRM
moodle — moodle Directory traversal vulnerability in the min_get_slash_argument function in lib/configonlylib.php in Moodle through 2.5.9, 2.6.x before 2.6.8, 2.7.x before 2.7.5, and 2.8.x before 2.8.3 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the file parameter, as demonstrated by reading PHP scripts. 2015-06-01 6.8 CVE-2015-1493
CONFIRM
MLIST
MLIST
CONFIRM
CONFIRM
moodle — moodle message/index.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 does not consider the moodle/site:readallmessages capability before accessing arbitrary conversations, which allows remote authenticated users to obtain sensitive personal-contact and unread-message-count information via a modified URL. 2015-06-01 4.0 CVE-2015-2266
CONFIRM
MLIST
CONFIRM
moodle — moodle mdeploy.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 allows remote authenticated users to bypass intended access restrictions and extract archives to arbitrary directories via a crafted dataroot value. 2015-06-01 4.0 CVE-2015-2267
CONFIRM
MLIST
CONFIRM
moodle — moodle filter/urltolink/filter.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 allows remote authenticated users to cause a denial of service (CPU consumption or partial outage) via a crafted string that is matched against an improper regular expression. 2015-06-01 6.8 CVE-2015-2268
CONFIRM
MLIST
CONFIRM
moodle — moodle lib/moodlelib.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4, when the theme uses the blocks-regions feature, establishes the course state at an incorrect point in the login-validation process, which allows remote attackers to obtain sensitive course information via unspecified vectors. 2015-06-01 4.3 CVE-2015-2270
CONFIRM
MLIST
CONFIRM
moodle — moodle tag/user.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 does not consider the moodle/tag:flag capability before proceeding with a flaginappropriate action, which allows remote authenticated users to bypass intended access restrictions via the “Flag as inappropriate” feature. 2015-06-01 4.0 CVE-2015-2271
CONFIRM
MLIST
CONFIRM
moodle — moodle login/token.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 allows remote authenticated users to bypass a forced-password-change requirement by creating a web-services token. 2015-06-01 4.0 CVE-2015-2272
CONFIRM
MLIST
CONFIRM
moodle — moodle Multiple open redirect vulnerabilities in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving an error page that links to a URL from an HTTP Referer header. 2015-06-01 5.8 CVE-2015-3175
CONFIRM
MLIST
CONFIRM
moodle — moodle The account-confirmation feature in login/confirm.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 allows remote attackers to obtain sensitive full-name information by attempting to self-register. 2015-06-01 4.3 CVE-2015-3176
CONFIRM
MLIST
CONFIRM
moodle — moodle lib/navigationlib.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 allows remote authenticated users to obtain sensitive course-structure information by leveraging access to a student account with a suspended enrolment. 2015-06-01 4.0 CVE-2015-3180
CONFIRM
MLIST
CONFIRM
moodle — moodle files/externallib.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 does not consider the moodle/user:manageownfiles capability before approving a private-file upload, which allows remote authenticated users to bypass intended file-management restrictions by using web services to perform uploads after this capability has been revoked. 2015-06-01 4.0 CVE-2015-3181
CONFIRM
MLIST
CONFIRM
moxa — softcms Stack-based buffer overflow in the OpenForIPCamTest method in the RTSPVIDEO.rtspvideoCtrl.1 (aka SStreamVideo) ActiveX control in Moxa SoftCMS before 1.3 allows remote attackers to execute arbitrary code via the StrRtspPath parameter. 2015-06-05 6.8 CVE-2015-1000
MISC
MISC
open_explorer_beta_project — open_explorer_beta Directory traversal vulnerability in the Brandon Bowles Open Explorer application before 0.254 Beta for Android allows remote attackers to write to arbitrary files via a crafted filename. 2015-06-05 6.4 CVE-2015-2950
JVNDB
MISC
JVN
paloaltonetworks — pan-os XML external entity (XXE) vulnerability in the management interface in PAN-OS before 5.0.16, 6.x before 6.0.8, and 6.1.x before 6.1.4 allows remote authenticated administrators to obtain sensitive information via crafted XML data. 2015-06-02 4.0 CVE-2015-4162
CONFIRM
parityrate — roomcloud Multiple cross-site scripting (XSS) vulnerabilities in roomcloud.php in the Roomcloud plugin before 1.3 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) pin, (2) start_day, (3) start_month, (4) start_year, (5) end_day, (6) end_month, (7) end_year, (8) lang, (9) adults, or (10) children parameter. 2015-05-29 4.3 CVE-2015-3904
CONFIRM
CONFIRM
BID
FULLDISC
MISC
rockwellautomation — rsview32 Rockwell Automation RSView32 7.60.00 (aka CPR9 SR4) and earlier does not properly encrypt credentials, which allows local users to obtain sensitive information by reading a file and conducting a decryption attack. 2015-05-31 4.9 CVE-2015-1010
MISC
MISC
sap — gui The LZH decompression implementation (CsObjectInt::BuildHufTree function in vpa108csulzh.cpp) in SAP MaxDB 7.5 and 7.6, Netweaver Application Server ABAP, Netweaver Application Server Java, Netweaver RFC SDK, GUI, RFC SDK, SAPCAR archive tool, and other products allows context-dependent attackers to cause a denial of service (out-of-bounds read) via unspecified vectors, related to look-ups of non-simple codes, aka SAP Security Note 2124806, 2121661, 2127995, and 2125316. 2015-06-02 5.0 CVE-2015-2278
BUGTRAQ
MISC
FULLDISC
FULLDISC
MISC
sap — hana The grant.xsfunc application in testApps/grantAccess/ in the XS Engine in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote authenticated users to spoof log entries via a crafted request, aka SAP Security Note 2109818. 2015-05-29 4.0 CVE-2015-3994
BUGTRAQ
MISC
FULLDISC
MISC
sap — hana SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote authenticated users to read arbitrary files via an IMPORT FROM SQL statement, aka SAP Security Note 2109565. 2015-05-29 4.0 CVE-2015-3995
BUGTRAQ
MISC
FULLDISC
MISC
sap — content_server SAP Content Server allows remote attackers to cause a denial of service (service termination) via unspecified vectors, aka SAP Security Note 2127995. 2015-06-02 5.0 CVE-2015-4157
FULLDISC
sap — netweaver_abap_application_server SAP ABAP & Java Server allows remote attackers to cause a denial of service (service termination) via unspecified vectors, aka SAP Security Note 2121661. 2015-06-02 5.0 CVE-2015-4158
FULLDISC
sendio — sendio Sendio before 7.2.4 includes the session identifier in URLs in emails, which allows remote attackers to obtain sensitive information and hijack sessions by reading the jsessionid parameter in the Referrer HTTP header. 2015-06-02 5.0 CVE-2014-0999
CONFIRM
BUGTRAQ
EXPLOIT-DB
FULLDISC
MISC
sendio — sendio The Web interface in Sendio before 7.2.4 does not properly handle sessions, which allows remote authenticated users to obtain sensitive information from other users’ sessions via a large number of request. 2015-06-02 4.0 CVE-2014-8391
EXPLOIT-DB
CONFIRM
BUGTRAQ
FULLDISC
MISC
sensiolabs — symfony FragmentListener in the HttpKernel component in Symfony 2.3.19 through 2.3.28, 2.4.9 through 2.4.10, 2.5.4 through 2.5.11, and 2.6.0 through 2.6.7, when ESI or SSI support enabled, does not check if the _controller attribute is set, which allows remote attackers to bypass URL signing and security rules by including (1) no hash or (2) an invalid hash in a request to /_fragment. 2015-06-02 4.3 CVE-2015-4050
DEBIAN
CONFIRM
synology — cloud_station client_chown in the sync client in Synology Cloud Station 1.1-2291 through 3.1-3320 on OS X allows local users to change the ownership of arbitrary files, and consequently obtain root access, by specifying a filename. 2015-05-30 6.8 CVE-2015-2851
CONFIRM
CERT-VN
thycotic — password_manager_secret_server The Thycotic Password Manager Secret Server application through 2.3 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. 2015-06-02 5.8 CVE-2015-4094
MISC
wpmembership — wpmembership The WP Membership plugin 1.2.3 for WordPress allows remote authenticated users to gain administrator privileges via an iv_membership_update_user_settings action to wp-admin/admin-ajax.php. 2015-06-03 6.5 CVE-2015-4038
BUGTRAQ
BUGTRAQ
MISC
xen — xen Xen 3.3.x through 4.5.x does not properly restrict write access to the host MSI message data field, which allows local x86 HVM guest administrators cause a denial of service (host interrupt handling confusion) via vectors related to qemu and accessing spanning multiple fields. 2015-06-03 4.9 CVE-2015-4103
CONFIRM
xen — xen Xen 3.3.x through 4.5.x enables logging for PCI MSI-X pass-through error messages, which allows local x86 HVM guests to cause a denial of service (host disk consumption) via certain invalid operations. 2015-06-03 4.9 CVE-2015-4105
CONFIRM
xzeres — 442sr_os Cross-site request forgery (CSRF) vulnerability in XZERES 442SR OS on 442SR wind turbines allows remote attackers to hijack the authentication of admins for requests that select a different default admin user via a GET request. 2015-06-05 6.8 CVE-2015-3950
MISC
zenphoto — zenphoto Cross-site scripting (XSS) vulnerability in the image processor in Zenphoto before 1.4.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2015-05-31 4.3 CVE-2015-2948
CONFIRM
JVNDB
JVN
zenphoto — zenphoto Cross-site scripting (XSS) vulnerability in ZenPhoto20 1.1.3 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2015-05-31 4.3 CVE-2015-2949
JVNDB
JVN
zeromq — zeromq libzmq before 4.0.6 and 4.1.x before 4.1.1 allows remote attackers to conduct downgrade attacks and bypass ZMPT v3 protocol security mechanisms via a ZMTP v2 or earlier header. 2015-06-03 4.3 CVE-2014-9721
CONFIRM
CONFIRM
DEBIAN

