Category Archives: Uncategorized

SB15-327: Vulnerability Summary for the Week of November 16, 2015

Original release date: November 23, 2015

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0

  • Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9

  • Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
adobe — premiere_clip The Adobe Premiere Clip app before 1.2.1 for iOS mishandles unspecified input, which has unknown impact and attack vectors. 2015-11-18 10.0 CVE-2015-8051
CONFIRM
arista — eos Arista EOS before 4.11.12, 4.12 before 4.12.11, 4.13 before 4.13.14M, 4.14 before 4.14.5FX.5, and 4.15 before 4.15.0FX1.1 allows remote attackers to execute arbitrary code as root by leveraging management-plane access, aka Bug 138716. 2015-11-19 10.0 CVE-2015-8236
CONFIRM
cisco — aironet_access_point_software Cisco Aironet 1800 devices with software 8.1(131.0) allow remote attackers to cause a denial of service (CPU consumption) by improperly establishing many SSHv2 connections, aka Bug ID CSCux13374. 2015-11-13 7.8 CVE-2015-6367
CISCO
cisco — firepower_extensible_operating_system The Management I/O (MIO) component in Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower 9000 devices allows local users to execute arbitrary OS commands as root via crafted CLI input, aka Bug ID CSCux10578. 2015-11-18 7.2 CVE-2015-6370
CISCO
dameware — mini_remote_control Stack-based buffer overflow in the URI handler in DWRCC.exe in SolarWinds DameWare Mini Remote Control before 12.0 HotFix 1 allows remote attackers to execute arbitrary code via a crafted commandline argument in a link. 2015-11-17 7.5 CVE-2015-8220
CONFIRM
MISC
dracut_project — dracut modules.d/90crypt/module-setup.sh in the dracut package before 037-17.30.1 in openSUSE 13.2 allows local users to have unspecified impact via a symlink attack on /tmp/dracut_block_uuid.map. 2015-11-19 7.2 CVE-2015-0794
SUSE
MLIST
MLIST
exemys — telemetry_web_server Exemys Telemetry Web Server relies on an HTTP Location header to indicate that a client is unauthorized, which allows remote attackers to bypass intended access restrictions by disregarding this header and processing the response body. 2015-11-19 7.8 CVE-2015-7910
MISC
ffmpeg — ffmpeg The ljpeg_decode_yuv_scan function in libavcodec/mjpegdec.c in FFmpeg before 2.8.2 omits certain width and height checks, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted MJPEG data. 2015-11-16 7.5 CVE-2015-8216
CONFIRM
ffmpeg — ffmpeg The ff_hevc_parse_sps function in libavcodec/hevc_ps.c in FFmpeg before 2.8.2 does not validate the Chroma Format Indicator, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted High Efficiency Video Coding (HEVC) data. 2015-11-16 7.5 CVE-2015-8217
CONFIRM
ffmpeg — ffmpeg The init_tile function in libavcodec/jpeg2000dec.c in FFmpeg before 2.8.2 does not enforce minimum-value and maximum-value constraints on tile coordinates, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JPEG 2000 data. 2015-11-16 7.5 CVE-2015-8219
CONFIRM
