Original release date: February 23, 2015
The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.
The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
-
High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0
-
Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9
-
Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9
Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.
High Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| cisco — desktop_collaboration_experience_dx650 | The image-upgrade implementation on Cisco Desktop Collaboration Experience (aka Collaboration Desk Experience or DX) DX650 endpoints allows local users to execute arbitrary OS commands via an unspecified parameter, aka Bug ID CSCus38947. | 2015-02-19 | 7.2 | CVE-2015-0584 |
| cisco — ios | Race condition in the Common Classification Engine (CCE) in the Measurement, Aggregation, and Correlation Engine (MACE) implementation in Cisco IOS 15.4(2)T3 and earlier allows remote attackers to cause a denial of service (device reload) via crafted network traffic that triggers improper handling of the timing of process switching and Cisco Express Forwarding (CEF) switching, aka Bug ID CSCuj96752. | 2015-02-15 | 7.1 | CVE-2015-0609 XF SECTRACK BID |
| cisco — telepresence_mcu_4500_series_software | Cisco TelePresence MCU devices with software 4.5(1.45) allow remote attackers to cause a denial of service (device reload) via an unspecified series of TCP packets, aka Bug ID CSCur50347. | 2015-02-17 | 7.8 | CVE-2015-0621 XF SECTRACK BID |
| cisco — wireless_lan_controller | The Wireless Intrusion Detection (aka WIDS) functionality on Cisco Wireless LAN Controller (WLC) devices allows remote attackers to cause a denial of service (device outage) via crafted packets that are improperly handled during rendering of the Signature Events Summary page, aka Bug ID CSCus46861. | 2015-02-18 | 7.1 | CVE-2015-0622 |
| elasticsearch — elasticsearch | The Groovy scripting engine in Elasticsearch before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to bypass the sandbox protection mechanism and execute arbitrary shell commands via a crafted script. | 2015-02-17 | 7.5 | CVE-2015-1427 XF BID BUGTRAQ MISC |
| emc — documentum_d2 | The Properties service in the D2FS web-service component in EMC Documentum D2 3.1 through SP1, 4.0 and 4.1 before 4.1 P22, and 4.2 before P11 allows remote authenticated users to obtain superuser privileges via an unspecified method call that modifies group permissions. | 2015-02-14 | 9.0 | CVE-2015-0518 XF SECTRACK BID BUGTRAQ |
| google — android | Multiple integer overflows in the GraphicBuffer::unflatten function in platform/frameworks/native/libs/ui/GraphicBuffer.cpp in Android through 5.0 allow attackers to gain privileges or cause a denial of service (memory corruption) via vectors that trigger a large number of (1) file descriptors or (2) integer values. | 2015-02-15 | 10.0 | CVE-2015-1474 CONFIRM |
| infoblox — netmri | Anyterm Daemon in Infoblox Network Automation NetMRI before NETMRI-23483 allows remote attackers to execute arbitrary commands with root privileges via a crafted terminal/anyterm-module request. | 2015-02-20 | 10.0 | CVE-2015-2033 MISC MISC |
| lexmark — markvision_enterprise | Directory traversal vulnerability in the LibraryFileUploadServlet servlet in Lexmark Markvision Enterprise allows remote authenticated users to write to and execute arbitrary files via a .. (dot dot) in a file path in a ZIP archive. | 2015-02-16 | 9.0 | CVE-2014-9375 MISC |
| lg — on-screen_phone | LG On-Screen Phone (OSP) before 4.3.010 allows remote attackers to bypass authorization via a crafted request. | 2015-02-17 | 8.3 | CVE-2014-8757 XF BID BID BUGTRAQ FULLDISC MISC |
| maarch — gec/ged | Unrestricted file upload vulnerability in file_to_index.php in Maarch LetterBox 2.8 and earlier and GEC/GED 1.4 and earlier allows remote attackers to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via a request to a predictable filename in tmp/. | 2015-02-19 | 7.5 | CVE-2015-1587 EXPLOIT-DB MISC OSVDB MISC |