Back to top

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
gnu — parallel GNU Parallel before 20150422, when using (1) –pipe, (2) –tmux, (3) –cat, (4) –fifo, or (5) –compress, allows local users to write to arbitrary files via a symlink attack on a temporary file. 2015-06-02 3.6 CVE-2015-4155
MLIST
MLIST
gnu — parallel GNU Parallel before 20150522 (Nepal), when using (1) –cat or (2) –fifo with –sshlogin, allows local users to write to arbitrary files via a symlink attack on a temporary file. 2015-06-02 3.6 CVE-2015-4156
SUSE
MLIST
MLIST
ibm — rational_doors_next_generation IBM Rational Requirements Composer 3.0 through 3.0.1.6 and 4.0 through 4.0.7 and Rational DOORS Next Generation (RDNG) 4.0 through 4.0.7 and 5.0 through 5.0.2, when LTPA single sign on is used with WebSphere Application Server, do not terminate a Requirements Management (RM) session upon LTPA token expiration, which allows remote attackers to obtain access by leveraging an unattended workstation. 2015-05-30 3.7 CVE-2015-0121
CONFIRM
ibm — business_process_manager Cross-site scripting (XSS) vulnerability in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, and 8.5.x through 8.5.5.0 and WebSphere Lombardi Edition (WLE) 7.2.x through 7.2.0.5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL that triggers an error condition. 2015-05-30 3.5 CVE-2015-0193
CONFIRM
AIXAPAR
ibm — websphere_commerce IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x before 7.0.0.8 IF2 allows local users to obtain sensitive database information via unspecified vectors. 2015-05-29 2.1 CVE-2015-0200
CONFIRM
AIXAPAR
AIXAPAR
moodle — moodle Cross-site scripting (XSS) vulnerability in course/pending.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted course summary. 2015-06-01 3.5 CVE-2015-0212
CONFIRM
MLIST
CONFIRM
moodle — moodle access.php in the Lesson module in Moodle 2.8.x before 2.8.2 does not set the RISK_XSS bit for graders, which allows remote authenticated users to conduct cross-site scripting (XSS) attacks via crafted essay feedback. 2015-06-01 3.5 CVE-2015-0216
CONFIRM
MLIST
CONFIRM
moodle — moodle Multiple cross-site scripting (XSS) vulnerabilities in lib/javascript-static.js in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 allow remote authenticated users to inject arbitrary web script or HTML via a (1) alt or (2) title attribute in an IMG element. 2015-06-01 3.5 CVE-2015-2269
CONFIRM
MLIST
CONFIRM
moodle — moodle Cross-site scripting (XSS) vulnerability in mod/quiz/report/statistics/statistics_question_table.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 allows remote authenticated users to inject arbitrary web script or HTML by leveraging the student role for a crafted quiz response. 2015-06-01 3.5 CVE-2015-2273
CONFIRM
MLIST
CONFIRM
moodle — moodle mod/quiz/db/access.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 does not set the RISK_XSS bit for graders, which allows remote authenticated users to conduct cross-site scripting (XSS) attacks via crafted gradebook feedback during manual quiz grading. 2015-06-01 3.5 CVE-2015-3174
CONFIRM
MLIST
CONFIRM
moodle — moodle Moodle 2.8.x before 2.8.6 does not consider the tool/monitor:subscribe capability before entering subscriptions to site-wide event-monitor rules, which allows remote authenticated users to obtain sensitive information via a subscription request. 2015-06-01 3.5 CVE-2015-3177
CONFIRM
MLIST
CONFIRM
moodle — moodle Cross-site scripting (XSS) vulnerability in the external_format_text function in lib/externallib.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 allows remote authenticated users to inject arbitrary web script or HTML into an external application via a crafted string that is visible to web services. 2015-06-01 3.5 CVE-2015-3178
CONFIRM
MLIST
CONFIRM
moodle — moodle login/confirm.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 allows remote authenticated users to bypass intended login restrictions by leveraging access to an unconfirmed suspended account. 2015-06-01 3.5 CVE-2015-3179
CONFIRM
MLIST
CONFIRM

Back to top

 


This product is provided subject to this Notification and this Privacy & Use policy.

