Original release date: June 08, 2015
The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.
The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
-
High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0
-
Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9
-
Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9
Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.
High Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| arcserve — arcserve_unified_data_protection | Directory traversal vulnerability in Arcserve UDP before 5.0 Update 4 allows remote attackers to obtain sensitive information or cause a denial of service via a crafted file path to the (1) reportFileServlet or (2) exportServlet servlet. | 2015-05-29 | 9.4 | CVE-2015-4068 MISC MISC CONFIRM |
| arcserve — arcserve_unified_data_protection | The EdgeServiceImpl web service in Arcserve UDP before 5.0 Update 4 allows remote attackers to obtain sensitive credentials via a crafted SOAP request to the (1) getBackupPolicy or (2) getBackupPolicies method. | 2015-05-29 | 7.8 | CVE-2015-4069 MISC MISC CONFIRM |
| avm — fritz!box | AVM Fritz!Box allows remote attackers to execute arbitrary commands via shell metacharacters in the var:lang parameter to cgi-bin/webcm. | 2015-05-29 | 10.0 | CVE-2014-9727 MISC OSVDB EXPLOIT-DB |
| cisco — dta_control_system | Cisco DTA Control System (DTACS) 4.0.0.9 and Cisco Headend System Release allow remote attackers to cause a denial of service (CPU and memory consumption, and TCP service outage) via (1) a SYN flood or (2) another type of TCP traffic flood, aka Bug IDs CSCus50642, CSCus50662, CSCus50625, CSCus50657, and CSCus68315. | 2015-05-30 | 7.8 | CVE-2015-0744 CISCO |
| cisco — unified_communications_manager | Cisco IP Phone 7861, when firmware from Cisco Unified Communications Manager 10.3(1) is used, allows remote attackers to cause a denial of service via crafted packets, aka Bug ID CSCus81800. | 2015-05-29 | 7.8 | CVE-2015-0751 CISCO |
| cisco — finesse | Cisco Finesse 10.5(1) allows remote authenticated users to obtain sensitive information or cause a denial of service (CPU and memory consumption) via a crafted XML document, aka Bug ID CSCut95810. | 2015-05-29 | 7.5 | CVE-2015-0754 CISCO |
| cisco — anyconnect_secure_mobility_client | Cisco AnyConnect Secure Mobility Client before 3.1(8009) and 4.x before 4.0(2052) on Linux does not properly implement unspecified internal functions, which allows local users to obtain root privileges via crafted vpnagent options, aka Bug ID CSCus86790. | 2015-06-04 | 7.2 | CVE-2015-0761 CISCO |
| dell — netvault_backup | Integer overflow in the libnv6 module in Dell NetVault Backup before 10.0.5 allows remote attackers to execute arbitrary code via crafted template string specifiers in a serialized object, which triggers a heap-based buffer overflow. | 2015-05-29 | 10.0 | CVE-2015-4067 MISC |
| fusionforge — fusionforge | The Git plugin for FusionForge before 6.0rc4 allows remote attackers to execute arbitrary code via an unspecified parameter when creating a secondary Git repository. | 2015-06-02 | 10.0 | CVE-2015-0850 CONFIRM DEBIAN |
| ibm — powervc | IBM PowerVC 1.2.0.x through 1.2.0.4, 1.2.1.x through 1.2.1.2, and 1.2.2.x through 1.2.2.2 does not require authentication for the ceilometer NoSQL database, which allows remote attackers to read or write to arbitrary database records, and consequently obtain administrator privileges, via a session on port 27017. | 2015-05-30 | 7.5 | CVE-2015-1937 CONFIRM AIXAPAR |
| ipsec-tools — ipsec-tools | racoon/gssapi.c in IPsec-Tools 0.8.2 allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon crash) via a series of crafted UDP requests. | 2015-05-29 | 7.8 | CVE-2015-4047 MISC SECTRACK BID MLIST MLIST DEBIAN FULLDISC FULLDISC MISC |
| milw0rm_project — milw0rm_clone_script | SQL injection vulnerability in related.php in Milw0rm Clone Script 1.0 allows remote attackers to execute arbitrary SQL commands via the program parameter. | 2015-05-29 | 7.5 | CVE-2015-4137 BID FULLDISC MISC |
| netapp — oncommand_workflow_automation | The installer in NetApp OnCommand Workflow Automation before 2.2.1P1 and 3.x before 3.0P1 sets up the Java Debugging Wire Protocol (JDWP) service, which allows remote attackers to execute arbitrary code via unspecified vectors. | 2015-05-31 | 10.0 | CVE-2015-3292 CONFIRM |