| mit — kerberos | The krb5_gss_process_context_token function in lib/gssapi/krb5/process_context_token.c in the libgssapi_krb5 library in MIT Kerberos 5 (aka krb5) through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 does not properly maintain security-context handles, which allows remote authenticated users to cause a denial of service (use-after-free and double free, and daemon crash) or possibly execute arbitrary code via crafted GSSAPI traffic, as demonstrated by traffic to kadmind. | 2015-02-19 | 9.0 | CVE-2014-5352 CONFIRM CONFIRM |
| mit — kerberos | The auth_gssapi_unwrap_data function in lib/rpc/auth_gssapi_misc.c in MIT Kerberos 5 (aka krb5) through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 does not properly handle partial XDR deserialization, which allows remote authenticated users to cause a denial of service (use-after-free and double free, and daemon crash) or possibly execute arbitrary code via malformed XDR data, as demonstrated by data sent to kadmind. | 2015-02-19 | 9.0 | CVE-2014-9421 CONFIRM CONFIRM |
| motorola — motorola_scanner_sdk | Motorola Scanner SDK uses weak permissions for (1) CoreScanner.exe, (2) rsmdriverproviderservice.exe, and (3) ScannerService.exe, which allows local users to gain privileges via unspecified vectors. | 2015-02-16 | 7.2 | CVE-2015-1496 MISC MISC MISC |
| persistent_systems — radia_client_automation | radexecd.exe in Persistent Systems Radia Client Automation (RCA) 7.9, 8.1, 9.0, and 9.1 allows remote attackers to execute arbitrary commands via a crafted request to TCP port 3465. | 2015-02-16 | 10.0 | CVE-2015-1497 MISC |
| persistent_systems — radia_client_automation | Persistent Systems Radia Client Automation does not properly restrict access to certain request, which allows remote attackers to (1) enumerate user accounts via a getUsers request, (2) assign a role to a user account via a addAssigneesToRole request, (3) remove a role from a user account via a removeAssigneesFromRole request, or other unspecified impact. | 2015-02-16 | 10.0 | CVE-2015-1498 MISC |
| powerpc-utils_project — powerpc-utils | scripts/amsvis/powerpcAMS/amsnet.py in powerpc-utils-python uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object. | 2015-02-19 | 10.0 | CVE-2014-8165 CONFIRM XF BID MLIST |
| samsung — samsung_security_manager | The ActiveMQ Broker in Samsung Security Manager (SSM) before 1.31 allows remote attackers to delete arbitrary files, and consequently cause a denial of service, via a DELETE request. | 2015-02-16 | 8.5 | CVE-2015-1499 XF MISC |
| sixapart — movabletype | Movable Type Pro, Open Source, and Advanced before 5.2.12 and Pro and Advanced 6.0.x before 6.0.7 does not properly use the Perl Storable::thaw function, which allows remote attackers to include and execute arbitrary local Perl files and possibly execute arbitrary code via unspecified vectors. | 2015-02-19 | 7.5 | CVE-2015-1592 XF BID MLIST MLIST |
| softsphere — defensewall_personal_firewall | The dwall.sys driver in SoftSphere DefenseWall Personal Firewall 3.24 allows local users to write data to arbitrary memory locations, and consequently gain privileges, via a crafted 0x00222000, 0x00222004, 0x00222008, 0x0022200c, or 0x00222010 IOCTL call. | 2015-02-19 | 7.2 | CVE-2015-1515 OSVDB EXPLOIT-DB |
Medium Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| adminsystems_cms_project — adminsystems_cms | Multiple cross-site scripting (XSS) vulnerabilities in Adminsystems CMS before 4.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter to index.php or (2) id parameter in a users_users action to asys/site/system.php. | 2015-02-19 | 4.3 | CVE-2015-1603 CONFIRM BID MLIST MLIST MLIST MISC MISC FULLDISC MISC |
| adminsystems_cms_project — adminsystems_cms | Unrestricted file upload vulnerability in asys/site/files.php in Adminsystems CMS before 4.0.2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in upload/files/. | 2015-02-19 | 6.5 | CVE-2015-1604 CONFIRM BID MLIST MLIST MLIST MISC FULLDISC MISC |
| almail — al-mail32 | Directory traversal vulnerability in CREAR AL-Mail32 before 1.13d allows remote attackers to write to arbitrary files via a crafted filename of an attachment. | 2015-02-20 | 5.8 | CVE-2015-0878 |