google — picasa Integer overflow in Google Picasa before 3.9.140 Build 259 allows remote attackers to execute arbitrary code via the CAMF section in a FOVb image, which triggers a heap-based buffer overflow. 2015-11-17 10.0 CVE-2015-8221
BUGTRAQ
MISC
MISC
huawei — espace_firmware An unspecified module in Huawei eSpace U1910, U1911, U1930, U1960, U1980, and U1981 unified gateways with software before V200R003C00SPC300 does not properly initialize memory when processing timeout messages, which allows remote attackers to cause a denial of service (out-of-bounds memory access and device restart) via unknown vectors. 2015-11-19 7.8 CVE-2015-8083
CONFIRM
ibm — websphere_portal IBM WebSphere Portal 8.0.0.1 before CF19 and 8.5.0 before CF09 allows remote attackers to cause a denial of service (memory consumption) via crafted requests. 2015-11-13 7.8 CVE-2015-7419
CONFIRM
AIXAPAR
mega-nerd — libsndfile Heap-based buffer overflow in libsndfile 1.0.25 allows remote attackers to have unspecified impact via the headindex value in the header in an AIFF file. 2015-11-17 9.3 CVE-2015-7805
EXPLOIT-DB
MLIST
MLIST
MISC
MISC
SUSE
FEDORA
oracle — weblogic_server The WLS Security component in Oracle WebLogic Server 10.3.6.0, 12.1.2.0, 12.1.3.0, and 12.2.1.0 allows remote attackers to execute arbitrary commands via a crafted serialized Java object in T3 protocol traffic to TCP port 7001, related to oracle_common/modules/com.bea.core.apache.commons.collections.jar. NOTE: the scope of this CVE is limited to the WebLogic Server product. 2015-11-18 7.5 CVE-2015-4852
MISC
CONFIRM
CONFIRM
MLIST
MISC
piwik — piwik Directory traversal vulnerability in core/ViewDataTable/Factory.php in Piwik before 2.15.0 allows remote attackers to include and execute arbitrary local files via the viewDataTable parameter. 2015-11-16 7.5 CVE-2015-7815
CONFIRM
BUGTRAQ
FULLDISC
MISC
MISC
piwik — piwik The DisplayTopKeywords function in plugins/Referrers/Controller.php in Piwik before 2.15.0, which allows remote attackers to conduct PHP object injection attacks, conduct Server-Side Request Forgery (SSRF) attacks, and execute arbitrary PHP code via a crafted HTTP header. 2015-11-16 7.5 CVE-2015-7816
CONFIRM
BUGTRAQ
FULLDISC
MISC
MISC
samsung — galaxy_s6 The media scanning functionality in the face recognition library in android.media.process in Samsung Galaxy S6 Edge before G925VVRU4B0G9 allows remote attackers to gain privileges or cause a denial of service (memory corruption) via a crafted BMP image file. 2015-11-16 7.5 CVE-2015-7897
EXPLOIT-DB
MISC
MISC
MISC
schneider-electric — imt25_magnetic_flow_dtm Buffer overflow in Schneider Electric IMT25 Magnetic Flow DTM before 1.500.004 for the HART Protocol allows remote authenticated users to execute arbitrary code or cause a denial of service (memory corruption) via a crafted HART reply. 2015-11-14 7.7 CVE-2015-3977
MISC
CONFIRM
sudo_project — sudo sudoedit in Sudo before 1.8.15 allows local users to gain privileges via a symlink attack on a file whose full path is defined using multiple wildcards in /etc/sudoers, as demonstrated by “/home/*/*/file.txt.” 2015-11-17 7.2 CVE-2015-5602
EXPLOIT-DB
CONFIRM
FEDORA
FEDORA
CONFIRM