| qemu — qemu | QEMU does not properly restrict write access to the PCI config space for certain PCI pass-through devices, which mighy allow local x86 HVM guests to gain privileges, cause a denial of service (host crash), obtain sensitive information, or possibly have other unspecified impact via unknown vectors. | 2015-06-03 | 7.2 | CVE-2015-4106 CONFIRM |
| sap — gui | Stack-based buffer overflow in the LZC decompression implementation (CsObjectInt::CsDecomprLZC function in vpa106cslzc.cpp) in SAP MaxDB 7.5 and 7.6, Netweaver Application Server ABAP, Netweaver Application Server Java, Netweaver RFC SDK, GUI, RFC SDK, SAPCAR archive tool, and other products allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via unspecified vectors, aka SAP Security Note 2124806, 2121661, 2127995, and 2125316. | 2015-06-02 | 7.5 | CVE-2015-2282 BUGTRAQ MISC FULLDISC FULLDISC MISC |
| sap — hana_web-based_development_workbench | SQL injection vulnerability in SAP HANA Web-based Development Workbench allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Notes 2153892. | 2015-06-02 | 7.5 | CVE-2015-4159 FULLDISC |
| sap — ase_database_platform | SQL injection vulnerability in SAP ASE Database Platform allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Notes: 2152278. | 2015-06-02 | 7.5 | CVE-2015-4160 FULLDISC |
| sap — afaria | SAP Afaria does not properly restrict access to unspecified functionality, which allows remote attackers to obtain sensitive information, gain privileges, or have other unspecified impact via unknown vectors, SAP Security Note 2155690. | 2015-06-02 | 7.5 | CVE-2015-4161 FULLDISC |
| visual_mining — netcharts_server | Directory traversal vulnerability in saveFile.jsp in the development installation in Visual Mining NetChart allows remote attackers to write to arbitrary files via unspecified vectors. | 2015-05-29 | 10.0 | CVE-2015-4031 MISC |
| visual_mining — netcharts_server | projectContents.jsp in the Developer tools in Visual Mining NetCharts Server allows remote attackers to rename arbitrary files, and consequently execute them, via unspecified vectors. | 2015-05-29 | 10.0 | CVE-2015-4032 MISC |
| wavelink — terminal_emulation | Heap-based buffer overflow in the License Server (LicenseServer.exe) in Wavelink Terminal Emulation (TE) allows remote attackers to execute arbitrary code via a large HTTP header. | 2015-05-29 | 10.0 | CVE-2015-4059 MISC |
| wavelink — connectpro | Heap-based buffer overflow in the TermProxy (WLTermProxyService.exe) service in Wavelink ConnectPro allows remote attackers to execute arbitrary code via a large HTTP header. | 2015-05-29 | 10.0 | CVE-2015-4060 MISC |
| wouter_verhelst — nbd | The modern style negotiation in Network Block Device (nbd-server) 2.9.22 through 3.3 allows remote attackers to cause a denial of service (root process termination) by (1) closing the connection during negotiation or (2) specifying a name for a non-existent export. | 2015-05-29 | 7.8 | CVE-2013-7441 CONFIRM CONFIRM MLIST MLIST DEBIAN MLIST |
| wouter_verhelst — nbd | nbd-server.c in Network Block Device (nbd-server) before 3.11 does not properly handle signals, which allows remote attackers to cause a denial of service (deadlock) via unspecified vectors. | 2015-05-29 | 7.8 | CVE-2015-0847 CONFIRM MLIST DEBIAN MLIST |
| xen — xen | Xen 3.3.x through 4.5.x does not properly restrict access to PCI MSI mask bits, which allows local x86 HVM guest users to cause a denial of service (unexpected interrupt and host crash) via unspecified vectors. | 2015-06-03 | 7.8 | CVE-2015-4104 CONFIRM |
Medium Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| apache — camel | XML external entity (XXE) vulnerability in the XML converter setup in converter/jaxp/XmlConverter.java in Apache Camel before 2.13.4 and 2.14.x before 2.14.2 allows remote attackers to read arbitrary files via an external entity in an SAXSource. | 2015-06-03 | 5.0 | CVE-2015-0263 CONFIRM CONFIRM SECTRACK REDHAT |
| apache — camel | Multiple XML external entity (XXE) vulnerabilities in builder/xml/XPathBuilder.java in Apache Camel before 2.13.4 and 2.14.x before 2.14.2 allow remote attackers to read arbitrary files via an external entity in an invalid XML (1) String or (2) GenericFile object in an XPath query. | 2015-06-03 | 5.0 | CVE-2015-0264 CONFIRM CONFIRM SECTRACK REDHAT |