| almail — al-mail32 | CREAR AL-Mail32 before 1.13d allows remote attackers to cause a denial of service (application crash) via a (1) CON, (2) AUX, or (3) NUL device name in the filename of an attachment. | 2015-02-20 | 4.3 | CVE-2015-0879 |
| almail — al-mail32 | Buffer overflow in CREAR AL-Mail32 before 1.13d allows remote attackers to execute arbitrary code via a long filename of an attachment. | 2015-02-20 | 6.8 | CVE-2015-0880 |
| apache — tomcat | java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat 6.x before 6.0.42, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle attempts to continue reading data after an error has occurred, which allows remote attackers to conduct HTTP request smuggling attacks or cause a denial of service (resource consumption) by streaming data with malformed chunked transfer coding. | 2015-02-15 | 6.4 | CVE-2014-0227 CONFIRM CONFIRM CONFIRM BUGTRAQ |
| apple — cups | Integer underflow in the cupsRasterReadPixels function in filter/raster.c in CUPS before 2.0.2 allows remote attackers to have unspecified impact via a malformed compressed raster file, which triggers a buffer overflow. | 2015-02-19 | 6.8 | CVE-2014-9679 CONFIRM BID MLIST MLIST |
| cisco — adaptive_security_appliance_software | Cisco Adaptive Security Appliance (ASA) Software 9.2(.3) and earlier, when challenge-response authentication is used, does not properly select tunnel groups, which allows remote authenticated users to bypass intended resource-access restrictions via a crafted tunnel-group parameter, aka Bug ID CSCtz48533. | 2015-02-16 | 4.0 | CVE-2014-8023 XF SECTRACK BID |
| cisco — asr_5000_series_software | Cisco ASR 5500 System Architecture Evolution (SAE) Gateway devices allow remote attackers to cause a denial of service (CPU consumption and SNMP outage) via malformed SNMP packets, aka Bug ID CSCur13393. | 2015-02-17 | 5.0 | CVE-2015-0617 XF SECTRACK |
| cisco — telepresence_management_suite | The XML parser in Cisco TelePresence Management Suite (TMS) 14.3(.2) and earlier does not properly handle external entities, which allows remote authenticated users to cause a denial of service via POST requests, aka Bug ID CSCus51494. | 2015-02-17 | 4.0 | CVE-2015-0620 XF SECTRACK |
| cisco — web_security_appliance | Cross-site scripting (XSS) vulnerability in the Administrator report page on Cisco Web Security Appliance (WSA) devices allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCus40627. | 2015-02-18 | 4.3 | CVE-2015-0623 |
| cisco — hosted_collaboration_solution | The SOAP interface in Cisco Hosted Collaboration Solution (HCS) allows remote attackers to obtain access to system-management tools via crafted Challenge SOAP calls, aka Bug ID CSCuc38114. | 2015-02-18 | 4.3 | CVE-2015-0626 |
| cisco — web_security_appliance | The proxy engine on Cisco Web Security Appliance (WSA) devices allows remote attackers to bypass intended proxying restrictions via a malformed HTTP method, aka Bug ID CSCus79174. | 2015-02-19 | 5.0 | CVE-2015-0628 |
| e2fsprogs_project — e2fsprogs | Heap-based buffer overflow in openfs.c in the libext2fs library in e2fsprogs before 1.42.12 allows local users to execute arbitrary code via crafted block group descriptor data in a filesystem image. | 2015-02-17 | 4.6 | CVE-2015-0247 MISC CONFIRM XF BID BUGTRAQ MANDRIVA MISC FEDORA CONFIRM |
| easing_slider — easing_slider | Cross-site scripting (XSS) vulnerability in the Easing Slider plugin before 2.2.0.7 for WordPress allows remote attackers to inject arbitrary web script or HTML via the edit parameter in the (1) easingslider_manage_customizations or (2) easingslider_edit_sliders page to wp-admin/admin.php. | 2015-02-16 | 4.3 | CVE-2015-1436 MISC XF BID BUGTRAQ MISC |
| ektron — ektron_content_management_system | The ContentBlockEx method in Workarea/ServerControlWS.asmx in Ektron Content Management System (CMS) 8.5 and 8.7 before 8.7sp2 and 9.0 before sp1 allows remote attackers to read arbitrary files via an external entity declaration in conjunction with an entity reference within an XML document named in the xslt parameter, related to an XML External Entity (XXE) issue. | 2015-02-13 | 5.0 | CVE-2015-0923 CERT-VN |