SB15-152: Vulnerability Summary for the Week of May 25, 2015

Original release date: June 01, 2015

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0

  • Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9

  • Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
apple — iphone_os CoreText in Apple iOS 8.x through 8.3 allows remote attackers to cause a denial of service (reboot and messaging disruption) via crafted Unicode text that is not properly handled during display truncation in the Notifications feature, as demonstrated by Arabic characters in (1) an SMS message or (2) a WhatsApp message. 2015-05-27 7.8 CVE-2015-1157
MISC
MISC
MISC
MISC
MISC
MISC
MISC
arubanetworks — clearpass_policy_manager Aruba Networks ClearPass Policy Manager (CPPM) before 6.5.0 allows remote administrators to execute arbitrary code via unspecified vectors. 2015-05-28 9.0 CVE-2014-6628
CONFIRM
arubanetworks — clearpass_policy_manager Directory traversal vulnerability in Aruba Networks ClearPass Policy Manager (CPPM) before 6.4.5 allows remote administrators to execute arbitrary files via unspecified vectors. 2015-05-28 9.0 CVE-2015-1550
CONFIRM
bomgar — remote_support Bomgar Remote Support before 15.1.1 allows remote attackers to execute arbitrary PHP code via crafted serialized data to unspecified PHP scripts. 2015-05-25 7.5 CVE-2015-0935
CERT-VN
cisco — telepresence_tc_software Cisco TelePresence T, TelePresence TE, and TelePresence TC before 7.1 do not properly implement access control, which allows remote attackers to obtain root privileges by sending packets on the local network and allows physically proximate attackers to obtain root privileges via unspecified vectors, aka Bug ID CSCub67651. 2015-05-24 8.3 CVE-2014-2174
CISCO
cisco — telepresence_advanced_media_gateway The web framework in Cisco TelePresence Advanced Media Gateway Series Software before 1.1(1.40), Cisco TelePresence IP Gateway Series Software, Cisco TelePresence IP VCR Series Software before 3.0(1.27), Cisco TelePresence ISDN Gateway Software before 2.2(1.94), Cisco TelePresence MCU Software before 4.4(3.54) and 4.5 before 4.5(1.45), Cisco TelePresence MSE Supervisor Software before 2.3(1.38), Cisco TelePresence Serial Gateway Series Software before 1.0(1.42), Cisco TelePresence Server Software for Hardware before 3.1(1.98), and Cisco TelePresence Server Software for Virtual Machine before 4.1(1.79) allows remote authenticated users to execute arbitrary commands with root privileges via unspecified vectors, aka Bug IDs CSCul55968, CSCur08993, CSCur15803, CSCur15807, CSCur15825, CSCur15832, CSCur15842, CSCur15850, and CSCur15855. 2015-05-24 9.0 CVE-2015-0713
CISCO
cisco — telepresence_tc_software The network drivers in Cisco TelePresence T, Cisco TelePresence TE, and Cisco TelePresence TC before 7.3.2 allow remote attackers to cause a denial of service (process restart or device reload) via a flood of crafted IP packets, aka Bug ID CSCuj68952. 2015-05-24 7.8 CVE-2015-0722
CISCO
h-fj — mt-phpincgi mt-phpincgi.php in Hajime Fujimoto mt-phpincgi before 2015-05-15 does not properly restrict URLs, which allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted request, as exploited in the wild in May 2015. 2015-05-25 7.5 CVE-2015-2945
CONFIRM
JVNDB
JVN
hp — loadrunner Buffer overflow in HP LoadRunner 11.52 allows remote attackers to execute arbitrary code via unspecified vectors. 2015-05-25 10.0 CVE-2015-2110
HP
hp — sitescope Unspecified vulnerability in HP SiteScope 11.1x before 11.13, 11.2x before 11.24.391, and 11.3x before 11.30.521 allows remote authenticated users to gain privileges via unknown vectors, aka ZDI-CAN-2567. 2015-05-25 8.7 CVE-2015-2120
HP
hp — network_virtualization HP Network Virtualization for LoadRunner and Performance Center 8.61 and 11.52 allows remote attackers to read arbitrary files via a crafted filename in a URL to the (1) HttpServlet or (2) NetworkEditorController component, aka ZDI-CAN-2569. 2015-05-25 7.8 CVE-2015-2121
HP
MISC
hp — sdn_van_controller The REST layer on HP SDN VAN Controller devices 2.5 and earlier allows remote attackers to cause a denial of service via network traffic to the REST port. 2015-05-25 7.8 CVE-2015-2122
HP
hp — nonstop_safeguard_security Unspecified vulnerability in HP NonStop Safeguard Security Software H06.x, L15.02, and J06.x before J06.19 allows remote authenticated users to gain privileges by leveraging Expand access. 2015-05-25 9.0 CVE-2015-2123
HP
ibm — tivoli_storage_manager_fastback Buffer overflow in the FastBackMount process in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.11.1 has unspecified impact and remote attack vectors. 2015-05-25 7.5 CVE-2015-0120
CONFIRM
ibm — security_siteprotector_system IBM Security SiteProtector System 3.0 before 3.0.0.7, 3.1 before 3.1.0.4, and 3.1.1 before 3.1.1.2 allows remote authenticated users to execute arbitrary commands with SYSTEM privileges via unspecified vectors. 2015-05-25 9.0 CVE-2015-0160
CONFIRM
ibm — tivoli_storage_manager_fastback Stack-based buffer overflow in the FastBackMount process in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.11.1 allows remote attackers to execute arbitrary code via unspecified vectors. 2015-05-24 10.0 CVE-2015-1896
CONFIRM
ibm — websphere_portal IBM WebSphere Portal 8.5 through CF05 allows remote attackers to cause a denial of service (CPU consumption) via unspecified vectors. 2015-05-24 7.8 CVE-2015-1899
CONFIRM
AIXAPAR
icu_project — international_components_for_unicode The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) before 55.1 does not properly track directionally isolated pieces of text, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly execute arbitrary code via crafted text. 2015-05-25 7.5 CVE-2014-8146
CERT-VN
MISC
MLIST
CONFIRM
icu_project — international_components_for_unicode The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) before 55.1 uses an integer data type that is inconsistent with a header file, which allows remote attackers to cause a denial of service (incorrect malloc followed by invalid free) or possibly execute arbitrary code via crafted text. 2015-05-25 7.5 CVE-2014-8147
CERT-VN
MISC
MLIST
CONFIRM
linux — linux_kernel The __driver_rfc4106_decrypt function in arch/x86/crypto/aesni-intel_glue.c in the Linux kernel before 3.19.3 does not properly determine the memory locations used for encrypted data, which allows context-dependent attackers to cause a denial of service (buffer overflow and system crash) or possibly execute arbitrary code by triggering a crypto API call, as demonstrated by use of a libkcapi test program with an AF_ALG(aead) socket. 2015-05-27 9.3 CVE-2015-3331
CONFIRM
CONFIRM
MLIST
CONFIRM
CONFIRM
moxa — vport_activex_sdk_plus Multiple stack-based buffer overflows in Moxa VPort ActiveX SDK Plus before 2.8 allow remote attackers to insert assembly-code lines via vectors involving a regkey (1) set or (2) get command. 2015-05-26 7.5 CVE-2015-0986
MISC
CONFIRM
reflex_gallery_project — reflex_gallery Unrestricted file upload vulnerability in admin/scripts/FileUploader/php.php in the ReFlex Gallery plugin before 3.1.4 for WordPress allows remote attackers to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via a direct request to the file in uploads/ directory. 2015-05-28 7.5 CVE-2015-4133
CONFIRM
EXPLOIT-DB
MISC
MISC
MISC
OSVDB
sap — sap_netweaver_application_server_java XML external entity (XXE) vulnerability in SAP NetWeaver AS Java allows remote attackers to send TCP requests to intranet servers or possibly have other unspecified impact via an XML request, related to “CIM UPLOAD,” aka SAP Security Note 2090851. 2015-05-26 7.5 CVE-2015-4091
MISC
sap — afaria Buffer overflow in the XComms process in SAP Afaria 7.00.6620.2 SP5 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted request, aka SAP Security Note 2153690. 2015-05-26 7.5 CVE-2015-4092
MISC
wireshark — wireshark The dissect_lbmr_pser function in epan/dissectors/packet-lbmr.c in the LBMR dissector in Wireshark 1.12.x before 1.12.5 does not reject a zero length, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. 2015-05-26 7.8 CVE-2015-3808
CONFIRM
CONFIRM
CONFIRM
wireshark — wireshark The dissect_lbmr_pser function in epan/dissectors/packet-lbmr.c in the LBMR dissector in Wireshark 1.12.x before 1.12.5 does not properly track the current offset, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. 2015-05-26 7.8 CVE-2015-3809
CONFIRM
CONFIRM
CONFIRM
wireshark — wireshark epan/dissectors/packet-websocket.c in the WebSocket dissector in Wireshark 1.12.x before 1.12.5 uses a recursive algorithm, which allows remote attackers to cause a denial of service (CPU consumption) via a crafted packet. 2015-05-26 7.8 CVE-2015-3810
CONFIRM
CONFIRM
CONFIRM
wireshark — wireshark Multiple memory leaks in the x11_init_protocol function in epan/dissectors/packet-x11.c in the X11 dissector in Wireshark 1.10.x before 1.10.14 and 1.12.x before 1.12.5 allow remote attackers to cause a denial of service (memory consumption) via a crafted packet. 2015-05-26 7.8 CVE-2015-3812
CONFIRM
CONFIRM
CONFIRM