| apache — jackrabbit | XML external entity (XXE) vulnerability in Apache Jackrabbit before 2.0.6, 2.2.x before 2.2.14, 2.4.x before 2.4.6, 2.6.x before 2.6.6, 2.8.x before 2.8.1, and 2.10.x before 2.10.1 allows remote attackers to read arbitrary files and send requests to intranet servers via a crafted WebDAV request. | 2015-05-29 | 6.4 | CVE-2015-1833 EXPLOIT-DB CONFIRM BID CONFIRM MLIST |
| apache — sling_api | Multiple cross-site scripting (XSS) vulnerabilities in Apache Sling API before 2.2.2 and Apache Sling Servlets Post before 2.1.2 allow remote attackers to inject arbitrary web script or HTML via the URI, related to (1) org/apache/sling/api/servlets/HtmlResponse and (2) org/apache/sling/servlets/post/HtmlResponse. | 2015-06-02 | 4.3 | CVE-2015-2944 CONFIRM JVNDB JVN |
| beckwithelectric — m-2001d_digital_tapchanger_control | Beckwith Electric M-6200 Digital Voltage Regulator Control with firmware before D-0198V04.07.00, M-6200A Digital Voltage Regulator Control with firmware before D-0228V02.01.07, M-2001D Digital Tapchanger Control with firmware before D-0214V01.10.04, M-6283A Three Phase Digital Capacitor Bank Control with firmware before D-0346V03.00.02, M-6280A Digital Capacitor Bank Control with firmware before D-0254V03.05.05, and M-6280 Digital Capacitor Bank Control do not properly generate TCP initial sequence number (ISN) values, which makes it easier for remote attackers to spoof TCP sessions by predicting an ISN value. | 2015-06-05 | 6.4 | CVE-2014-9201 MISC |
| blue_coat — ssl_visibility_appliance_sv1800_firmware | Cross-site request forgery (CSRF) vulnerability in the WebUI component in Blue Coat SSL Visibility Appliance SV800, SV1800, SV2800, and SV3800 3.6.x through 3.8.x before 3.8.4 allows remote attackers to hijack the authentication of administrators. | 2015-05-30 | 4.3 | CVE-2015-2852 CERT-VN CONFIRM |
| blue_coat — ssl_visibility_appliance_sv1800_firmware | Session fixation vulnerability in the WebUI component in Blue Coat SSL Visibility Appliance SV800, SV1800, SV2800, and SV3800 3.6.x through 3.8.x before 3.8.4 allows remote attackers to hijack web sessions by providing a session ID. | 2015-05-30 | 6.8 | CVE-2015-2853 CERT-VN CONFIRM |
| blue_coat — ssl_visibility_appliance_sv1800_firmware | The WebUI component in Blue Coat SSL Visibility Appliance SV800, SV1800, SV2800, and SV3800 3.6.x through 3.8.x before 3.8.4 does not send a restrictive X-Frame-Options HTTP header, which allows remote attackers to conduct clickjacking attacks via vectors involving an IFRAME element. | 2015-05-30 | 4.3 | CVE-2015-2854 CERT-VN CONFIRM |
| blue_coat — ssl_visibility_appliance_sv1800_firmware | The WebUI component in Blue Coat SSL Visibility Appliance SV800, SV1800, SV2800, and SV3800 3.6.x through 3.8.x before 3.8.4 does not set the secure flag for the administrator’s cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session, a different vulnerability than CVE-2015-4138. | 2015-05-30 | 4.3 | CVE-2015-2855 CERT-VN CONFIRM |
| blue_coat — ssl_visibility_appliance_sv1800_firmware | The WebUI component in Blue Coat SSL Visibility Appliance SV800, SV1800, SV2800, and SV3800 3.6.x through 3.8.x before 3.8.4 does not include the HTTPOnly flag in a Set-Cookie header for the administrator’s cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie, a different vulnerability than CVE-2015-2855. | 2015-05-30 | 4.3 | CVE-2015-4138 CERT-VN CONFIRM |
| cisco — headend_digital_broadband_delivery_system | CRLF injection vulnerability in the HTTP Header Handler in Digital Broadband Delivery System in Cisco Headend System Release allows remote attackers to inject arbitrary HTTP headers, and conduct HTTP response splitting attacks or cross-site scripting (XSS) attacks, via a crafted request, aka Bug ID CSCur25580. | 2015-05-30 | 4.3 | CVE-2015-0733 CISCO |
| cisco — headend_digital_broadband_delivery_system | Cisco Headend System Release allows remote attackers to cause a denial of service (DHCP and TFTP outage) via a flood of crafted UDP traffic, aka Bug ID CSCus04097. | 2015-05-30 | 5.0 | CVE-2015-0743 CISCO |
| cisco — headend_digital_broadband_delivery_system | Cisco Headend System Release allows remote attackers to read temporary script files or archive files, and consequently obtain sensitive information, via a crafted header in an HTTP request, aka Bug ID CSCus44909. | 2015-05-30 | 5.0 | CVE-2015-0745 CISCO |