| ektron — ektron_content_management_system | Ektron Content Management System (CMS) 8.5 and 8.7 before 8.7sp2 and 9.0 before sp1, when the Saxon XSLT parser is used, allows remote attackers to execute arbitrary code via a crafted XSLT document, related to a “resource injection” issue. | 2015-02-13 | 6.8 | CVE-2015-0931 CERT-VN |
| emc — documentum_d2 | The D2-API component in EMC Documentum D2 3.1 through SP1, 4.0 and 4.1 before 4.1 P22, and 4.2 before P11 places the MD5 hash of an encryption passphrase in log files, which allows remote authenticated users to obtain sensitive information by reading a file. | 2015-02-14 | 4.0 | CVE-2015-0517 XF SECTRACK BID BUGTRAQ |
| exponentcms — exponent_cms | Multiple cross-site scripting (XSS) vulnerabilities in Exponent CMS before 2.1.4 patch 6, 2.2.x before 2.2.3 patch 9, and 2.3.x before 2.3.1 patch 4 allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO, the (2) src parameter in a none action to index.php, or the (3) “First Name” or (4) “Last Name” field to users/edituser. | 2015-02-19 | 4.3 | CVE-2014-8690 XF EXPLOIT-DB MISC OSVDB OSVDB CONFIRM |
| fancybox_project — fancybox | The FancyBox for WordPress plugin before 3.0.3 for WordPress does not properly restrict access, which allows remote attackers to conduct cross-site scripting (XSS) attacks via the mfbfw parameter in an update action to wp-admin/admin-post.php, as exploited in the wild in February 2015. | 2015-02-17 | 4.3 | CVE-2015-1494 MISC CONFIRM BID MLIST MISC |
| fastcgi — fcgi | FastCGI (aka fcgi and libfcgi) 2.4.0 allows remote attackers to cause a denial of service (segmentation fault and crash) via a large number of connections. | 2015-02-19 | 5.0 | CVE-2012-6687 CONFIRM CONFIRM CONFIRM XF MLIST MLIST |
| fatfreecrm — fat_free_crm | Fat Free CRM before 0.13.6 allows remote attackers to conduct cross-site request forgery (CSRF) attacks via a request without the authenticity_token, as demonstrated by a crafted HTML page that creates a new administrator account. | 2015-02-19 | 6.8 | CVE-2015-1585 CONFIRM XF BUGTRAQ MISC |
| google — email | The Google Email application 4.2.2.0200 for Android allows remote attackers to cause a denial of service (persistent application crash) via a “Content-Disposition: ;” header in an e-mail message. | 2015-02-15 | 5.0 | CVE-2015-1574 BUGTRAQ FULLDISC MISC MLIST MLIST MISC |
| google_doc_embedder — google_doc_embedder | Cross-site scripting (XSS) vulnerability in the Google Doc Embedder plugin before 2.5.19 for WordPress allows remote attackers to inject arbitrary web script or HTML via the profile parameter in an edit action in the gde-settings page to wp-admin/options-general.php. | 2015-02-19 | 4.3 | CVE-2015-1879 BID MISC |
| hp — universal_configuration_management_database | HP Universal CMDB (UCMDB) Probe 9.05, 10.01, and 10.11 enables the HTTP TRACE method, which allows remote attackers to obtain sensitive information by reading the headers of a response. | 2015-02-15 | 5.0 | CVE-2014-7883 SECTRACK |
| ibm — curam_social_program_management | Curam Universal Access in IBM Curam Social Program Management 5.2 before SP6 EP6, 6.0 SP2 before EP26, 6.0.4.5 before iFix007, 6.0.5.4 before iFix005, and 6.0.5.5 before iFix003, when SPI inclusion is enabled, allows remote attackers to obtain sensitive user data by visiting an unspecified page. | 2015-02-13 | 4.3 | CVE-2014-4804 XF |
| ibm — tivoli_endpoint_manager | Cross-site scripting (XSS) vulnerability in the Web Reports component in IBM Tivoli Endpoint Manager 9.1 before 9.1.1229 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2015-02-15 | 4.3 | CVE-2014-6113 XF |
| ibm — tivoli_endpoint_manager | Cross-site scripting (XSS) vulnerability in the Relay Diagnostic page in IBM Tivoli Endpoint Manager 9.1 before 9.1.1229 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2015-02-15 | 4.3 | CVE-2014-6137 XF BID |
| ibm — change_and_configuration_management_database | Directory traversal vulnerability in an unspecified web form in IBM Maximo Asset Management 7.1 through 7.1.1.13 and 7.5.0 before 7.5.0.6 IFIX007, Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allows remote authenticated users to read arbitrary files via a .. (dot dot) in a pathname. | 2015-02-16 | 4.0 | CVE-2014-6194 XF |