Back to top

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
arubanetworks — clearpass_policy_manager Cross-site scripting (XSS) vulnerability in Aruba Networks ClearPass Policy Manager (CPPM) before 6.4.5 allows remote attackers to inject arbitrary web script or HTML via the username parameter to tips/tipsLoginSubmit.action. 2015-05-28 4.3 CVE-2015-1389
MISC
CONFIRM
FULLDISC
arubanetworks — clearpass_policy_manager Multiple SQL injection vulnerabilities in Aruba Networks ClearPass Policy Manager (CPPM) before 6.4.5 allow remote administrators to execute arbitrary SQL commands via unspecified vectors. 2015-05-28 6.5 CVE-2015-1392
CONFIRM
arubanetworks — clearpass_policy_manager Directory traversal vulnerability in Aruba Networks ClearPass Policy Manager (CPPM) before 6.4.4 allows remote administrators to read arbitrary files via unspecified vectors. 2015-05-28 4.0 CVE-2015-1551
CONFIRM
barracuda — web_filter Barracuda Web Filter before 8.1.0.005, when SSL Inspection is enabled, does not verify X.509 certificates from upstream SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. 2015-05-25 4.3 CVE-2015-0961
CERT-VN
CONFIRM
CONFIRM
CONFIRM
barracuda — web_filter Barracuda Web Filter 7.x and 8.x before 8.1.0.005, when SSL Inspection is enabled, uses the same root Certification Authority certificate across different customers’ installations, which makes it easier for remote attackers to conduct man-in-the-middle attacks against SSL sessions by leveraging the certificate’s trust relationship. 2015-05-25 4.3 CVE-2015-0962
CERT-VN
CONFIRM
CONFIRM
CONFIRM
church_admin_project — church_admin Cross-site scripting (XSS) vulnerability in the church_admin plugin before 0.810 for WordPress allows remote attackers to inject arbitrary web script or HTML via the address parameter, as demonstrated by a request to index.php/2015/05/21/church_admin-registration-form/. 2015-05-28 4.3 CVE-2015-4127
CONFIRM
EXPLOIT-DB
OSVDB
MISC
cisco — hosted_collaboration_solution The administrative web interface in Cisco Hosted Collaboration Solution (HCS) 10.6(1) and earlier allows remote authenticated users to execute arbitrary commands via crafted input to unspecified fields, aka Bug ID CSCut02786. 2015-05-22 6.5 CVE-2015-0750
CISCO
coppermine-gallery — coppermine_photo_gallery Open redirect vulnerability in mode.php in Coppermine Photo Gallery before 1.5.36 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the referer parameter. 2015-05-27 5.8 CVE-2015-3922
MISC
CONFIRM
emc — document_sciences_xpression SQL injection vulnerability in the xAdmin interface in EMC Document Sciences xPression 4.2 before P44 and 4.5 SP1 before P03 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. 2015-05-25 6.5 CVE-2015-0540
BUGTRAQ
emerson — ams_device_manager SQL injection vulnerability in Emerson AMS Device Manager before 13 allows remote authenticated users to gain privileges via malformed input. 2015-05-25 6.5 CVE-2015-1008
MISC
CONFIRM
free-counter — free_counter Cross-site scripting (XSS) vulnerability in the Free Counter plugin 1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the value_ parameter in a check_stat action to wp-admin/admin-ajax.php. 2015-05-28 4.3 CVE-2015-4084
BUGTRAQ
gigpress_project — gigpress Multiple SQL injection vulnerabilities in admin/handlers.php in the GigPress plugin before 2.3.9 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the (1) show_artist_id or (2) show_venue_id parameter in an add action in the gigpress.php page to wp-admin/admin.php. 2015-05-27 6.5 CVE-2015-4066
CONFIRM
EXPLOIT-DB
BID
MISC
hp — access_control Unspecified vulnerability in the Secure Pull Print and Security Pull Print components in HP Access Control (AC) Software 12.x through 14.x before 14.1.2 allows remote authenticated users to obtain sensitive information via unknown vectors. 2015-05-25 4.0 CVE-2015-2118
HP
ibm — endpoint_manager_family Cross-site request forgery (CSRF) vulnerability in the login page in IBM License Metric Tool 9 before 9.1.0.2 and Endpoint Manager for Software Use Analysis 9 before 9.1.0.2 allows remote attackers to hijack the authentication of arbitrary users via vectors involving a FRAME element. 2015-05-25 6.8 CVE-2014-4774
CONFIRM
ibm — endpoint_manager_family IBM License Metric Tool 9 before 9.1.0.2 and Endpoint Manager for Software Use Analysis 9 before 9.1.0.2 do not send an X-Frame-Options HTTP header in response to requests for the login page, which allows remote attackers to conduct clickjacking attacks via vectors involving a FRAME element. 2015-05-25 4.3 CVE-2014-4778
CONFIRM
ibm — workload_deployer The log viewer in IBM Workload Deployer 3.1 before 3.1.0.7 allows remote attackers to obtain sensitive information via a direct request for the URL of a log document. 2015-05-25 5.0 CVE-2014-6190
CONFIRM
ibm — endpoint_manager_family Common Inventory Technology (CIT) before 2.7.0.2050 in IBM License Metric Tool 7.2.2, 7.5, and 9; Endpoint Manger for Software Use Analysis 9; and Tivoli Asset Discovery for Distributed 7.2.2 and 7.5 allows remote attackers to cause a denial of service (CPU consumption or application crash) via a crafted XML query, a different vulnerability than CVE-2014-8927. 2015-05-25 5.0 CVE-2014-8926
CONFIRM
ibm — endpoint_manager_family Common Inventory Technology (CIT) before 2.7.0.2050 in IBM License Metric Tool 7.2.2, 7.5, and 9; Endpoint Manger for Software Use Analysis 9; and Tivoli Asset Discovery for Distributed 7.2.2 and 7.5 allows remote attackers to cause a denial of service (CPU consumption or application crash) via a crafted XML query, a different vulnerability than CVE-2014-8926. 2015-05-25 5.0 CVE-2014-8927
CONFIRM
ibm — spss_statistics An unspecified ActiveX control in IBM SPSS Statistics 22.0 through FP1 on 32-bit platforms allows remote attackers to execute arbitrary code via a crafted HTML document. 2015-05-25 6.8 CVE-2015-0140
CONFIRM
ibm — security_siteprotector_system SQL injection vulnerability in IBM Security SiteProtector System 3.0 before 3.0.0.7, 3.1 before 3.1.0.4, and 3.1.1 before 3.1.1.2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. 2015-05-25 6.5 CVE-2015-0161
CONFIRM
ibm — security_siteprotector_system IBM Security SiteProtector System 3.0 before 3.0.0.7, 3.1 before 3.1.0.4, and 3.1.1 before 3.1.1.2 allows remote authenticated users to inject arguments via unspecified vectors. 2015-05-25 4.0 CVE-2015-0169
CONFIRM
ibm — security_siteprotector_system Directory traversal vulnerability in IBM Security SiteProtector System 3.0 before 3.0.0.7, 3.1 before 3.1.0.4, and 3.1.1 before 3.1.1.2 allows remote authenticated users to write to arbitrary files via unspecified vectors. 2015-05-25 5.5 CVE-2015-0171
CONFIRM
ibm — infosphere_information_server The Connector Migration Tool in IBM InfoSphere Information Server 8.1 through 11.3 allows remote authenticated users to bypass intended restrictions on job creation and modification via unspecified vectors. 2015-05-25 5.5 CVE-2015-0180
CONFIRM
AIXAPAR
ibm — optim_workload_replay Cross-site request forgery (CSRF) vulnerability in IBM InfoSphere Optim Workload Replay 2.x before 2.1.0.3 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. 2015-05-24 6.8 CVE-2015-1894
CONFIRM
ibm — optim_workload_replay IBM InfoSphere Optim Workload Replay 2.x before 2.1.0.3 relies on client-side code to verify authorization, which allows remote attackers to bypass intended access restrictions by modifying the client behavior. 2015-05-24 5.0 CVE-2015-1895
CONFIRM
ibm — infosphere_master_data_management_server The XML parser in the Reference Data Management component in the server in IBM InfoSphere Master Data Management (MDM) 10.1 before IF1, 11.0 before FP3, 11.3, and 11.4 before FP2 allows remote attackers to read arbitrary files, and consequently obtain administrative access, via an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. 2015-05-24 5.0 CVE-2015-1909
CONFIRM
ibm — sterling_field_sales Cross-site scripting (XSS) vulnerability in Sterling Order Management 8.5 before HF113, Sterling Selling and Fulfillment Foundation 9.0.0 before FP92, and Sterling Field Sales (SFS) 9.0 before HF7 in IBM Sterling Selling and Fulfillment Suite allows remote attackers to inject arbitrary web script or HTML via a crafted URL. 2015-05-24 4.3 CVE-2015-1911
CONFIRM
ibm — endpoint_manager_family The Endpoint Manager for Remote Control component in IBM Tivoli Endpoint Manager for Lifecycle Management 9.0.1 before IF6 and 9.1.0 before IF6 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. 2015-05-24 4.3 CVE-2015-1915
CONFIRM
AIXAPAR
ibm — websphere_portal Open redirect vulnerability in IBM WebSphere Portal 8.0.0 before 8.0.0.1 CF17 and 8.5.0 before CF06 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL. 2015-05-24 6.4 CVE-2015-1921
CONFIRM
AIXAPAR
landing_pages_project — landing_pages SQL injection vulnerability in modules/module.ab-testing.php in the Landing Pages plugin before 1.8.5 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the post parameter in an edit delete-variation action to wp-admin/post.php. 2015-05-27 6.5 CVE-2015-4064
CONFIRM
EXPLOIT-DB
BID
MISC
linux — linux_kernel The Btrfs implementation in the Linux kernel before 3.19 does not ensure that the visible xattr state is consistent with a requested replacement, which allows local users to bypass intended ACL settings and gain privileges via standard filesystem operations (1) during an xattr-replacement time window, related to a race condition, or (2) after an xattr-replacement attempt that fails because the data does not fit. 2015-05-27 6.9 CVE-2014-9710
CONFIRM
CONFIRM
MLIST
CONFIRM
linux — linux_kernel include/net/netfilter/nf_conntrack_extend.h in the netfilter subsystem in the Linux kernel before 3.14.5 uses an insufficiently large data type for certain extension data, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via outbound network traffic that triggers extension loading, as demonstrated by configuring a PPTP tunnel in a NAT environment. 2015-05-27 4.9 CVE-2014-9715
CONFIRM
CONFIRM
MLIST
CONFIRM
MLIST
CONFIRM
linux — linux_kernel Stack-based buffer overflow in the get_matching_model_microcode function in arch/x86/kernel/cpu/microcode/intel_early.c in the Linux kernel before 4.0 allows context-dependent attackers to gain privileges by constructing a crafted microcode header and leveraging root privileges for write access to the initrd. 2015-05-27 6.9 CVE-2015-2666
CONFIRM
CONFIRM
MLIST
CONFIRM
linux — linux_kernel A certain backport in the TCP Fast Open implementation for the Linux kernel before 3.18 does not properly maintain a count value, which allow local users to cause a denial of service (system crash) via the Fast Open feature, as demonstrated by visiting the chrome://flags/#enable-tcp-fast-open URL when using certain 3.10.x through 3.16.x kernel builds, including longterm-maintenance releases and ckt (aka Canonical Kernel Team) builds. 2015-05-27 4.9 CVE-2015-3332
CONFIRM
CONFIRM
MLIST
MLIST
linux — linux_kernel Race condition in the prepare_binprm function in fs/exec.c in the Linux kernel before 3.19.6 allows local users to gain privileges by executing a setuid program at a time instant when a chown to root is in progress, and the ownership is changed but the setuid bit is not yet stripped. 2015-05-27 6.2 CVE-2015-3339
CONFIRM
CONFIRM
MLIST
CONFIRM
CONFIRM
mit — kerberos The kdcpreauth modules in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.2 do not properly track whether a client’s request has been validated, which allows remote attackers to bypass an intended preauthentication requirement by providing (1) zero bytes of data or (2) an arbitrary realm name, related to plugins/preauth/otp/main.c and plugins/preauth/pkinit/pkinit_srv.c. 2015-05-25 5.8 CVE-2015-2694
CONFIRM
CONFIRM
newstatpress_project — newstatpress SQL injection vulnerability in includes/nsp_search.php in the NewStatPress plugin before 0.9.9 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the where1 parameter in the nsp_search page to wp-admin/admin.php. 2015-05-27 6.5 CVE-2015-4062
CONFIRM
EXPLOIT-DB
BID
MISC
ocf — sxf_common_library Stack-based buffer overflow in the Open CAD Format Council SXF common library before 3.30 allows remote attackers to execute arbitrary code via a crafted CAD file. 2015-05-25 6.8 CVE-2015-2946
CONFIRM
JVNDB
JVN
CONFIRM
osisoft — pi_server OSIsoft PI AF 2.6 and 2.7 and PI SQL for AF 2.1.2.19 do not ensure that the PI SQL (AF) Trusted Users group lacks the Everyone account, which allows remote authenticated users to bypass intended command restrictions via SQL statements. 2015-05-25 6.5 CVE-2015-1013
MISC
CONFIRM
phpmyadmin — phpmyadmin Multiple cross-site request forgery (CSRF) vulnerabilities in the setup process in phpMyAdmin 4.0.x before 4.0.10.10, 4.2.x before 4.2.13.3, 4.3.x before 4.3.13.1, and 4.4.x before 4.4.6.1 allow remote attackers to hijack the authentication of administrators for requests that modify the configuration file. 2015-05-26 6.8 CVE-2015-3902
CONFIRM
CONFIRM
phpmyadmin — phpmyadmin libraries/Config.class.php in phpMyAdmin 4.0.x before 4.0.10.10, 4.2.x before 4.2.13.3, 4.3.x before 4.3.13.1, and 4.4.x before 4.4.6.1 disables X.509 certificate verification for GitHub API calls over SSL, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. 2015-05-26 4.3 CVE-2015-3903
CONFIRM
CONFIRM
phpwind — phpwind Open redirect vulnerability in goto.php in phpwind 8.7 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter. 2015-05-28 5.8 CVE-2015-4134
MISC
FULLDISC
MISC
phpwind — phpwind Cross-site scripting (XSS) vulnerability in goto.php in phpwind 8.7 allows remote attackers to inject arbitrary web script or HTML via the url parameter. 2015-05-28 4.3 CVE-2015-4135
MISC
FULLDISC
MISC
postgresql — postgresql Double free vulnerability in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 allows remote attackers to cause a denial of service (crash) by closing an SSL session at a time when the authentication timeout will expire during the session shutdown sequence. 2015-05-28 4.3 CVE-2015-3165
UBUNTU
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
DEBIAN
DEBIAN
wireshark — wireshark epan/dissectors/packet-wcp.c in the WCP dissector in Wireshark 1.10.x before 1.10.14 and 1.12.x before 1.12.5 improperly refers to previously processed bytes, which allows remote attackers to cause a denial of service (application crash) via a crafted packet, a different vulnerability than CVE-2015-2188. 2015-05-26 5.0 CVE-2015-3811
CONFIRM
CONFIRM
CONFIRM
wireshark — wireshark The fragment_add_work function in epan/reassemble.c in the packet-reassembly feature in Wireshark 1.12.x before 1.12.5 does not properly determine the defragmentation state in a case of an insufficient snapshot length, which allows remote attackers to cause a denial of service (memory consumption) via a crafted packet. 2015-05-26 5.0 CVE-2015-3813
CONFIRM
CONFIRM
CONFIRM
wireshark — wireshark The (1) dissect_tfs_request and (2) dissect_tfs_response functions in epan/dissectors/packet-ieee80211.c in the IEEE 802.11 dissector in Wireshark 1.10.x before 1.10.14 and 1.12.x before 1.12.5 interpret a zero value as a length rather than an error condition, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. 2015-05-26 5.0 CVE-2015-3814
CONFIRM
CONFIRM
CONFIRM
wireshark — wireshark The detect_version function in wiretap/logcat.c in the Android Logcat file parser in Wireshark 1.12.x before 1.12.5 does not check the length of the payload, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a packet with a crafted payload, as demonstrated by a length of zero, a different vulnerability than CVE-2015-3906. 2015-05-26 5.0 CVE-2015-3815
CONFIRM
CONFIRM
MISC
CONFIRM
wireshark — wireshark The logcat_dump_text function in wiretap/logcat.c in the Android Logcat file parser in Wireshark 1.12.x before 1.12.5 does not properly handle a lack of termination, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted message in a packet, a different vulnerability than CVE-2015-3815. 2015-05-26 5.0 CVE-2015-3906
CONFIRM
CONFIRM
CONFIRM