| cisco — videoscape_conductor | Cisco Conductor for Videoscape 3.0 and Cisco Headend System Release allow remote attackers to inject arbitrary cookies via a crafted HTTP request, aka Bug ID CSCuh25408. | 2015-05-30 | 4.3 | CVE-2015-0747 CISCO |
| cisco — telepresence_video_communication_server | Cross-site scripting (XSS) vulnerability in Cisco TelePresence Video Communication Server (VCS) X8.5.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCut27635. | 2015-05-29 | 4.3 | CVE-2015-0752 CISCO |
| cisco — unified_web_and_e-mail_interaction_manager | SQL injection vulnerability in Cisco Unified Email Interaction Manager (EIM) and Unified Web Interaction Manager (WIM) 9.0(2) allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuu30028. | 2015-05-29 | 6.8 | CVE-2015-0753 CISCO |
| cisco — anyconnect_secure_mobility_client | The Posture module for Cisco Identity Services Engine (ISE), as distributed in Cisco AnyConnect Secure Mobility Client 4.0(64), allows local users to gain privileges via unspecified commands, aka Bug ID CSCut05797. | 2015-05-29 | 6.8 | CVE-2015-0755 CISCO |
| cisco — wireless_lan_controller | Cisco Wireless LAN Controller (WLC) devices with software 7.4(1.1) allow remote attackers to cause a denial of service (wireless-networking outage) via crafted TCP traffic on the local network, aka Bug ID CSCug67104. | 2015-05-29 | 6.1 | CVE-2015-0756 CISCO |
| cisco — identity_services_engine_software | The web framework in Cisco Identity Services Engine (ISE) 1.2(1.901) and 1.3(0.722) does not properly implement session handlers, which allows remote attackers to obtain sensitive information by reading web pages, as demonstrated by MnT reports, aka Bug ID CSCuq23140. | 2015-05-29 | 5.0 | CVE-2015-0757 CISCO |
| cisco — unified_meetingplace | The web-based user interface in Cisco Unified MeetingPlace 8.6(1.9) allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka Bug ID CSCus97452. | 2015-05-30 | 4.0 | CVE-2015-0758 CISCO |
| cisco — headend_digital_broadband_delivery_system | Cross-site request forgery (CSRF) vulnerability in Cisco Headend Digital Broadband Delivery System allows remote attackers to hijack the authentication of arbitrary users. | 2015-06-02 | 6.8 | CVE-2015-0759 CISCO |
| cisco — adaptive_security_appliance_software | The IKEv1 implementation in Cisco ASA Software 7.x, 8.0.x, 8.1.x, and 8.2.x before 8.2.2.13 allows remote authenticated users to bypass XAUTH authentication via crafted IKEv1 packets, aka Bug ID CSCus47259. | 2015-06-04 | 4.0 | CVE-2015-0760 CISCO |
| cisco — unified_meetingplace | Cross-site scripting (XSS) vulnerability in the management interface in Cisco Unified MeetingPlace 8.6(1.2) and 8.6(1.9) for Microsoft Outlook allows remote attackers to inject arbitrary web script or HTML via a crafted value in a URL, aka Bug ID CSCuu51400. | 2015-06-04 | 4.3 | CVE-2015-0762 CISCO |
| cisco — unified_meetingplace | Cisco Unified MeetingPlace 8.6(1.2) does not properly validate session IDs in http URLs, which allows remote attackers to obtain sensitive session information via a crafted URL, aka Bug ID CSCuu60338. | 2015-06-04 | 5.0 | CVE-2015-0763 CISCO |
| cisco — unified_meetingplace | Cisco Unified MeetingPlace 8.6(1.9) allows remote attackers to read arbitrary files via a crafted resource request, aka Bug ID CSCus95603. | 2015-06-04 | 5.0 | CVE-2015-0764 CISCO |
| cisco — ons_15454_system_software | Cisco ONS 15454 System Software 10.30 and 10.301 allows remote attackers to cause a denial of service (tNetTask CPU consumption or card reset) via a flood of (1) IP or (2) Ethernet traffic, aka Bug ID CSCus57263. | 2015-06-04 | 5.0 | CVE-2015-0765 CISCO |
| cisco — firesight_system_software | Multiple cross-site scripting (XSS) vulnerabilities in the administrative web interface in the Management Center component in Cisco FireSIGHT System Software 6.0.0 allow remote attackers to inject arbitrary web script or HTML via unspecified fields, aka Bug IDs CSCus93566, CSCut31557, and CSCut47196. | 2015-06-04 | 4.3 | CVE-2015-0766 CISCO |
| djangoproject — django | The session.flush function in the cached_db backend in Django 1.8.x before 1.8.2 does not properly flush the session, which allows remote attackers to hijack user sessions via an empty string in the session key. | 2015-06-02 | 5.0 | CVE-2015-3982 CONFIRM |
| emc — rsa_web_threat_detection | Cross-site request forgery (CSRF) vulnerability in EMC RSA Web Threat Detection before 5.1 allows remote attackers to hijack the authentication of arbitrary users. | 2015-06-05 | 6.8 | CVE-2015-0541 BUGTRAQ |