| ibm — content_navigator | Cross-site scripting (XSS) vulnerability in IBM Content Navigator 2.0.0 and 2.0.1 before 2.0.1.2 FP002 IF003 and 2.0.3 before 2.0.3.2 FP002 allows remote attackers to inject arbitrary web script or HTML via the Accept-Language HTTP header. | 2015-02-13 | 4.3 | CVE-2014-8911 XF |
| ibm — change_and_configuration_management_database | Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.8, and Maximo Asset Management 7.1 through 7.1.1.8 and 7.2 for Tivoli IT Asset Management for IT and certain other products, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-0104, CVE-2015-0107, and CVE-2015-0109. | 2015-02-17 | 4.3 | CVE-2015-0108 XF |
| image_metadata_cruncher_project — image_metadata_cruncher | Multiple cross-site request forgery (CSRF) vulnerabilities in the Image Metadata Cruncher plugin for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) image_metadata_cruncher[alt] or (2) image_metadata_cruncher parameter in an update action in the image_metadata_cruncher_title page to wp-admin/options.php or (3) custom image meta tag to the image metadata cruncher page. | 2015-02-19 | 6.8 | CVE-2015-1614 XF BUGTRAQ BUGTRAQ MISC |
| instantasp — instantforum | Multiple cross-site scripting (XSS) vulnerabilities in InstantASP InstantForum.NET 4.1.3, 4.1.2, 4.1.1, 4.0.0, 4.1.0, and 3.4.0 allow remote attackers to inject arbitrary web script or HTML via the SessionID parameter to (1) Join.aspx or (2) Logon.aspx. | 2015-02-19 | 4.3 | CVE-2014-9468 MISC FULLDISC |
| isc — bind | named in ISC BIND 9.7.0 through 9.9.6 before 9.9.6-P2 and 9.10.x before 9.10.1-P2, when DNSSEC validation and the managed-keys feature are enabled, allows remote attackers to cause a denial of service (assertion failure and daemon exit, or daemon crash) by triggering an incorrect trust-anchor management scenario in which no key is ready for use. | 2015-02-18 | 5.4 | CVE-2015-1349 |
| kallithea — kallithea | RhodeCode before 2.2.7 and Kallithea 0.1 allows remote authenticated users to obtain API keys and other sensitive information via the get_repo API method. | 2015-02-16 | 4.0 | CVE-2015-0260 XF BID MLIST |
| mcafee — data_loss_prevention_endpoint | SQL injection vulnerability in the ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) before 9.3.400 allows remote authenticated ePO users to execute arbitrary SQL commands via unspecified vectors. | 2015-02-17 | 6.5 | CVE-2015-1616 |
| mcafee — data_loss_prevention_endpoint | The ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) before 9.3.400 allows remote authenticated users to obtain sensitive password information via a crafted URL. | 2015-02-17 | 4.0 | CVE-2015-1618 |
| mit — kerberos | MIT Kerberos 5 (aka krb5) through 1.13.1 incorrectly expects that a krb5_read_message data field is represented as a string ending with a ” character, which allows remote attackers to (1) cause a denial of service (NULL pointer dereference) via a zero-byte version string or (2) cause a denial of service (out-of-bounds read) by omitting the ” character, related to appl/user_user/server.c and lib/krb5/krb/recvauth.c. | 2015-02-20 | 5.0 | CVE-2014-5355 CONFIRM |
| mit — kerberos | The check_rpcsec_auth function in kadmin/server/kadm_rpc_svc.c in kadmind in MIT Kerberos 5 (aka krb5) through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 allows remote authenticated users to bypass a kadmin/* authorization check and obtain administrative access by leveraging access to a two-component principal with an initial “kadmind” substring, as demonstrated by a “ka/x” principal. | 2015-02-19 | 6.1 | CVE-2014-9422 CONFIRM CONFIRM |
| mit — kerberos | The svcauth_gss_accept_sec_context function in lib/rpc/svc_auth_gss.c in MIT Kerberos 5 (aka krb5) 1.11.x through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 transmits uninitialized interposer data to clients, which allows remote attackers to obtain sensitive information from process heap memory by sniffing the network for data in a handle field. | 2015-02-19 | 5.0 | CVE-2014-9423 CONFIRM CONFIRM |
| motorola — motorola_scanner_sdk | Multiple stack-based buffer overflows in Motorola Scanner SDK allow remote attackers to execute arbitrary code via a crafted string to the Open method in (1) IOPOSScanner.ocx or (2) IOPOSScale.ocx. | 2015-02-16 | 6.8 | CVE-2015-1495 MISC MISC |