Back to top

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
adobe — coldfusion Adobe BlazeDS, as used in ColdFusion 10 before Update 18 and 11 before Update 7 and LiveCycle Data Services 3.0.x before 3.0.0.354175, 3.1.x before 3.1.0.354180, 4.5.x before 4.5.1.354177, 4.6.2.x before 4.6.2.354178, and 4.7.x before 4.7.0.354178, allows remote attackers to send HTTP traffic to intranet servers via a crafted XML document, related to a Server-Side Request Forgery (SSRF) issue. 2015-11-18 4.3 CVE-2015-5255
CONFIRM
CONFIRM
adobe — coldfusion Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 10 before Update 18 and 11 before Update 7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-8053. 2015-11-18 4.3 CVE-2015-8052
CONFIRM
adobe — coldfusion Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 10 before Update 18 and 11 before Update 7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-8052. 2015-11-18 4.3 CVE-2015-8053
CONFIRM
apache — cxf The SAML Web SSO module in Apache CXF before 2.7.18, 3.0.x before 3.0.7, and 3.1.x before 3.1.3 allows remote authenticated users to bypass authentication via a crafted SAML response with a valid signed assertion, related to a “wrapping attack.” 2015-11-18 4.0 CVE-2015-5253
CONFIRM
SECTRACK
MLIST
CONFIRM
atutor — atutor Unrestricted file upload vulnerability in mods/_core/properties/lib/course.inc.php in ATutor before 2.2 patch 6 allows remote authenticated users to execute arbitrary PHP code by uploading a file with a PHP extension as a customicon for a new course, then accessing it via a direct request to the file in content/. 2015-11-16 6.5 CVE-2014-9752
BUGTRAQ
CONFIRM
FULLDISC
MISC
MISC
atutor — atutor Multiple eval injection vulnerabilities in mods/_standard/gradebook/edit_marks.php in ATutor 2.2 and earlier allow remote authenticated users with the AT_PRIV_GRADEBOOK privilege to execute arbitrary PHP code via the (1) asc or (2) desc parameter. 2015-11-16 6.5 CVE-2015-7712
BUGTRAQ
FULLDISC
MISC
MISC
bastian_allgeier — kirby Unrestricted file upload vulnerability in the Panel component in Bastian Allgeier Kirby before 2.1.2 allows remote authenticated users to execute arbitrary PHP code by uploading a file that lacks an extension, and then renaming this file to have a .php extension. 2015-11-19 6.5 CVE-2015-7773
CONFIRM
JVNDB
JVN
blackberry — enterprise_server The Management Console in BlackBerry Enterprise Server (BES) 12 before 12.2 does not properly restrict use of FRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site, related to a “cross frame scripting” issue. 2015-11-19 4.3 CVE-2015-4112
CONFIRM
canonical — ubuntu_linux The lxd-unix.socket systemd unit file in the Ubuntu lxd package before 0.20-0ubuntu4.1 uses world-readable permissions for /var/lib/lxd/unix.socket, which allows local users to gain privileges via unspecified vectors. 2015-11-17 4.6 CVE-2015-8222
UBUNTU
CONFIRM
CONFIRM
cisco — prime_collaboration_assurance Cross-site request forgery (CSRF) vulnerability in Cisco Prime Collaboration Assurance 10.5(1) and 10.6 allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCus62712. 2015-11-18 6.8 CVE-2015-6330
CISCO
cisco — firesight_system_software The rule-update feature in Cisco FireSIGHT Management Center (MC) 5.2 through 5.4.0.1 does not verify the X.509 certificate of the support.sourcefire.com SSL server, which allows man-in-the-middle attackers to spoof this server and provide an invalid package, and consequently execute arbitrary code, via a crafted certificate, aka Bug ID CSCuw06444. 2015-11-18 6.8 CVE-2015-6357
CISCO
cisco — videoscape_distribution_suite_service_manager Cisco Content Delivery System Manager Software 3.2 on Videoscape Distribution Suite Service Manager allows remote attackers to obtain sensitive information via crafted URLs in REST API requests, aka Bug ID CSCuv86960. 2015-11-13 5.0 CVE-2015-6364
CISCO
cisco — ios Cisco IOS 15.2(04)M and 15.4(03)M lets physical-interface ACLs supersede virtual PPP interface ACLs, which allows remote authenticated users to bypass intended network-traffic restrictions in opportunistic circumstances by using PPP, aka Bug ID CSCur61303. 2015-11-13 4.0 CVE-2015-6365
CISCO
cisco — firepower_extensible_operating_system Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower 9000 devices allows remote attackers to read files via a crafted HTTP request, aka Bug ID CSCux10608. 2015-11-18 5.0 CVE-2015-6368