| f21 — jwt | JWT.php in F21 JWT before 2.0 allows remote attackers to bypass signature verification via crafted tokens. | 2015-06-05 | 5.0 | CVE-2015-2951 CONFIRM JVNDB JVN |
| hp — smart_zero_core | Unspecified vulnerability in Easy Setup Wizard in HP ThinPro Linux 4.1 through 5.1 and Smart Zero Core 4.3 and 4.4 allows local users to bypass intended access restrictions and gain privileges via unknown vectors. | 2015-06-05 | 6.8 | CVE-2015-2124 HP |
| ibm — infosphere_master_data_management_server | Unspecified vulnerability in the Reference Data Management component in IBM InfoSphere Master Data Management 10.1, 11.0, 11.3 before FP3, and 11.4 allows remote authenticated users to gain privileges via unknown vectors. | 2015-06-02 | 6.5 | CVE-2015-1945 CONFIRM |
| ids — nc854 | Directory traversal vulnerability in the NC854 and NC856 modules for IDS RTU 850C devices allows remote authenticated users to read arbitrary files via unspecified vectors involving an internal web server, as demonstrated by reading a TELNET credentials file. | 2015-05-31 | 6.8 | CVE-2015-3939 MISC |
| moodle — moodle | mod/lti/ajax.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 does not consider the moodle/course:manageactivities and mod/lti:addinstance capabilities before proceeding with registered-tool list searches, which allows remote authenticated users to obtain sensitive information via requests to the LTI Ajax service. | 2015-06-01 | 4.0 | CVE-2015-0211 CONFIRM MLIST CONFIRM |
| moodle — moodle | Multiple cross-site request forgery (CSRF) vulnerabilities in (1) editcategories.html and (2) editcategories.php in the Glossary module in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allow remote attackers to hijack the authentication of unspecified victims. | 2015-06-01 | 6.8 | CVE-2015-0213 CONFIRM MLIST CONFIRM |
| moodle — moodle | message/externallib.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allows remote authenticated users to bypass a messaging-disabled setting via a web-services request, as demonstrated by a people-search request. | 2015-06-01 | 4.0 | CVE-2015-0214 CONFIRM MLIST CONFIRM |
| moodle — moodle | calendar/externallib.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allows remote authenticated users to obtain sensitive calendar-event information via a web-services request. | 2015-06-01 | 4.0 | CVE-2015-0215 CONFIRM MLIST CONFIRM |
| moodle — moodle | filter/mediaplugin/filter.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allows remote authenticated users to cause a denial of service (CPU consumption or partial outage) via a crafted string that is matched against an improper regular expression. | 2015-06-01 | 6.8 | CVE-2015-0217 CONFIRM MLIST CONFIRM |
| moodle — moodle | Cross-site request forgery (CSRF) vulnerability in auth/shibboleth/logout.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allows remote attackers to hijack the authentication of arbitrary users for requests that trigger a logout. | 2015-06-01 | 6.8 | CVE-2015-0218 CONFIRM MLIST CONFIRM |
| moodle — moodle | Directory traversal vulnerability in the min_get_slash_argument function in lib/configonlylib.php in Moodle through 2.5.9, 2.6.x before 2.6.8, 2.7.x before 2.7.5, and 2.8.x before 2.8.3 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the file parameter, as demonstrated by reading PHP scripts. | 2015-06-01 | 6.8 | CVE-2015-1493 CONFIRM MLIST MLIST CONFIRM CONFIRM |
| moodle — moodle | message/index.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 does not consider the moodle/site:readallmessages capability before accessing arbitrary conversations, which allows remote authenticated users to obtain sensitive personal-contact and unread-message-count information via a modified URL. | 2015-06-01 | 4.0 | CVE-2015-2266 CONFIRM MLIST CONFIRM |
| moodle — moodle | mdeploy.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 allows remote authenticated users to bypass intended access restrictions and extract archives to arbitrary directories via a crafted dataroot value. | 2015-06-01 | 4.0 | CVE-2015-2267 CONFIRM MLIST CONFIRM |
| moodle — moodle | filter/urltolink/filter.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 allows remote authenticated users to cause a denial of service (CPU consumption or partial outage) via a crafted string that is matched against an improper regular expression. | 2015-06-01 | 6.8 | CVE-2015-2268 CONFIRM MLIST CONFIRM |