Back to top

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
arubanetworks — clearpass_policy_manager Multiple cross-site scripting (XSS) vulnerabilities in Aruba Networks ClearPass Policy Manager (CPPM) before 6.4.5 allow remote administrators to inject arbitrary web script or HTML via unspecified vectors. 2015-05-28 3.5 CVE-2015-4132
CONFIRM
coppermine-gallery — coppermine_photo_gallery Cross-site scripting (XSS) vulnerability in contact.php in Coppermine Photo Gallery before 1.5.36 allows remote authenticated users to inject arbitrary web script or HTML via the referer parameter. 2015-05-27 3.5 CVE-2015-3921
MISC
CONFIRM
ibm — curam_social_program_management Cross-site scripting (XSS) vulnerability in IBM Curam Social Program Management 6.0 SP2 before EP26, 6.0.4 before 6.0.4.5 iFix10, 6.0.5 before 6.0.5.6, and 6.0.5.5a before 6.0.5.8 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. 2015-05-25 3.5 CVE-2014-6192
CONFIRM
ibm — business_process_manager Cross-site scripting (XSS) vulnerability in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, and 8.5.x through 8.5.6.0 and WebSphere Lombardi Edition (WLE) 7.2.x through 7.2.0.5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. 2015-05-25 3.5 CVE-2015-0156
CONFIRM
AIXAPAR
AIXAPAR
ibm — security_siteprotector_system Cross-site scripting (XSS) vulnerability in IBM Security SiteProtector System 3.0 before 3.0.0.7, 3.1 before 3.1.0.4, and 3.1.1 before 3.1.1.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. 2015-05-25 3.5 CVE-2015-0168
CONFIRM
ibm — security_siteprotector_system IBM Security SiteProtector System 3.0 before 3.0.0.7, 3.1 before 3.1.0.4, and 3.1.1 before 3.1.1.2 allows local users to obtain sensitive information by reading cached data. 2015-05-25 2.1 CVE-2015-0170
CONFIRM
ibm — infosphere_master_data_management_server Cross-site scripting (XSS) vulnerability in the Reference Data Management component in the server in IBM InfoSphere Master Data Management (MDM) 10.1 before IF1, 11.0 before FP3, and 11.3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. 2015-05-24 3.5 CVE-2015-1910
CONFIRM
landing_pages_project — landing_pages Cross-site scripting (XSS) vulnerability in shared/shortcodes/inbound-shortcodes.php in the Landing Pages plugin before 1.8.5 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the post parameter to wp-admin/post-new.php. 2015-05-27 3.5 CVE-2015-4065
CONFIRM
EXPLOIT-DB
BID
MISC
linux — linux_kernel arch/x86/kernel/entry_64.S in the Linux kernel before 3.19.2 does not prevent the TS_COMPAT flag from reaching a user-mode task, which might allow local users to bypass the seccomp or audit protection mechanism via a crafted application that uses the (1) fork or (2) close system call, as demonstrated by an attack against seccomp before 3.16. 2015-05-27 1.9 CVE-2015-2830
CONFIRM
CONFIRM
MLIST
CONFIRM
CONFIRM
linux — linux_kernel The ndisc_router_discovery function in net/ipv6/ndisc.c in the Neighbor Discovery (ND) protocol implementation in the IPv6 stack in the Linux kernel before 3.19.6 allows remote attackers to reconfigure a hop-limit setting via a small hop_limit value in a Router Advertisement (RA) message. 2015-05-27 3.3 CVE-2015-2922
CONFIRM
CONFIRM
MLIST
CONFIRM
CONFIRM
newstatpress_project — newstatpress Cross-site scripting (XSS) vulnerability in includes/nsp_search.php in the NewStatPress plugin before 0.9.9 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the where1 parameter in the nsp_search page to wp-admin/admin.php. 2015-05-27 3.5 CVE-2015-4063
CONFIRM
EXPLOIT-DB
BID
MISC

Back to top


This product is provided subject to this Notification and this Privacy & Use policy.