CISCO
cisco — firepower_extensible_operating_system The USB driver in Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower 9000 devices allows physically proximate attackers to cause a denial of service via a crafted USB device that triggers invalid USB commands, aka Bug ID CSCux10531. 2015-11-18 4.9 CVE-2015-6369
CISCO
cisco — firepower_extensible_operating_system Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower 9000 devices allows remote authenticated users to read arbitrary files via crafted parameters to unspecified scripts, aka Bug ID CSCux10621. 2015-11-18 4.0 CVE-2015-6371
CISCO
cisco — firepower_extensible_operating_system Cross-site scripting (XSS) vulnerability in the web-based management interface in Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower 9000 devices allows remote attackers to inject arbitrary web script or HTML via a crafted value, aka Bug ID CSCux10614. 2015-11-18 4.3 CVE-2015-6372
CISCO
cisco — firepower_extensible_operating_system Cross-site request forgery (CSRF) vulnerability in Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower 9000 devices allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCux10611. 2015-11-18 6.8 CVE-2015-6373
CISCO
cisco — firepower_extensible_operating_system The web interface in Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower 9000 devices does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, aka Bug ID CSCux10604. 2015-11-18 4.3 CVE-2015-6374
CISCO
citrix — netscaler_application_delivery_controller_firmware The Nitro API in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.1 Build 133.9, 10.5 before Build 58.11, and 10.5.e before Build 56.1505.e on NetScaler Service Delivery Appliance Service VM (SVM) devices allow attackers to obtain credentials via the browser cache. 2015-11-17 5.0 CVE-2015-7996
CONFIRM
citrix — netscaler_application_delivery_controller_firmware Multiple cross-site scripting (XSS) vulnerabilities in the Nitro API in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.1 Build 133.9, 10.5 before Build 58.11, and 10.5.e before Build 56.1505.e on NetScaler Service Delivery Appliance Service VM (SVM) devices allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2015-11-17 4.3 CVE-2015-7997
CONFIRM
citrix — netscaler_application_delivery_controller_firmware The administration UI in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.1 Build 133.9, 10.5 before Build 58.11, and 10.5.e before Build 56.1505.e on NetScaler Service Delivery Appliance Service VM (SVM) devices allows attackers to obtain sensitive information via unspecified vectors. 2015-11-17 5.0 CVE-2015-7998
CONFIRM
d-link — dir-816l_firmware Multiple cross-site request forgery (CSRF) vulnerabilities in the D-Link DIR-816L Wireless Router with firmware before 2.06.B09_BETA allow remote attackers to hijack the authentication of administrators for requests that (1) change the admin password, (2) change the network policy, or (3) possibly have other unspecified impact via crafted requests to hedwig.cgi and pigwidgeon.cgi. 2015-11-18 6.8 CVE-2015-5999
BUGTRAQ
FULLDISC
MISC
CONFIRM
ffmpeg — ffmpeg The decode_uncompressed function in libavcodec/faxcompr.c in FFmpeg before 2.8.2 does not validate uncompressed runs, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted CCITT FAX data. 2015-11-16 6.8 CVE-2015-8218
CONFIRM
gentoo — libsndfile The psf_fwrite function in file_io.c in libsndfile allows attackers to cause a denial of service (divide-by-zero error and application crash) via unspecified vectors related to the headindex variable. 2015-11-19 5.0 CVE-2014-9756
CONFIRM
CONFIRM
MLIST
MLIST
SUSE
gnome — networkmanager GNOME NetworkManager allows remote attackers to cause a denial of service (IPv6 traffic disruption) via a crafted MTU value in an IPv6 Router Advertisement (RA) message, a different vulnerability than CVE-2015-8215. 2015-11-17 5.0 CVE-2015-0272
CONFIRM
BID
CONFIRM
gnu — gcc The std::random_device class in libstdc++ in the GNU Compiler Collection (aka GCC) before 4.9.4 does not properly handle short reads from blocking sources, which makes it easier for context-dependent attackers to predict the random values via unspecified vectors. 2015-11-17 5.0 CVE-2015-5276
CONFIRM
CONFIRM
SUSE