| moodle — moodle | lib/moodlelib.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4, when the theme uses the blocks-regions feature, establishes the course state at an incorrect point in the login-validation process, which allows remote attackers to obtain sensitive course information via unspecified vectors. | 2015-06-01 | 4.3 | CVE-2015-2270 CONFIRM MLIST CONFIRM |
| moodle — moodle | tag/user.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 does not consider the moodle/tag:flag capability before proceeding with a flaginappropriate action, which allows remote authenticated users to bypass intended access restrictions via the “Flag as inappropriate” feature. | 2015-06-01 | 4.0 | CVE-2015-2271 CONFIRM MLIST CONFIRM |
| moodle — moodle | login/token.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 allows remote authenticated users to bypass a forced-password-change requirement by creating a web-services token. | 2015-06-01 | 4.0 | CVE-2015-2272 CONFIRM MLIST CONFIRM |
| moodle — moodle | Multiple open redirect vulnerabilities in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving an error page that links to a URL from an HTTP Referer header. | 2015-06-01 | 5.8 | CVE-2015-3175 CONFIRM MLIST CONFIRM |
| moodle — moodle | The account-confirmation feature in login/confirm.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 allows remote attackers to obtain sensitive full-name information by attempting to self-register. | 2015-06-01 | 4.3 | CVE-2015-3176 CONFIRM MLIST CONFIRM |
| moodle — moodle | lib/navigationlib.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 allows remote authenticated users to obtain sensitive course-structure information by leveraging access to a student account with a suspended enrolment. | 2015-06-01 | 4.0 | CVE-2015-3180 CONFIRM MLIST CONFIRM |
| moodle — moodle | files/externallib.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 does not consider the moodle/user:manageownfiles capability before approving a private-file upload, which allows remote authenticated users to bypass intended file-management restrictions by using web services to perform uploads after this capability has been revoked. | 2015-06-01 | 4.0 | CVE-2015-3181 CONFIRM MLIST CONFIRM |
| moxa — softcms | Stack-based buffer overflow in the OpenForIPCamTest method in the RTSPVIDEO.rtspvideoCtrl.1 (aka SStreamVideo) ActiveX control in Moxa SoftCMS before 1.3 allows remote attackers to execute arbitrary code via the StrRtspPath parameter. | 2015-06-05 | 6.8 | CVE-2015-1000 MISC MISC |
| open_explorer_beta_project — open_explorer_beta | Directory traversal vulnerability in the Brandon Bowles Open Explorer application before 0.254 Beta for Android allows remote attackers to write to arbitrary files via a crafted filename. | 2015-06-05 | 6.4 | CVE-2015-2950 JVNDB MISC JVN |
| paloaltonetworks — pan-os | XML external entity (XXE) vulnerability in the management interface in PAN-OS before 5.0.16, 6.x before 6.0.8, and 6.1.x before 6.1.4 allows remote authenticated administrators to obtain sensitive information via crafted XML data. | 2015-06-02 | 4.0 | CVE-2015-4162 CONFIRM |
| parityrate — roomcloud | Multiple cross-site scripting (XSS) vulnerabilities in roomcloud.php in the Roomcloud plugin before 1.3 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) pin, (2) start_day, (3) start_month, (4) start_year, (5) end_day, (6) end_month, (7) end_year, (8) lang, (9) adults, or (10) children parameter. | 2015-05-29 | 4.3 | CVE-2015-3904 CONFIRM CONFIRM BID FULLDISC MISC |
| rockwellautomation — rsview32 | Rockwell Automation RSView32 7.60.00 (aka CPR9 SR4) and earlier does not properly encrypt credentials, which allows local users to obtain sensitive information by reading a file and conducting a decryption attack. | 2015-05-31 | 4.9 | CVE-2015-1010 MISC MISC |
| sap — gui | The LZH decompression implementation (CsObjectInt::BuildHufTree function in vpa108csulzh.cpp) in SAP MaxDB 7.5 and 7.6, Netweaver Application Server ABAP, Netweaver Application Server Java, Netweaver RFC SDK, GUI, RFC SDK, SAPCAR archive tool, and other products allows context-dependent attackers to cause a denial of service (out-of-bounds read) via unspecified vectors, related to look-ups of non-simple codes, aka SAP Security Note 2124806, 2121661, 2127995, and 2125316. | 2015-06-02 | 5.0 | CVE-2015-2278 BUGTRAQ MISC FULLDISC FULLDISC MISC |