| mylittleforum — my_little_forum | Multiple SQL injection vulnerabilities in my little forum before 2.3.4 allow remote administrators to execute arbitrary SQL commands via the (1) letter parameter in a user action or (2) edit_category parameter to index.php. | 2015-02-16 | 6.5 | CVE-2015-1434 MISC XF BID BUGTRAQ MISC |
| mylittleforum — my_little_forum | Cross-site scripting (XSS) vulnerability in my little forum before 2.3.4 allows remote attackers to inject arbitrary web script or HTML via the back parameter to index.php. | 2015-02-16 | 4.3 | CVE-2015-1435 MISC XF BID BUGTRAQ MISC |
| open-xchange — open-xchange_appsuite | Open-Xchange (OX) AppSuite and Server before 7.4.2-rev42, 7.6.0 before 7.6.0-rev36, and 7.6.1 before 7.6.1-rev14 does not properly handle directory permissions, which allows remote authenticated users to read files via unspecified vectors, related to the “folder identifier.” | 2015-02-17 | 4.0 | CVE-2014-9466 XF SECTRACK BID BUGTRAQ MISC |
| pivotal — spring_framework | Directory traversal vulnerability in Pivotal Spring Framework 3.x before 3.2.9 and 4.0 before 4.0.5 allows remote attackers to read arbitrary files via a crafted URL. | 2015-02-19 | 5.0 | CVE-2014-3578 REDHAT REDHAT CONFIRM |
| pnmsoft — sequence_kinetics | Multiple cross-site scripting (XSS) vulnerabilities in the tables-management module in PNMsoft Sequence Kinetics before 7.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2015-02-19 | 4.3 | CVE-2014-6301 MISC |
| pnmsoft — sequence_kinetics | The Monitoring Administration pages in PNMsoft Sequence Kinetics before 7.7 allow remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | 2015-02-19 | 5.0 | CVE-2014-6302 MISC |
| pnmsoft — sequence_kinetics | The Monitoring Administration pages in PNMsoft Sequence Kinetics before 7.7 do not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (resource consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564. | 2015-02-19 | 5.0 | CVE-2014-6303 MISC |
| pnmsoft — sequence_kinetics | The Form Controls CSS file in PNMsoft Sequence Kinetics before 7.7 allows remote attackers to obtain sensitive source-code information via unspecified vectors. | 2015-02-19 | 5.0 | CVE-2014-6304 MISC |
| redhat — jboss_enterprise_application_platform | The Role Based Access Control (RBAC) implementation in JBoss Enterprise Application Platform (EAP) 6.2.0 through 6.3.2 does not properly verify authorization conditions, which allows remote authenticated users to add, modify, and undefine otherwise restricted attributes by leveraging the Maintainer role. | 2015-02-13 | 4.0 | CVE-2014-7849 XF SECTRACK |
| redhat — jboss_enterprise_application_platform | The JBoss Application Server (WildFly) JacORB subsystem in Red Hat JBoss Enterprise Application Platform (EAP) before 6.3.3 does not properly assign socket-binding-ref sensitivity classification to the security-domain attribute, which allows remote authenticated users to obtain sensitive information by leveraging access to the security-domain attribute. | 2015-02-13 | 4.0 | CVE-2014-7853 XF SECTRACK |
| redhat — jboss_weld | Race condition in JBoss Weld before 2.2.8 and 3.x before 3.0.0 Alpha3 allows remote attackers to obtain information from a previous conversation via vectors related to a stale thread state. | 2015-02-13 | 4.3 | CVE-2014-8122 CONFIRM CONFIRM CONFIRM MISC XF SECTRACK |
| rhodecode — rhodecode_enterprise | RhodeCode before 2.2.7 allows remote authenticated users to obtain API keys and other sensitive information via the (1) update_repo, (2) get_locks, or (3) get_user_groups API method. | 2015-02-16 | 4.0 | CVE-2015-1613 |
| siemens — simatic_step_7 | Siemens SIMATIC STEP 7 (TIA Portal) before 13 SP1 determines a user’s privileges on the basis of project-file fields that lack integrity protection, which allows remote attackers to establish arbitrary authorization data via a modified file. | 2015-02-17 | 4.4 | CVE-2015-1356 |