SB15-145: Vulnerability Summary for the Week of May 18, 2015

Original release date: May 25, 2015

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0

  • Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9

  • Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
cisco — unified_communications_manager Cisco Unified Communications Manager 10.0(1.10000.12) allows local users to gain privileges via a command string in an unspecified parameter, aka Bug ID CSCut19546. 2015-05-16 7.2 CVE-2015-0717
CISCO
dell — sonicwall_analyzer The GMS ViewPoint (GMSVP) web application in Dell Sonicwall GMS, Analyzer, and UMA EM5000 before 7.2 SP4 allows remote authenticated users to execute arbitrary commands via vectors related to configuration. 2015-05-20 9.0 CVE-2015-3990
CONFIRM
MISC
docker — docker Libcontainer and Docker Engine before 1.6.1 opens the file-descriptor passed to the pid-1 process before performing the chroot, which allows local users to gain privileges via a symlink attack in an image. 2015-05-18 7.2 CVE-2015-3627
CONFIRM
FULLDISC
MISC
docker — libcontainer Libcontainer 1.6.0, as used in Docker Engine, allows local users to escape containerization (“mount namespace breakout”) and write to arbitrary file on the host system via a symlink attack in an image when respawning a container. 2015-05-18 7.2 CVE-2015-3629
CONFIRM
FULLDISC
MISC
docker — docker Docker Engine before 1.6.1 uses weak permissions for (1) /proc/asound, (2) /proc/timer_stats, (3) /proc/latency_stats, and (4) /proc/fs, which allows local users to modify the host, obtain sensitive information, and perform protocol downgrade attacks via a crafted image. 2015-05-18 7.2 CVE-2015-3630
CONFIRM
FULLDISC
MISC
gns3 — gns3 Untrusted search path vulnerability in GNS3 before 1.2.3 allows local users to gain privileges via a Trojan horse uuid.dll in an unspecified directory. 2015-05-18 7.2 CVE-2015-2667
MISC
google — chrome common/partial_circular_buffer.cc in Google Chrome before 43.0.2357.65 does not properly handle wraps, which allows remote attackers to bypass a sandbox protection mechanism or cause a denial of service (out-of-bounds write) via vectors that trigger a write operation with a large amount of data, related to the PartialCircularBuffer::Write and PartialCircularBuffer::DoWrite functions. 2015-05-20 7.5 CVE-2015-1252
CONFIRM
CONFIRM
CONFIRM
google — chrome core/html/parser/HTMLConstructionSite.cpp in the DOM implementation in Blink, as used in Google Chrome before 43.0.2357.65, allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code that appends a child to a SCRIPT element, related to the insert and executeReparentTask functions. 2015-05-20 7.5 CVE-2015-1253
CONFIRM
CONFIRM
CONFIRM
google — chrome Use-after-free vulnerability in the SVG implementation in Blink, as used in Google Chrome before 43.0.2357.65, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document that leverages improper handling of a shadow tree for a use element. 2015-05-20 7.5 CVE-2015-1256
CONFIRM
CONFIRM
CONFIRM
CONFIRM
google — chrome platform/graphics/filters/FEColorMatrix.cpp in the SVG implementation in Blink, as used in Google Chrome before 43.0.2357.65, does not properly handle an insufficient number of values in an feColorMatrix filter, which allows remote attackers to cause a denial of service (container overflow) or possibly have unspecified other impact via a crafted document. 2015-05-20 7.5 CVE-2015-1257
CONFIRM
CONFIRM
CONFIRM
CONFIRM
google — chrome Google Chrome before 43.0.2357.65 relies on libvpx code that was not built with an appropriate –size-limit value, which allows remote attackers to trigger a negative value for a size field, and consequently cause a denial of service or possibly have unspecified other impact, via a crafted frame size in VP9 video data. 2015-05-20 7.5 CVE-2015-1258
CONFIRM
CONFIRM
CONFIRM
google — chrome PDFium, as used in Google Chrome before 43.0.2357.65, does not properly initialize memory, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. 2015-05-20 7.5 CVE-2015-1259
CONFIRM
CONFIRM
google — chrome Multiple use-after-free vulnerabilities in content/renderer/media/user_media_client_impl.cc in the WebRTC implementation in Google Chrome before 43.0.2357.65 allow remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that executes upon completion of a getUserMedia request. 2015-05-20 7.5 CVE-2015-1260
CONFIRM
CONFIRM
CONFIRM
google — chrome platform/fonts/shaping/HarfBuzzShaper.cpp in Blink, as used in Google Chrome before 43.0.2357.65, does not initialize a certain width field, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted Unicode text. 2015-05-20 7.5 CVE-2015-1262
CONFIRM
CONFIRM
CONFIRM
google — chrome Multiple unspecified vulnerabilities in Google Chrome before 43.0.2357.65 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. 2015-05-20 7.5 CVE-2015-1265
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
google — chrome Multiple unspecified vulnerabilities in Google V8 before 4.3.61.21, as used in Google Chrome before 43.0.2357.65, allow attackers to cause a denial of service or possibly have other impact via unknown vectors. 2015-05-20 7.5 CVE-2015-3910
CONFIRM
hancom — hanword_viewer_2007 Integer overflow in the HwpApp::CHncSDS_Manager function in Hancom Office HanWord processor, as used in Hwp 2014 VP before 9.1.0.2342, HanWord Viewer 2007 and Viewer 2010 8.5.6.1158, and HwpViewer 2014 VP 9.1.0.2186, allows remote attackers to cause a denial of service (crash) and possibly “influence the program’s execution flow” via a document with a large paragraph size, which triggers heap corruption. 2015-05-15 7.5 CVE-2015-2810
BUGTRAQ
huawei — e587_mobile_wifi_firmware Huawei E587 Mobile WiFi with firmware before 11.203.30.00.00 allows remote attackers to bypass authentication, change configurations, send messages, and cause a denial of service (device restart) via unspecified vectors. 2015-05-21 9.0 CVE-2015-3911
BID
CONFIRM
ibm — domino Stack-based buffer overflow in IBM Domino 8.5 before 8.5.3 FP6 IF7 and 9.0 before 9.0.1 FP3 IF3 allows remote attackers to execute arbitrary code via a crafted BMP image, aka SPR KLYH9TSMLA. 2015-05-20 10.0 CVE-2015-1902
CONFIRM
ibm — domino Stack-based buffer overflow in IBM Domino 8.5 before 8.5.3 FP6 IF7 and 9.0 before 9.0.1 FP3 IF3 allows remote attackers to execute arbitrary code via a crafted BMP image, aka SPR KLYH9TSN3Y. 2015-05-20 10.0 CVE-2015-1903
CONFIRM
ibm — websphere_application_server IBM WebSphere Application Server (WAS) 6.1 through 6.1.0.47, 7.0 before 7.0.0.39, 8.0 before 8.0.0.11, and 8.5 before 8.5.5.6 allows remote attackers to execute arbitrary code by sending crafted instructions in a management-port session. 2015-05-19 10.0 CVE-2015-1920
CONFIRM
AIXAPAR
infocus — in3128hd_firmware The InFocus IN3128HD projector with firmware 0.26 allows remote attackers to bypass authentication via a direct request to main.html. 2015-05-18 10.0 CVE-2014-8383
MISC
FULLDISC
MISC
infocus — in3128hd_firmware The InFocus IN3128HD projector with firmware 0.26 does not restrict access to cgi-bin/webctrl.cgi.elf, which allows remote attackers to modify the DHCP server and device IP configuration, reboot the device, change the device name, and have other unspecified impact via a crafted request. 2015-05-18 9.4 CVE-2014-8384
MISC
FULLDISC
MISC
kcodes — netusb Stack-based buffer overflow in the run_init_sbus function in the KCodes NetUSB module for the Linux kernel, as used in certain NETGEAR products, TP-LINK products, and other products, allows remote attackers to execute arbitrary code by providing a long computer name in a session on TCP port 20005. 2015-05-20 10.0 CVE-2015-3036
CERT-VN
MISC
MISC
libuv_project — libuv libuv before 0.10.34 does not properly drop group privileges, which allows context-dependent attackers to gain privileges via unspecified vectors. 2015-05-18 10.0 CVE-2015-0278
FEDORA
CONFIRM
CONFIRM
CONFIRM
MANDRIVA
CONFIRM
module-signature_project — module-signature Module::Signature before 0.74 allows remote attackers to execute arbitrary shell commands via a crafted SIGNATURE file which is not properly handled when generating checksums from a signed manifest. 2015-05-19 10.0 CVE-2015-3408
CONFIRM
CONFIRM
MLIST
MLIST
UBUNTU
module-signature_project — module-signature Untrusted search path vulnerability in Module::Signature before 0.75 allows local users to gain privileges via a Trojan horse module under the current working directory, as demonstrated by a Trojan horse Text::Diff module. 2015-05-19 7.2 CVE-2015-3409
CONFIRM
CONFIRM
MLIST
MLIST
UBUNTU
oscmax — oscmax Multiple SQL injection vulnerabilities in the admin panel in osCMax before 2.5.1 allow (1) remote attackers to execute arbitrary SQL commands via the username parameter in a process action to admin/login.php or (2) remote administrators to execute arbitrary SQL commands via the status parameter to admin/stats_monthly_sales.php or (3) country parameter in a process action to admin/create_account_process.php. 2015-05-20 7.5 CVE-2012-1665
MISC
OSVDB
OSVDB
OSVDB
CONFIRM
CONFIRM
BUGTRAQ
powerdns — authoritative The label decompression functionality in PowerDNS Recursor 3.5.x, 3.6.x before 3.6.3, and 3.7.x before 3.7.2 and Authoritative (Auth) Server 3.2.x, 3.3.x before 3.3.2, and 3.4.x before 3.4.4 allows remote attackers to cause a denial of service (CPU consumption or crash) via a request with a name that refers to itself. 2015-05-18 7.8 CVE-2015-1868
SECTRACK
FEDORA
FEDORA
FEDORA
FEDORA
FEDORA
FEDORA
proftpd — proftpd The mod_copy module in ProFTPD 1.3.5 allows remote attackers to read and write to arbitrary files via the site cpfr and site cpto commands. 2015-05-18 10.0 CVE-2015-3306
EXPLOIT-DB
EXPLOIT-DB
FEDORA
FEDORA
FEDORA
swisscom — centro_grande_(adb)_dsl_firmware The certificate verification functions in the HNDS service in Swisscom Centro Grande (ADB) DSL routers with firmware before 6.14.00 allows remote attackers to access the management functions via unknown vectors. 2015-05-20 10.0 CVE-2015-1188
FULLDISC
unzoo — unzoo Buffer overflow in the EntrReadArch function in unzoo might allow remote attackers to execute arbitrary code via unspecified vectors. 2015-05-19 10.0 CVE-2015-1845
MISC
MLIST
unzoo — unzoo unzoo allows remote attackers to cause a denial of service (infinite loop and resource consumption) via unspecified vectors to the (1) ExtrArch or (2) ListArch function, related to pointer handling. 2015-05-19 7.8 CVE-2015-1846
MISC
MLIST
wpsymposium — wp_symposium SQL injection vulnerability in forum.php in the WP Symposium plugin before 15.4 for WordPress allows remote attackers to execute arbitrary SQL commands via the show parameter in the QUERY_STRING to the default URI. 2015-05-15 7.5 CVE-2015-3325
MISC

