Original release date: May 11, 2015
The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.
The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
-
High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0
-
Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9
-
Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9
Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.
High Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
alienvault — unified_security_management | The Framework Daemon in AlienVault Unified Security Management before 4.15 allows remote attackers to execute arbitrary Python code via a crafted plugin configuration file (.cfg). | 2015-05-01 | 9.3 | CVE-2015-3446 CONFIRM MISC |
cisco — unified_computing_system_central_software | Cisco UCS Central Software 1.2 and earlier allows remote attackers to execute arbitrary commands via a crafted HTTP request, aka Bug ID CSCut46961. | 2015-05-06 | 10.0 | CVE-2015-0701 CISCO |
emc — autostart | ftagent.exe in EMC AutoStart 5.4.x and 5.5.x before 5.5.0.508 HF4 allows remote attackers to execute arbitrary commands via crafted packets. | 2015-05-06 | 9.3 | CVE-2015-0538 CERT-VN BUGTRAQ |
google — chrome | Multiple unspecified vulnerabilities in Google Chrome before 42.0.2311.135 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | 2015-05-01 | 7.5 | CVE-2015-1250 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
realtek — realtek_sdk | The miniigd SOAP service in Realtek SDK allows remote attackers to execute arbitrary code via a crafted NewInternalClient request. | 2015-05-01 | 10.0 | CVE-2014-8361 MISC CONFIRM |
samsung — samsung_security_manager | Samsung Security Manager (SSM) before 1.31 allows remote attackers to execute arbitrary code by uploading a file with an HTTP (1) PUT or (2) MOVE request. | 2015-05-01 | 10.0 | CVE-2015-3435 MISC MISC |
Medium Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
apple — safari | WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-1153 and CVE-2015-1154. | 2015-05-07 | 6.8 | CVE-2015-1152 CONFIRM APPLE |
apple — safari | WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-1152 and CVE-2015-1154. | 2015-05-07 | 6.8 | CVE-2015-1153 CONFIRM APPLE |
apple — safari | WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-1152 and CVE-2015-1153. | 2015-05-07 | 6.8 | CVE-2015-1154 CONFIRM APPLE |
apple — safari | The history implementation in WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to bypass the Same Origin Policy and read arbitrary files via a crafted web site. | 2015-05-07 | 4.3 | CVE-2015-1155 CONFIRM APPLE |
apple — safari | The page-loading implementation in WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, does not properly handle the rel attribute in an A element, which allows remote attackers to bypass the Same Origin Policy for a link’s target, and spoof the user interface, via a crafted web site. | 2015-05-07 | 4.3 | CVE-2015-1156 CONFIRM APPLE |
cisco — finesse | Multiple cross-site scripting (XSS) vulnerabilities in Cisco Finesse Server 10.0(1), 10.5(1), 10.6(1), and 11.0(1) allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCut53595. | 2015-05-02 | 4.3 | CVE-2015-0714 CISCO |
cisco — unity_connection | SQL injection vulnerability in the administrative web interface in Cisco Unified Communications Manager 11.0(0.98000.225) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug IDs CSCut33447 and CSCut33608. | 2015-05-06 | 6.5 | CVE-2015-0715 CISCO |
cisco — unity_connection | Cross-site request forgery (CSRF) vulnerability in the CUCReports page in Cisco Unity Connection 11.0(0.98000.225) and 11.0(0.98000.332) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCut33659. | 2015-05-06 | 6.8 | CVE-2015-0716 CISCO |
dell — sonicwall_secure_remote_access_firmware | Cross-site request forgery (CSRF) vulnerability in the user portal in Dell SonicWALL Secure Remote Access (SRA) products with firmware before 7.5.1.0-38sv and 8.x before 8.0.0.1-16sv allows remote attackers to hijack the authentication of users for requests that create bookmarks via a crafted request to cgi-bin/editBookmark. | 2015-05-01 | 6.8 | CVE-2015-2248 CONFIRM MISC |
elasticsearch — elasticsearch | Directory traversal vulnerability in Elasticsearch before 1.4.5 and 1.5.x before 1.5.2, when a site plugin is enabled, allows remote attackers to read arbitrary files via unspecified vectors. | 2015-05-01 | 4.3 | CVE-2015-3337 CONFIRM BUGTRAQ DEBIAN |
emc — sourceone_email_management | EMC SourceOne Email Management before 7.2 does not have a lockout mechanism for invalid login attempts, which makes it easier for remote attackers to obtain access via a brute-force attack. | 2015-05-06 | 5.0 | CVE-2015-0531 BUGTRAQ |
foxitsoftware — enterprise_reader | Foxit Reader, Enterprise Reader, and PhantomPDF before 7.1.5 allow remote attackers to cause a denial of service (memory corruption and crash) via a crafted GIF in a PDF file. | 2015-05-01 | 4.3 | CVE-2015-3632 EXPLOIT-DB CONFIRM MISC MISC |
foxitsoftware — enterprise_reader | Foxit Reader, Enterprise Reader, and PhantomPDF before 7.1.5 allow remote attackers to cause a denial of service (memory corruption and crash) via vectors related to digital signatures. | 2015-05-01 | 5.0 | CVE-2015-3633 CONFIRM |
haxx — curl | The default configuration for cURL and libcurl before 7.42.1 sends custom HTTP headers to both the proxy and destination server, which might allow remote proxy servers to obtain sensitive information by reading the header contents. | 2015-05-01 | 5.0 | CVE-2015-3153 UBUNTU DEBIAN CONFIRM |
ibm — db2 | IBM DB2 9.5 through 10.5 on Linux, UNIX, and Windows stores passwords during the processing of certain SQL statements by the monitoring and audit facilities, which allows remote authenticated users to obtain sensitive information via commands associated with these facilities. | 2015-05-07 | 4.0 | CVE-2014-0919 CONFIRM AIXAPAR AIXAPAR AIXAPAR AIXAPAR AIXAPAR |
ibm — rational_license_key_server | The Administration and Reporting Tool in IBM Rational License Key Server (RLKS) 8.1.4 before 8.1.4.7 allows remote authenticated users to read cookies via unspecified vectors. | 2015-05-07 | 4.0 | CVE-2015-1907 CONFIRM |
python — pillow | The Jpeg2KImagePlugin plugin in Pillow before 2.5.3 allows remote attackers to cause a denial of service via a crafted image. | 2015-05-01 | 5.0 | CVE-2014-3598 CONFIRM SUSE |
redhat — enterprise_virtualization_manager | Red Hat Enterprise Virtualization (RHEV) Manager before 3.5.1 ignores the permission to deny snapshot creation during live storage migration between domains, which allows remote authenticated users to cause a denial of service (prevent host start) by creating a long snapshot chain. | 2015-05-01 | 6.8 | CVE-2015-0237 REDHAT |
siemens — homecontrol_for_room_automation | The Siemens HomeControl for Room Automation application before 2.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information or modify data via a crafted certificate. | 2015-05-07 | 5.4 | CVE-2015-3610 CONFIRM |
Low Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
kozos — easyctf | Cross-site scripting (XSS) vulnerability in EasyCTF before 1.4 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 2015-05-01 | 3.5 | CVE-2015-0913 JVNDB JVN CONFIRM |
redhat — enterprise_virtualization_manager | Red Hat Enterprise Virtualization (RHEV) Manager before 3.5.1 uses weak permissions on the directories shared by the ovirt-engine-dwhd service and a plugin during service startup, which allows local users to obtain sensitive information by reading files in the directory. | 2015-05-01 | 2.1 | CVE-2015-0257 REDHAT |
This product is provided subject to this Notification and this Privacy & Use policy.