| sap — hana | The grant.xsfunc application in testApps/grantAccess/ in the XS Engine in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote authenticated users to spoof log entries via a crafted request, aka SAP Security Note 2109818. | 2015-05-29 | 4.0 | CVE-2015-3994 BUGTRAQ MISC FULLDISC MISC |
| sap — hana | SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote authenticated users to read arbitrary files via an IMPORT FROM SQL statement, aka SAP Security Note 2109565. | 2015-05-29 | 4.0 | CVE-2015-3995 BUGTRAQ MISC FULLDISC MISC |
| sap — content_server | SAP Content Server allows remote attackers to cause a denial of service (service termination) via unspecified vectors, aka SAP Security Note 2127995. | 2015-06-02 | 5.0 | CVE-2015-4157 FULLDISC |
| sap — netweaver_abap_application_server | SAP ABAP & Java Server allows remote attackers to cause a denial of service (service termination) via unspecified vectors, aka SAP Security Note 2121661. | 2015-06-02 | 5.0 | CVE-2015-4158 FULLDISC |
| sendio — sendio | Sendio before 7.2.4 includes the session identifier in URLs in emails, which allows remote attackers to obtain sensitive information and hijack sessions by reading the jsessionid parameter in the Referrer HTTP header. | 2015-06-02 | 5.0 | CVE-2014-0999 CONFIRM BUGTRAQ EXPLOIT-DB FULLDISC MISC |
| sendio — sendio | The Web interface in Sendio before 7.2.4 does not properly handle sessions, which allows remote authenticated users to obtain sensitive information from other users’ sessions via a large number of request. | 2015-06-02 | 4.0 | CVE-2014-8391 EXPLOIT-DB CONFIRM BUGTRAQ FULLDISC MISC |
| sensiolabs — symfony | FragmentListener in the HttpKernel component in Symfony 2.3.19 through 2.3.28, 2.4.9 through 2.4.10, 2.5.4 through 2.5.11, and 2.6.0 through 2.6.7, when ESI or SSI support enabled, does not check if the _controller attribute is set, which allows remote attackers to bypass URL signing and security rules by including (1) no hash or (2) an invalid hash in a request to /_fragment. | 2015-06-02 | 4.3 | CVE-2015-4050 DEBIAN CONFIRM |
| synology — cloud_station | client_chown in the sync client in Synology Cloud Station 1.1-2291 through 3.1-3320 on OS X allows local users to change the ownership of arbitrary files, and consequently obtain root access, by specifying a filename. | 2015-05-30 | 6.8 | CVE-2015-2851 CONFIRM CERT-VN |
| thycotic — password_manager_secret_server | The Thycotic Password Manager Secret Server application through 2.3 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 2015-06-02 | 5.8 | CVE-2015-4094 MISC |
| wpmembership — wpmembership | The WP Membership plugin 1.2.3 for WordPress allows remote authenticated users to gain administrator privileges via an iv_membership_update_user_settings action to wp-admin/admin-ajax.php. | 2015-06-03 | 6.5 | CVE-2015-4038 BUGTRAQ BUGTRAQ MISC |
| xen — xen | Xen 3.3.x through 4.5.x does not properly restrict write access to the host MSI message data field, which allows local x86 HVM guest administrators cause a denial of service (host interrupt handling confusion) via vectors related to qemu and accessing spanning multiple fields. | 2015-06-03 | 4.9 | CVE-2015-4103 CONFIRM |
| xen — xen | Xen 3.3.x through 4.5.x enables logging for PCI MSI-X pass-through error messages, which allows local x86 HVM guests to cause a denial of service (host disk consumption) via certain invalid operations. | 2015-06-03 | 4.9 | CVE-2015-4105 CONFIRM |
| xzeres — 442sr_os | Cross-site request forgery (CSRF) vulnerability in XZERES 442SR OS on 442SR wind turbines allows remote attackers to hijack the authentication of admins for requests that select a different default admin user via a GET request. | 2015-06-05 | 6.8 | CVE-2015-3950 MISC |
| zenphoto — zenphoto | Cross-site scripting (XSS) vulnerability in the image processor in Zenphoto before 1.4.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2015-05-31 | 4.3 | CVE-2015-2948 CONFIRM JVNDB JVN |
| zenphoto — zenphoto | Cross-site scripting (XSS) vulnerability in ZenPhoto20 1.1.3 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2015-05-31 | 4.3 | CVE-2015-2949 JVNDB JVN |
| zeromq — zeromq | libzmq before 4.0.6 and 4.1.x before 4.1.1 allows remote attackers to conduct downgrade attacks and bypass ZMPT v3 protocol security mechanisms via a ZMTP v2 or earlier header. | 2015-06-03 | 4.3 | CVE-2014-9721 CONFIRM CONFIRM DEBIAN |