Back to top

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
apple — safari The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the “Logjam” issue. 2015-05-20 4.3 CVE-2015-4000
CONFIRM
CONFIRM
MISC
MISC
MISC
MLIST
cacti — cacti SQL injection vulnerability in graph.php in Cacti before 0.8.6f allows remote authenticated users to execute arbitrary SQL commands via the local_graph_id parameter, a different vulnerability than CVE-2007-6035. 2015-05-21 6.5 CVE-2015-0916
MISC
JVNDB
JVN
cisco — wireless_lan_controller_software The wireless web-authentication subsystem on Cisco Wireless LAN Controller (WLC) devices 7.5.x and 7.6.x before 7.6.120 allows remote attackers to cause a denial of service (process crash and device restart) via a crafted value, aka Bug ID CSCum03269. 2015-05-16 6.1 CVE-2015-0723
CISCO
cisco — wireless_lan_controller_software The web administration interface on Cisco Wireless LAN Controller (WLC) devices before 7.0.241, 7.1.x through 7.4.x before 7.4.122, and 7.5.x and 7.6.x before 7.6.120 allows remote authenticated users to cause a denial of service (device crash) via unspecified parameters, aka Bug IDs CSCum65159 and CSCum65252. 2015-05-16 6.8 CVE-2015-0726
CISCO
cisco — secure_access_control_server Cross-site scripting (XSS) vulnerability in Cisco Secure Access Control Server Solution Engine (ACSE) 5.5(0.1) allows remote attackers to inject arbitrary web script or HTML via a file-inclusion attack, aka Bug ID CSCuu11005. 2015-05-16 4.3 CVE-2015-0729
CISCO
cisco — wide_area_application_services The SMB module in Cisco Wide Area Application Services (WAAS) 6.0(1) allows remote attackers to cause a denial of service (module reload) via an invalid field in a Negotiate Protocol request, aka Bug ID CSCuo75645. 2015-05-16 5.0 CVE-2015-0730
CISCO
cisco — ios The ISDN implementation in Cisco IOS 15.3S allows remote attackers to cause a denial of service (device reload) via malformed Q931 SETUP messages, aka Bug ID CSCut37890. 2015-05-15 6.1 CVE-2015-0731
CISCO
cisco — unified_customer_voice_portal Cross-site request forgery (CSRF) vulnerability in Cisco Unified Customer Voice Portal (CVP) 10.5(1) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCut93970. 2015-05-16 6.8 CVE-2015-0735
CISCO
cisco — mediasense Cross-site request forgery (CSRF) vulnerability in Cisco MediaSense 10.5(1) and earlier allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuu16728. 2015-05-15 6.8 CVE-2015-0736
CISCO
cisco — web_security_appliance Cross-site scripting (XSS) vulnerability in the Web Tracking Report page on Cisco Web Security Appliance (WSA) devices 8.5.0-497 allows remote attackers to inject arbitrary web script or HTML via an unspecified field, aka Bug ID CSCuu16008. 2015-05-16 4.3 CVE-2015-0738
CISCO
cisco — firesight_system_software The Lights-Out Management (LOM) implementation in Cisco FireSIGHT System Software 5.3.0 on Sourcefire 3D Sensor devices allows remote authenticated users to perform arbitrary Baseboard Management Controller (BMC) file uploads via unspecified vectors, aka Bug ID CSCus87938. 2015-05-18 4.0 CVE-2015-0739
CISCO
cisco — unified_intelligence_center Cross-site request forgery (CSRF) vulnerability in Cisco Unified Intelligence Center 10.6(1) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCus28826. 2015-05-19 6.8 CVE-2015-0740
CISCO
cisco — hosted_collaboration_solution Multiple cross-site request forgery (CSRF) vulnerabilities in Cisco Prime Central for Hosted Collaboration Solution (PC4HCS) 10.6(1) and earlier allow remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCut04596. 2015-05-21 6.8 CVE-2015-0741
CISCO
cisco — adaptive_security_appliance_software The Protocol Independent Multicast (PIM) application in Cisco Adaptive Security Appliance (ASA) Software 9.2(0.0), 9.2(0.104), 9.2(3.1), 9.2(3.4), 9.3(1.105), 9.3(2.100), 9.4(0.115), 100.13(0.21), 100.13(20.3), 100.13(21.9), and 100.14(1.1) does not properly implement multicast-forwarding registration, which allows remote attackers to cause a denial of service (forwarding outage) via a crafted multicast packet, aka Bug ID CSCus74398. 2015-05-21 5.0 CVE-2015-0742
CISCO
cisco — secure_access_control_server The REST API in Cisco Access Control Server (ACS) 5.5(0.46.2) allows remote attackers to cause a denial of service (API outage) by sending many requests, aka Bug ID CSCut62022. 2015-05-21 5.0 CVE-2015-0746
CISCO
concrete5 — concrete5 Multiple cross-site scripting (XSS) vulnerabilities in concrete5 before 5.7.4 allow remote attackers to inject arbitrary web script or HTML via the (1) banned_word[] parameter to index.php/dashboard/system/conversations/bannedwords/success, (2) channel parameter to index.php/dashboard/reports/logs/view, (3) accessType parameter to index.php/tools/required/permissions/access_entity, (4) msCountry parameter to index.php/dashboard/system/multilingual/setup/load_icon, arHandle parameter to (5) design/submit or (6) design in index.php/ccm/system/dialogs/area/design/submit, (7) pageURL to index.php/dashboard/pages/single, (8) SEARCH_INDEX_AREA_METHOD parameter to index.php/dashboard/system/seo/searchindex/updated, (9) unit parameter to index.php/dashboard/system/optimization/jobs/job_scheduled, (10) register_notification_email parameter to index.php/dashboard/system/registration/open/1, or (11) PATH_INFO to index.php/dashboard/extend/connect/. 2015-05-15 4.3 CVE-2015-2250
CONFIRM
MISC
BUGTRAQ
FULLDISC
MISC
concrete5 — concrete5 Multiple cross-site scripting (XSS) vulnerabilities in concrete5 before 5.7.4 allow remote attackers to inject arbitrary web script or HTML via vectors related to private messages or other unspecified vectors. 2015-05-15 4.3 CVE-2015-3989
CONFIRM
dcraw_project — dcraw Integer overflow in the ljpeg_start function in dcraw 7.00 and earlier allows remote attackers to cause a denial of service (crash) via a crafted image, which triggers a buffer overflow, related to the len variable. 2015-05-19 4.3 CVE-2015-3885
MISC
CONFIRM
CONFIRM
BID
BUGTRAQ
feedwordpress_project — feedwordpress SQL injection vulnerability in feedwordpresssyndicationpage.class.php in the FeedWordPress plugin before 2015.0514 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the link_ids[] parameter in an Update action in the syndication.php page to wp-admin/admin.php. 2015-05-21 6.5 CVE-2015-4018
CONFIRM
FULLDISC
google — chrome Use-after-free vulnerability in the SpeechRecognitionClient implementation in the Speech subsystem in Google Chrome before 43.0.2357.65 allows remote attackers to execute arbitrary code via a crafted document. 2015-05-20 6.8 CVE-2015-1251
CONFIRM
CONFIRM
MISC
google — chrome core/dom/Document.cpp in Blink, as used in Google Chrome before 43.0.2357.65, enables the inheritance of the designMode attribute, which allows remote attackers to bypass the Same Origin Policy by leveraging the availability of editing. 2015-05-20 5.0 CVE-2015-1254
CONFIRM
CONFIRM
CONFIRM
google — chrome Use-after-free vulnerability in content/renderer/media/webaudio_capturer_source.cc in the WebAudio implementation in Google Chrome before 43.0.2357.65 allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact by leveraging improper handling of a stop action for an audio track. 2015-05-20 6.8 CVE-2015-1255
CONFIRM
CONFIRM
CONFIRM
google — chrome android/java/src/org/chromium/chrome/browser/WebsiteSettingsPopup.java in Google Chrome before 43.0.2357.65 on Android does not properly restrict use of a URL’s fragment identifier during construction of a page-info popup, which allows remote attackers to spoof the URL bar or deliver misleading popup content via crafted text. 2015-05-20 5.0 CVE-2015-1261
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
google — chrome The Spellcheck API implementation in Google Chrome before 43.0.2357.65 does not use an HTTPS session for downloading a Hunspell dictionary, which allows man-in-the-middle attackers to deliver incorrect spelling suggestions or possibly have unspecified other impact via a crafted file. 2015-05-20 4.3 CVE-2015-1263
CONFIRM
CONFIRM
CONFIRM
google — chrome Cross-site scripting (XSS) vulnerability in Google Chrome before 43.0.2357.65 allows user-assisted remote attackers to inject arbitrary web script or HTML via crafted data that is improperly handled by the Bookmarks feature. 2015-05-20 4.3 CVE-2015-1264
CONFIRM
CONFIRM
huawei — seq_analyst XML external entity (XXE) in Huawei SEQ Analyst before V200R002C03LG0001CP0022 allows remote authenticated users to read arbitrary files via the req parameter. 2015-05-18 4.0 CVE-2015-2346
FULLDISC
huawei — webui Huawei E355s Mobile WiFi with firmware before 22.158.45.02.625 and WEBUI before 13.100.04.01.625 allows remote attackers to obtain sensitive configuration information by sniffing the network or sending unspecified commands. 2015-05-21 5.0 CVE-2015-3912
BID
CONFIRM
ibm — license_metric_tool The server in IBM License Metric Tool 7.2.2 before IF15 and 7.5 before IF24 and Tivoli Asset Discovery for Distributed 7.2.2 before IF15 and 7.5 before IF24 allows remote attackers to read arbitrary files or send TCP requests to intranet servers via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. 2015-05-20 6.4 CVE-2014-8924
CONFIRM
ibm — websphere_mq The cluster repository manager in IBM WebSphere MQ 7.5 before 7.5.0.5 and 8.0 before 8.0.0.2 allows remote authenticated administrators to cause a denial of service (memory overwrite and daemon outage) by triggering multiple transmit-queue records. 2015-05-20 4.0 CVE-2015-0189
CONFIRM
AIXAPAR
module-signature_project — module-signature Module::Signature before 0.74 allows remote attackers to bypass signature verification for files via a signature file that does not list the files. 2015-05-19 5.0 CVE-2015-3407
CONFIRM
CONFIRM
MLIST
MLIST
UBUNTU
oscmax — oscmax Multiple cross-site scripting (XSS) vulnerabilities in the admin panel in osCMax before 2.5.1 allow remote attackers to inject arbitrary web script or HTML via the (1) username parameter in a process action to admin/login.php; (2) pageTitle, (3) current_product_id, or (4) cPath parameter to admin/new_attributes_include.php; (5) sb_id, (6) sb_key, (7) gc_id, (8) gc_key, or (9) path parameter to admin/htaccess.php; (10) title parameter to admin/information_form.php; (11) search parameter to admin/xsell.php; (12) gross or (13) max parameter to admin/stats_products_purchased.php; (14) status parameter to admin/stats_monthly_sales.php; (15) sorted parameter to admin/stats_customers.php; (16) information_id parameter to /admin/information_manager.php; or (17) zID parameter to /admin/geo_zones.php. 2015-05-20 4.3 CVE-2012-1664
CONFIRM
MISC
OSVDB
OSVDB
OSVDB
OSVDB
OSVDB
OSVDB
OSVDB
OSVDB
OSVDB
OSVDB
CONFIRM
BUGTRAQ
oscmax — oscmax Multiple cross-site request forgery (CSRF) vulnerabilities in the admin panel in osCMax before 2.5.1 allow remote attackers to hijack the authentication of administrators for requests that conduct SQL injection attacks via the (1) status parameter to admin/stats_monthly_sales.php or (2) country parameter in a process action to admin/create_account_process.php. 2015-05-20 6.8 CVE-2012-6691
MISC
CONFIRM
BUGTRAQ
rakus — maildealer Cross-site scripting (XSS) vulnerability in RAKUS MailDealer 11.2.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted attachment filename. 2015-05-21 4.3 CVE-2015-0915
CONFIRM
JVNDB
JVN
realmd_project — realmd realmd allows remote attackers to inject arbitrary configurations in to sssd.conf and smb.conf via a newline character in an LDAP response. 2015-05-18 5.0 CVE-2015-2704
CONFIRM
FEDORA
rockwell — automation_rslinx_classic Stack-based buffer overflow in OPCTest.exe in Rockwell Automation RSLinx Classic before 3.73.00 allows remote attackers to execute arbitrary code via a crafted CSV file. 2015-05-16 6.9 CVE-2014-9204
MISC
MISC
seogento — seogento Cross-site scripting (XSS) vulnerability in the SEOgento plugin for Magento allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. 2015-05-20 4.3 CVE-2012-3243
BID
simple_php_agenda_project — simple_php_agenda Multiple cross-site request forgery (CSRF) vulnerabilities in Simple PHP Agenda 2.2.8 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) add an administrator via a request to auth/process.php, (2) delete an administrator via a request to auth/admin/adminprocess.php, (3) add an event via a request to engine/new_event.php, or (4) delete an event via a request to phpagenda/. 2015-05-21 6.8 CVE-2012-1978
MISC
MISC
MISC
OSVDB
synametrics — xeams Multiple cross-site request forgery (CSRF) vulnerabilities in Synametrics Technologies Xeams 4.5 Build 5755 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) create an SMTP domain or (2) user via a request to /FrontController; or conduct cross-site scripting (XSS) attacks via the (3) domainname parameter to /FrontController, when creating a new SMTP domain configuration; the (4) txtRecipient parameter to /FrontController, when creating a new forwarder; the (5) popFetchServer, (6) popFetchUser, or (7) popFetchRecipient parameter to /FrontController, when creating a new POP3 Fetcher account; or the (8) Smtp HELO domain in the Advanced Server Configuration. 2015-05-20 6.8 CVE-2015-3141
EXPLOIT-DB
MISC
OSVDB
template_cms_project — template_cms Cross-site scripting (XSS) vulnerability in Template CMS 2.1.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the themes_editor parameter an add_template action to admin/index.php. 2015-05-20 4.3 CVE-2012-4901
MISC
BID
OSVDB
template_cms_project — template_cms Multiple cross-site request forgery (CSRF) vulnerabilities in Template CMS 2.1.1 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) create an administrator user via an add action to admin/index.php or (2) conduct static PHP code injection attacks via the themes_editor parameter in an edit_template action to admin/index.php. 2015-05-20 6.8 CVE-2012-4902
MISC
BID
OSVDB
valve — steam The client detection protocol in Valve Steam allows remote attackers to cause a denial of service (process crash) via a crafted response to a broadcast packet. 2015-05-20 5.0 CVE-2015-4016
CONFIRM
MISC
wppa.opajaap — wp-photo-album-plus Multiple cross-site scripting (XSS) vulnerabilities in wppa-ajax-front.php in the WP Photo Album Plus (aka WPPA) plugin before 6.1.3 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) comemail or (2) comname parameter in a wppa do-comment action. 2015-05-21 4.3 CVE-2015-3647
CONFIRM
MISC
BUGTRAQ