horde — groupware Multiple cross-site request forgery (CSRF) vulnerabilities in Horde before 5.2.8, Horde Groupware before 5.2.11, and Horde Groupware Webmail Edition before 5.2.11 allow remote attackers to hijack the authentication of administrators for requests that execute arbitrary (1) commands via the cmd parameter to admin/cmdshell.php, (2) SQL queries via the sql parameter to admin/sqlshell.php, or (3) PHP code via the php parameter to admin/phpshell.php. 2015-11-19 6.8 CVE-2015-7984
MISC
DEBIAN
MLIST
MLIST
MLIST
huawei — espace_firmware The exception handling mechanism in the CLI Module in Huawei eSpace U1910, U1911, U1930, U1960, U1980, and U1981 unified gateways with software before V100R001C20SPH605 allows remote attackers to cause a denial of service (CLI outage) via crafted SSH packets. 2015-11-19 5.0 CVE-2015-7845
CONFIRM
huawei — ne_router_software Huawei NE20E-S, NE40E-M, and NE40E-M2 routers with software before V800R007C10SPC100 and NE40E and NE80E routers with software before V800R007C00SPC100 allows remote attackers to send packets to other VPNs and conduct flooding attacks via a crafted MPLS forwarding packet, aka a “VPN routing and forwarding (VRF) hopping vulnerability.” 2015-11-19 5.0 CVE-2015-8087
CONFIRM
ibm — datapower_gateway IBM DataPower Gateway appliances with firmware 6.x before 6.0.0.17, 6.0.1.x before 6.0.1.17, 7.x before 7.0.0.10, 7.1.0.x before 7.1.0.7, and 7.2.x before 7.2.0.1 do not set the secure flag for unspecified cookies in an https session, which makes it easier for remote attackers to capture these cookies by intercepting their transmission within an http session. 2015-11-13 5.0 CVE-2015-7427
CONFIRM
AIXAPAR
ipsilon_project — ipsilon providers/saml2/admin.py in the Identity Provider (IdP) server in Ipsilon 0.1.0 before 1.0.1 does not properly check permissions to update the SAML2 Service Provider (SP) owner, which allows remote authenticated users to cause a denial of service via a duplicate SP name. 2015-11-17 4.0 CVE-2015-5217
CONFIRM
CONFIRM
CONFIRM
MLIST
ipsilon_project — ipsilon providers/saml2/admin.py in the Identity Provider (IdP) server in Ipsilon 0.1.0 before 1.0.2 and 1.1.x before 1.1.1 does not properly check permissions, which allows remote authenticated users to cause a denial of service by deleting a SAML2 Service Provider (SP). 2015-11-17 5.5 CVE-2015-5301
CONFIRM
CONFIRM
CONFIRM
CONFIRM
MLIST
linux — linux_kernel The prepend_path function in fs/dcache.c in the Linux kernel before 4.2.4 does not properly handle rename actions inside a bind mount, which allows local users to bypass an intended container protection mechanism by renaming a directory, related to a “double-chroot attack.” 2015-11-16 6.9 CVE-2015-2925
CONFIRM
CONFIRM
CONFIRM
CONFIRM
MLIST
CONFIRM
CONFIRM
MLIST
MLIST
CONFIRM
CONFIRM
linux — linux_kernel drivers/usb/serial/whiteheat.c in the Linux kernel before 4.2.4 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact via a crafted USB device. 2015-11-16 4.9 CVE-2015-5257
CONFIRM
CONFIRM
MLIST
CONFIRM
CONFIRM
linux — linux_kernel The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host OS panic or hang) by triggering many #AC (aka Alignment Check) exceptions, related to svm.c and vmx.c. 2015-11-16 4.9 CVE-2015-5307
CONFIRM
CONFIRM
CONFIRM
MLIST
CONFIRM
linux — linux_kernel Multiple race conditions in the Advanced Union Filesystem (aufs) aufs3-mmap.patch and aufs4-mmap.patch patches for the Linux kernel 3.x and 4.x allow local users to cause a denial of service (use-after-free and BUG) or possibly gain privileges via a (1) madvise or (2) msync system call, related to mm/madvise.c and mm/msync.c. 2015-11-16 4.4 CVE-2015-7312
MLIST
MLIST
linux — linux_kernel The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host OS panic or hang) by triggering many #DB (aka Debug) exceptions, related to svm.c. 2015-11-16 4.7 CVE-2015-8104
CONFIRM
CONFIRM
CONFIRM
MLIST
CONFIRM
linux — linux_kernel net/ipv6/addrconf.c in the IPv6 stack in the Linux kernel before 4.0 does not validate attempted changes to the MTU value, which allows context-dependent attackers to cause a denial of service (packet loss) via a value that is (1) smaller than the minimum compliant value or (2) larger than the MTU of an interface, as demonstrated by a Router Advertisement (RA) message that is not validated by a daemon, a different vulnerability than CVE-2015-0272. NOTE: the scope of CVE-2015-0272 is limited to the NetworkManager product. 2015-11-16 5.0 CVE-2015-8215