Low Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| gnu — parallel | GNU Parallel before 20150422, when using (1) –pipe, (2) –tmux, (3) –cat, (4) –fifo, or (5) –compress, allows local users to write to arbitrary files via a symlink attack on a temporary file. | 2015-06-02 | 3.6 | CVE-2015-4155 MLIST MLIST |
| gnu — parallel | GNU Parallel before 20150522 (Nepal), when using (1) –cat or (2) –fifo with –sshlogin, allows local users to write to arbitrary files via a symlink attack on a temporary file. | 2015-06-02 | 3.6 | CVE-2015-4156 SUSE MLIST MLIST |
| ibm — rational_doors_next_generation | IBM Rational Requirements Composer 3.0 through 3.0.1.6 and 4.0 through 4.0.7 and Rational DOORS Next Generation (RDNG) 4.0 through 4.0.7 and 5.0 through 5.0.2, when LTPA single sign on is used with WebSphere Application Server, do not terminate a Requirements Management (RM) session upon LTPA token expiration, which allows remote attackers to obtain access by leveraging an unattended workstation. | 2015-05-30 | 3.7 | CVE-2015-0121 CONFIRM |
| ibm — business_process_manager | Cross-site scripting (XSS) vulnerability in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, and 8.5.x through 8.5.5.0 and WebSphere Lombardi Edition (WLE) 7.2.x through 7.2.0.5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL that triggers an error condition. | 2015-05-30 | 3.5 | CVE-2015-0193 CONFIRM AIXAPAR |
| ibm — websphere_commerce | IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x before 7.0.0.8 IF2 allows local users to obtain sensitive database information via unspecified vectors. | 2015-05-29 | 2.1 | CVE-2015-0200 CONFIRM AIXAPAR AIXAPAR |
| moodle — moodle | Cross-site scripting (XSS) vulnerability in course/pending.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted course summary. | 2015-06-01 | 3.5 | CVE-2015-0212 CONFIRM MLIST CONFIRM |
| moodle — moodle | access.php in the Lesson module in Moodle 2.8.x before 2.8.2 does not set the RISK_XSS bit for graders, which allows remote authenticated users to conduct cross-site scripting (XSS) attacks via crafted essay feedback. | 2015-06-01 | 3.5 | CVE-2015-0216 CONFIRM MLIST CONFIRM |
| moodle — moodle | Multiple cross-site scripting (XSS) vulnerabilities in lib/javascript-static.js in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 allow remote authenticated users to inject arbitrary web script or HTML via a (1) alt or (2) title attribute in an IMG element. | 2015-06-01 | 3.5 | CVE-2015-2269 CONFIRM MLIST CONFIRM |
| moodle — moodle | Cross-site scripting (XSS) vulnerability in mod/quiz/report/statistics/statistics_question_table.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 allows remote authenticated users to inject arbitrary web script or HTML by leveraging the student role for a crafted quiz response. | 2015-06-01 | 3.5 | CVE-2015-2273 CONFIRM MLIST CONFIRM |
| moodle — moodle | mod/quiz/db/access.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 does not set the RISK_XSS bit for graders, which allows remote authenticated users to conduct cross-site scripting (XSS) attacks via crafted gradebook feedback during manual quiz grading. | 2015-06-01 | 3.5 | CVE-2015-3174 CONFIRM MLIST CONFIRM |
| moodle — moodle | Moodle 2.8.x before 2.8.6 does not consider the tool/monitor:subscribe capability before entering subscriptions to site-wide event-monitor rules, which allows remote authenticated users to obtain sensitive information via a subscription request. | 2015-06-01 | 3.5 | CVE-2015-3177 CONFIRM MLIST CONFIRM |
| moodle — moodle | Cross-site scripting (XSS) vulnerability in the external_format_text function in lib/externallib.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 allows remote authenticated users to inject arbitrary web script or HTML into an external application via a crafted string that is visible to web services. | 2015-06-01 | 3.5 | CVE-2015-3178 CONFIRM MLIST CONFIRM |
| moodle — moodle | login/confirm.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 allows remote authenticated users to bypass intended login restrictions by leveraging access to an unconfirmed suspended account. | 2015-06-01 | 3.5 | CVE-2015-3179 CONFIRM MLIST CONFIRM |
This product is provided subject to this Notification and this Privacy & Use policy.