| siemens — wincc | The remote-management module in the (1) Multi Panels, (2) Comfort Panels, and (3) RT Advanced functionality in Siemens SIMATIC WinCC (TIA Portal) before 13 SP1 does not properly encrypt credentials in transit, which makes it easier for remote attackers to determine cleartext credentials by sniffing the network and conducting a decryption attack. | 2015-02-17 | 5.0 | CVE-2015-1358 |
| solarwinds — server_and_application_monitor | Multiple stack-based buffer overflows in the TSUnicodeGraphEditorControl in SolarWinds Server and Application Monitor (SAM) allow remote attackers to execute arbitrary code via unspecified vectors to (1) graphManager.load or (2) factory.load. | 2015-02-16 | 6.8 | CVE-2015-1500 MISC |
| solarwinds — server_and_application_monitor | The factory.loadExtensionFactory function in TSUnicodeGraphEditorControl in SolarWinds Server and Application Monitor (SAM) allow remote attackers to execute arbitrary code via a UNC path to a crafted binary. | 2015-02-16 | 6.8 | CVE-2015-1501 MISC |
| squid-cache — squid | CRLF injection vulnerability in Squid before 3.1.10 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted header in a response. | 2015-02-20 | 4.3 | CVE-2015-0881 |
| tibco — activematrix_management_agent | The ActiveMatrix Policy Manager Authentication module in TIBCO ActiveMatrix Policy Agent 3.x before 3.1.2, ActiveMatrix Policy Manager 3.x before 3.1.2, ActiveMatrix Management Agent 1.x before 1.2.1 for WCF, and ActiveMatrix Management Agent 1.x before 1.2.1 for WebSphere allows remote attackers to gain privileges and obtain sensitive information via unspecified vectors. | 2015-02-18 | 6.4 | CVE-2014-5286 CONFIRM |
| topline_systems — opportunity_form | Topline Opportunity Form (aka XLS Opp form) before 2015-02-15 does not properly restrict access to database-connection strings, which allows attackers to read the cleartext version of sensitive credential and e-mail address information via unspecified vectors. | 2015-02-15 | 4.0 | CVE-2015-1608 |
| x.org — xorg-server | X.Org Server (aka xserver and xorg-server) before 1.16.3 and 1.17.x before 1.17.1 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (crash) via a crafted string length value in a XkbSetGeometry request. | 2015-02-13 | 6.4 | CVE-2015-0255 DEBIAN |
| xen — xen | The vgic_v2_to_sgi function in arch/arm/vgic-v2.c in Xen 4.5.x, when running on ARM hardware with general interrupt controller (GIC) version 2, allows local guest users to cause a denial of service (host crash) by writing an invalid value to the GICD.SGIR register. | 2015-02-16 | 4.9 | CVE-2015-0268 XF SECTRACK BID |
| zarafa — webapp | senddocument.php in Zarafa WebApp before 2.0 beta 3 and WebAccess in Zarafa Collaboration Platform (ZCP) 7.x before 7.1.12 beta 1 and 7.2.x before 7.2.0 beta 1 allows remote attackers to cause a denial of service (/tmp disk consumption) by uploading a large number of files. | 2015-02-19 | 5.0 | CVE-2014-9465 CONFIRM CONFIRM MLIST MLIST MISC |
Low Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| d-bus_project — d-bus | D-Bus 1.4.x through 1.6.x before 1.6.30, 1.8.x before 1.8.16, and 1.9.x before 1.9.10 does not validate the source of ActivationFailure signals, which allows local users to cause a denial of service (activation failure error returned) by leveraging a race condition involving sending an ActivationFailure signal before systemd responds. | 2015-02-13 | 1.9 | CVE-2015-0245 MLIST DEBIAN |
| emc — captiva_capture | The InputAccel Database (IADB) installation process in EMC Captiva Capture 7.0 before patch 25 and 7.1 before patch 13 places a cleartext InputAccel (IA) SQL password in a DAL log file, which allows local users to obtain sensitive information by reading a file. | 2015-02-14 | 2.1 | CVE-2015-0519 XF MISC BUGTRAQ |
| gnu — cpio | cpio 2.11, when using the –no-absolute-filenames option, allows local users to write to arbitrary files via a symlink attack on a file in an archive. | 2015-02-19 | 1.9 | CVE-2015-1197 MLIST MISC BID MLIST MLIST |
| ibm — change_and_configuration_management_database | IBM Maximo Asset Management 7.1 through 7.1.1.13 and 7.5.0 before 7.5.0.6 IFIX008, Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products do not properly handle logout actions, which allows remote attackers to bypass intended Cognos BI Direct Integration access restrictions by leveraging an unattended workstation. | 2015-02-16 | 2.1 | CVE-2014-6102 XF |