CONFIRM
MISC
CONFIRM
CONFIRM
CONFIRM
newphoria_corporation — applican Cross-site scripting (XSS) vulnerability in the runtime engine in the Newphoria applican framework before 1.13.0 for Android and iOS allows remote attackers to inject arbitrary web script or HTML via a crafted SSID that is encountered by an applican application, a different vulnerability than CVE-2015-7772. 2015-11-19 4.3 CVE-2015-7771
JVNDB
JVN
CONFIRM
newphoria_corporation — applican Cross-site scripting (XSS) vulnerability in the runtime engine in the Newphoria applican framework before 1.13.0 for Android and iOS allows remote attackers to inject arbitrary web script or HTML via a crafted URL that triggers WebView anchor attachment in an applican application, a different vulnerability than CVE-2015-7771. 2015-11-19 4.3 CVE-2015-7772
JVNDB
JVN
CONFIRM
open-xchange — ox_guard Cross-site scripting (XSS) vulnerability in Open-Xchange OX Guard before 2.0.0-rev11 allows remote attackers to inject arbitrary web script or HTML via the uid field in a PGP public key, which is not properly handled in “Guard PGP Settings.” 2015-11-19 4.3 CVE-2015-7385
CONFIRM
MISC
pc-egg — pwebmanager PC-EGG pWebManager before 3.3.10, and before 2.2.2 for PHP 4.x, allows remote authenticated users to execute arbitrary OS commands by leveraging the editor role. 2015-11-13 6.5 CVE-2015-7774
CONFIRM
JVNDB
JVN
powerdns — authoritative PowerDNS (aka pdns) Authoritative Server 3.4.4 before 3.4.7 allows remote attackers to cause a denial of service (assertion failure and server crash) via crafted query packets. 2015-11-17 5.0 CVE-2015-5311
CONFIRM
SECTRACK
MLIST
strongswan — strongswan The server implementation of the EAP-MSCHAPv2 protocol in the eap-mschapv2 plugin in strongSwan 4.2.12 through 5.x before 5.3.4 does not properly validate local state, which allows remote attackers to bypass authentication via an empty Success message in response to an initial Challenge message. 2015-11-18 5.0 CVE-2015-8023
CONFIRM
UBUNTU
DEBIAN
tibco — loglogic_unity The Web Server component in TIBCO LogLogic Unity before 1.1.1 allows remote authenticated users to gain privileges, and consequently obtain sensitive information, via an HTTP request. 2015-11-18 4.0 CVE-2015-8090
CONFIRM
CONFIRM
uc_profile_project — uc_profile The UC Profile module 6.x-1.x before 6.x-1.3 for Drupal does not properly check access to profiles in certain circumstances, which might allow remote attackers to obtain sensitive information from the anonymous user profile via unspecified vectors. 2015-11-17 4.3 CVE-2015-8232
MISC
CONFIRM
wireshark — wireshark The pcapng_read_if_descr_block function in wiretap/pcapng.c in the pcapng parser in Wireshark 1.12.x before 1.12.8 uses too many levels of pointer indirection, which allows remote attackers to cause a denial of service (incorrect free and application crash) via a crafted packet that triggers interface-filter copying. 2015-11-14 4.3 CVE-2015-7830
CONFIRM
CONFIRM
CONFIRM
xen — xen The hypercall_create_continuation function in arch/arm/domain.c in Xen 4.4.x through 4.6.x allows local guest users to cause a denial of service (host crash) via a preemptable hypercall to the multicall interface. 2015-11-17 4.9 CVE-2015-7812
CONFIRM
SECTRACK
xmlsoft — libxml2 libxml2 2.9.2 does not properly stop parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and libxml2 crash) via crafted XML data to the (1) xmlParseEntityDecl or (2) xmlParseConditionalSections function in parser.c, as demonstrated by non-terminated entities. 2015-11-18 4.3 CVE-2015-7941
CONFIRM
CONFIRM
CONFIRM
UBUNTU
MLIST
MLIST
xmlsoft — libxml2 The xmlParseConditionalSections function in parser.c in libxml2 does not properly skip intermediary entities when it stops parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via crafted XML data, a different vulnerability than CVE-2015-7941. 2015-11-18 6.8 CVE-2015-7942
CONFIRM
CONFIRM
UBUNTU
MLIST
MLIST
xmlsoft — libxslt The xsltStylePreCompute function in preproc.c in libxslt 1.1.28 does not check if the parent node is an element, which allows attackers to cause a denial of service via a crafted XML file, related to a “type confusion” issue. 2015-11-17 5.0 CVE-2015-7995
CONFIRM
CONFIRM
BID
MLIST
MLIST