Back to top

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
docker — docker Docker Engine before 1.6.1 allows local users to set arbitrary Linux Security Modules (LSM) and docker_t policies via an image that allows volumes to override files in /proc. 2015-05-18 3.6 CVE-2015-3631
CONFIRM
FULLDISC
MISC
ibm — license_metric_tool IBM License Metric Tool 9 before 9.1.0.2 does not have an off autocomplete attribute for authentication fields, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation. 2015-05-20 2.1 CVE-2014-4776
CONFIRM
ibm — websphere_commerce The command-line scripts in IBM WebSphere Commerce 6.0 through 6.0.0.11, 7.0 through 7.0.0.9, and 7.0 Feature Pack 2 through 8, when debugging is configured, do not properly restrict the logging of personal data, which allows local users to obtain sensitive information by reading a log file. 2015-05-19 2.1 CVE-2014-6211
CONFIRM
AIXAPAR
AIXAPAR
openstack — horizon Multiple cross-site scripting (XSS) vulnerabilities in OpenStack Dashboard (Horizon) 2015.1.0 allow remote authenticated users to inject arbitrary web script or HTML via the metadata to a (1) Glance image, (2) Nova flavor or (3) Host Aggregate. 2015-05-19 3.5 CVE-2015-3988
BID
MLIST
MLIST
piriform — ccleaner Piriform CCleaner 3.26.0.1988 through 5.02.5101 writes the filenames to disk when overwriting files, which allows local users to obtain sensitive information by searching unallocated disk space. 2015-05-20 2.1 CVE-2015-3999
BID
FULLDISC
redhat — kexec-tools The Red Hat module-setup.sh script for kexec-tools, as distributed in the kexec-tools before 2.0.7-19 packages in Red Hat Enterprise Linux, allows local users to write to arbitrary files via a symlink attack on a temporary file. 2015-05-19 3.6 CVE-2015-0267
REDHAT
squid-cache — squid Squid 3.2.x before 3.2.14, 3.3.x before 3.3.14, 3.4.x before 3.4.13, and 3.5.x before 3.5.4, when configured with client-first SSL-bump, does not properly validate the domain or hostname fields of X.509 certificates, which allows man-in-the-middle attackers to spoof SSL servers via a valid certificate. 2015-05-18 2.6 CVE-2015-3455
CONFIRM
SECTRACK
MANDRIVA
CONFIRM

Back to top


This product is provided subject to this Notification and this Privacy & Use policy.