| ibm — flex_system_manager | IBM Flex System Manager (FSM) 1.1.x.x, 1.2.0.x, 1.2.1.x, 1.3.0.0, 1.3.1.0, and 1.3.2.0 allows local users to obtain sensitive information, and consequently gain privileges or conduct impersonation attacks, via unspecified vectors. | 2015-02-18 | 2.1 | CVE-2014-6147 XF AIXAPAR |
| ibm — tivoli_storage_manager | The (1) Java GUI and (2) Web GUI components in the IBM Tivoli Storage Manager (TSM) Backup-Archive client 5.4 and 5.5 before 5.5.4.4 on AIX, Linux, and Solaris; 5.4.x and 5.5.x on Windows and z/OS; 6.1 before 6.1.5.7 on z/OS; 6.1 and 6.2 before 6.2.5.2 on Windows, before 6.2.5.3 on AIX and Linux x86, and before 6.2.5.4 on Linux Z and Solaris; 6.3 before 6.3.2.1 on AIX, before 6.3.2.2 on Windows, and before 6.3.2.3 on Linux; 6.4 before 6.4.2.1; and 7.1 before 7.1.1 in IBM TSM for Mail, when the Data Protection for Lotus Domino component is used, allow local users to bypass authentication and restore a Domino database or transaction-log backup via unspecified vectors. | 2015-02-13 | 1.9 | CVE-2014-6195 XF |
| ibm — change_and_configuration_management_database | Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.8, and Maximo Asset Management 7.1 through 7.1.1.8 and 7.2 for Tivoli IT Asset Management for IT and certain other products, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-0104, CVE-2015-0107, and CVE-2015-0108. | 2015-02-17 | 3.5 | CVE-2015-0109 XF |
| mcafee — data_loss_prevention_endpoint | Cross-site scripting (XSS) vulnerability in the ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) before 9.3.400 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 2015-02-17 | 3.5 | CVE-2015-1617 |
| mcafee — email_gateway | Cross-site scripting (XSS) vulnerability in the Secure Web Mail Client user interface in McAfee Email Gateway (MEG) 7.6.x before 7.6.3.2, 7.5.x before 75.6, 7.0.x through 7.0.5, 5.6, and earlier allows remote authenticated users to inject arbitrary web script or HTML via unspecified tokens in Digest messages. | 2015-02-17 | 3.5 | CVE-2015-1619 |
| okb.co.jp — smartphone_passbook | The Ogaki Kyoritsu Bank Smartphone Passbook application 1.0.0 for Android creates a log file containing input data from the user, which allows attackers to obtain sensitive information by reading a file. | 2015-02-14 | 1.8 | CVE-2015-0875 |
| phusion — passenger | Phusion Passenger before 4.0.37 allows local users to write to certain files and directories via a symlink attack on (1) control_process.pid or a (2) generation-* file. | 2015-02-19 | 2.1 | CVE-2014-1831 CONFIRM CONFIRM CONFIRM MLIST MLIST FEDORA |
| phusion — passenger | Phusion Passenger 4.0.37 allows local users to write to certain files and directories via a symlink attack on (1) control_process.pid or a (2) generation-* file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-1831. | 2015-02-19 | 2.1 | CVE-2014-1832 CONFIRM CONFIRM CONFIRM MLIST MLIST FEDORA |
| redhat — jboss_enterprise_application_platform | The org.jboss.security.plugins.mapping.JBossMappingManager implementation in JBoss Security in Red Hat JBoss Enterprise Application Platform (EAP) before 6.3.3 uses the default security domain when a security domain is undefined, which allows remote authenticated users to bypass intended access restrictions by leveraging credentials on the default domain for a role that is also on the application domain. | 2015-02-13 | 3.5 | CVE-2014-7827 XF SECTRACK |
| siemens — simatic_step_7 | Siemens SIMATIC STEP 7 (TIA Portal) before 13 SP1 uses a weak password-hash algorithm, which makes it easier for local users to determine cleartext passwords by reading a project file and conducting a brute-force attack. | 2015-02-17 | 2.1 | CVE-2015-1355 |
| webform_prepopulate_block_project — webform_prepopulate_block | Cross-site scripting (XSS) vulnerability in the Webform prepopulate block module before 7.x-3.1 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 2015-02-17 | 3.5 | CVE-2015-1621 MLIST |
This product is provided subject to this Notification and this Privacy & Use policy.