Back to top

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
apple — apple_remote_desktop The Remote Desktop full-screen feature in Apple OS X before 10.9 and Apple Remote Desktop before 3.7 sends dialog-box text to a connected remote host upon being woken from sleep, which allows physically proximate attackers to bypass intended access restrictions by entering a command in this box. 2015-11-13 3.7 CVE-2013-5229
JVNDB
JVN
CONFIRM
emc — vplex_geosynchrony The default configuration of EMC VPLEX GeoSynchrony 5.4 SP1 before P3 stores cleartext NAVISPHERE GUI passwords in a log file, which allows local users to obtain sensitive information by reading this file. 2015-11-18 2.1 CVE-2015-6847
BUGTRAQ
ibm — tivoli_storage_flashcopy_manager IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server (aka Spectrum Protect for Databases) 5.5 before 5.5.6.2, 6.3 before 6.3.1.6, 6.4 before 6.4.1.8, and 7.1 before 7.1.4; Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server (aka Spectrum Protect for Mail) 5.5 before 5.5.1.1, 6.1 and 6.3 before 6.3.1.6, 6.4 before 6.4.1.8, and 7.1 before 7.1.4; and Tivoli Storage FlashCopy Manager for Windows (aka Spectrum Protect Snapshot) 2.x and 3.1 before 3.1.1.6, 3.2 before 3.2.1.8, and 4.1 before 4.1.4, when application tracing is configured, write cleartext passwords during changetsmpassword command execution, which allows local users to obtain sensitive information by reading the application trace output. 2015-11-13 1.9 CVE-2015-7404
CONFIRM
AIXAPAR
linux — linux_kernel The key_gc_unused_keys function in security/keys/gc.c in the Linux kernel through 4.2.6 allows local users to cause a denial of service (OOPS) via crafted keyctl commands. 2015-11-16 2.1 CVE-2015-7872
CONFIRM
CONFIRM
CONFIRM
CONFIRM
MLIST
CONFIRM
CONFIRM
mayo_project — mayo Cross-site scripting (XSS) vulnerability in the MAYO theme 7.x-1.x before 7.x-1.4 and 7.x-2.x before 7.x-2.6 for Drupal allows remote administrators with the “Administer themes” permission to inject arbitrary web script or HTML via unspecified vectors related to theme settings. 2015-11-17 2.6 CVE-2015-8233
MISC
CONFIRM
CONFIRM
networkmanager_project — networkmanager The receive_ra function in rdisc/nm-lndp-rdisc.c in the Neighbor Discovery (ND) protocol implementation in the IPv6 stack in NetworkManager 1.x allows remote attackers to reconfigure a hop-limit setting via a small hop_limit value in a Router Advertisement (RA) message, a similar issue to CVE-2015-2922. 2015-11-16 3.3 CVE-2015-2924
MLIST
xmlsoft — libxml2 The xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly detect compression errors, which allows context-dependent attackers to cause a denial of service (process hang) via crafted XML data. 2015-11-18 2.6 CVE-2015-8035
CONFIRM
UBUNTU
MLIST
MLIST
MLIST

Back to top


This product is provided subject to this Notification and this Privacy & Use policy.

ClipperCMS 1.3.0: SQL Injection

Posted by Curesec Research Team (CRT) on Nov 14

Security Advisory – Curesec Research Team

1. Introduction

Affected Product: ClipperCMS 1.3.0
Fixed in: not fixed
Fixed Version Link: n/a
Vendor Website: http://www.clippercms.com/
Vulnerability Type: SQL Injection
Remote Exploitable: Yes
Reported to vendor: 10/02/2015
Disclosed to public: 11/13/2015
Release mode: Full Disclosure
CVE: n/a
Credits Tim Coen of Curesec GmbH

2. Overview…

ClipperCMS 1.3.0: SQL Injection

Posted by Curesec Research Team (CRT) on Nov 14

Security Advisory – Curesec Research Team

1. Introduction

Affected Product: ClipperCMS 1.3.0
Fixed in: not fixed
Fixed Version Link: n/a
Vendor Website: http://www.clippercms.com/
Vulnerability Type: SQL Injection
Remote Exploitable: Yes
Reported to vendor: 10/02/2015
Disclosed to public: 11/13/2015
Release mode: Full Disclosure
CVE: n/a
Credits Tim Coen of Curesec GmbH

2. Overview…

ClipperCMS 1.3.0: SQL Injection

Posted by Curesec Research Team (CRT) on Nov 14

Security Advisory – Curesec Research Team

1. Introduction

Affected Product: ClipperCMS 1.3.0
Fixed in: not fixed
Fixed Version Link: n/a
Vendor Website: http://www.clippercms.com/
Vulnerability Type: SQL Injection
Remote Exploitable: Yes
Reported to vendor: 10/02/2015
Disclosed to public: 11/13/2015
Release mode: Full Disclosure
CVE: n/a
Credits Tim Coen of Curesec GmbH

2. Overview…