ECI Blog @WordPress

Latest news from the ECI Networks Group

(SB15-040) Vulnerability Summary for the Week of February 2, 2015

Original release date: February 09, 2015

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week.

The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0
  • Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9
  • Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
adobe — acrobat CoolType.dll in Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows, and 10.x through 10.1.13 and 11.x through 11.0.10 on OS X, allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted PDF document. 2015-01-30 9.3 CVE-2014-9161
MISC (link is external)
adobe — flash_player Unspecified vulnerability in Adobe Flash Player through 13.0.0.264 and 14.x, 15.x, and 16.x through 16.0.0.296 on Windows and OS X and through 11.2.202.440 on Linux allows remote attackers to execute arbitrary code via unknown vectors, as exploited in the wild in February 2015. 2015-02-02 10.0 CVE-2015-0313
SECTRACK (link is external)
BID (link is external)
SECUNIA (link is external)
adobe — flash_player Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0316, CVE-2015-0318, CVE-2015-0321, CVE-2015-0329, and CVE-2015-0330. 2015-02-05 10.0 CVE-2015-0314
adobe — flash_player Use-after-free vulnerability in Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0313, CVE-2015-0320, and CVE-2015-0322. 2015-02-05 10.0 CVE-2015-0315
adobe — flash_player Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0314, CVE-2015-0318, CVE-2015-0321, CVE-2015-0329, and CVE-2015-0330. 2015-02-05 10.0 CVE-2015-0316
adobe — flash_player Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to execute arbitrary code by leveraging an unspecified “type confusion,” a different vulnerability than CVE-2015-0319. 2015-02-05 10.0 CVE-2015-0317
adobe — flash_player Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0314, CVE-2015-0316, CVE-2015-0321, CVE-2015-0329, and CVE-2015-0330. 2015-02-05 10.0 CVE-2015-0318
adobe — flash_player Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to execute arbitrary code by leveraging an unspecified “type confusion,” a different vulnerability than CVE-2015-0317. 2015-02-05 10.0 CVE-2015-0319
adobe — flash_player Use-after-free vulnerability in Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0313, CVE-2015-0315, and CVE-2015-0322. 2015-02-05 10.0 CVE-2015-0320
adobe — flash_player Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0314, CVE-2015-0316, CVE-2015-0318, CVE-2015-0329, and CVE-2015-0330. 2015-02-05 10.0 CVE-2015-0321
adobe — flash_player Use-after-free vulnerability in Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0313, CVE-2015-0315, and CVE-2015-0320. 2015-02-05 10.0 CVE-2015-0322
adobe — flash_player Heap-based buffer overflow in Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0327. 2015-02-05 10.0 CVE-2015-0323
adobe — flash_player Buffer overflow in Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to execute arbitrary code via unspecified vectors. 2015-02-05 10.0 CVE-2015-0324
adobe — flash_player Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2015-0326 and CVE-2015-0328. 2015-02-05 10.0 CVE-2015-0325
adobe — flash_player Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2015-0325 and CVE-2015-0328. 2015-02-05 10.0 CVE-2015-0326
adobe — flash_player Heap-based buffer overflow in Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0323. 2015-02-05 10.0 CVE-2015-0327
adobe — flash_player Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2015-0325 and CVE-2015-0326. 2015-02-05 10.0 CVE-2015-0328
adobe — flash_player Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0314, CVE-2015-0316, CVE-2015-0318, CVE-2015-0321, and CVE-2015-0330. 2015-02-05 10.0 CVE-2015-0329
adobe — flash_player Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0314, CVE-2015-0316, CVE-2015-0318, CVE-2015-0321, and CVE-2015-0329. 2015-02-05 10.0 CVE-2015-0330
apple — apple_tv Directory traversal vulnerability in afc in AppleFileConduit in Apple iOS before 8.1.3 and Apple TV before 7.0.3 allows attackers to access unintended filesystem locations by creating a symlink. 2015-01-30 10.0 CVE-2014-4480
apple — apple_tv FontParser in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted .dfont file. 2015-01-30 7.5 CVE-2014-4484
apple — apple_tv Buffer overflow in the XML parser in Foundation in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted XML document. 2015-01-30 7.5 CVE-2014-4485
apple — apple_tv IOAcceleratorFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not properly handle resource lists and IOService userclient types, which allows attackers to execute arbitrary code or cause a denial of service (NULL pointer dereference) via a crafted app. 2015-01-30 10.0 CVE-2014-4486
apple — apple_tv Buffer overflow in IOHIDFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows attackers to execute arbitrary code in a privileged context via a crafted app. 2015-01-30 10.0 CVE-2014-4487
apple — apple_tv IOHIDFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not properly validate resource-queue metadata, which allows attackers to execute arbitrary code in a privileged context via a crafted app. 2015-01-30 10.0 CVE-2014-4488
apple — apple_tv IOHIDFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not properly initialize event queues, which allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app. 2015-01-30 10.0 CVE-2014-4489
apple — apple_tv libnetcore in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not verify that certain values have the expected data type, which allows attackers to execute arbitrary code in an _networkd context via a crafted XPC message from a sandboxed app, as demonstrated by lack of verification of the XPC dictionary data type. 2015-01-30 7.5 CVE-2014-4492
MISC (link is external)
APPLE (link is external)
apple — iphone_os The app-installation functionality in MobileInstallation in Apple iOS before 8.1.3 allows attackers to obtain control of the local app container by leveraging access to an enterprise distribution certificate for signing a crafted app. 2015-01-30 7.5 CVE-2014-4493
apple — apple_tv The kernel in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not enforce the read-only attribute of a shared memory segment during use of a custom cache mode, which allows attackers to bypass intended access restrictions via a crafted app. 2015-01-30 10.0 CVE-2014-4495
apple — mac_os_x Integer signedness error in IOBluetoothFamily in the Bluetooth implementation in Apple OS X before 10.10 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (write to kernel memory) via a crafted app. 2015-01-30 10.0 CVE-2014-4497
apple — mac_os_x coresymbolicationd in CoreSymbolication in Apple OS X before 10.10.2 does not verify that expected data types are present in XPC messages, which allows attackers to execute arbitrary code in a privileged context via a crafted app, as demonstrated by lack of verification of xpc_dictionary_get_value API return values during handling of a (1) match_mmap_archives, (2) delete_mmap_archives, (3) write_mmap_archive, or (4) read_mmap_archive command. 2015-01-30 10.0 CVE-2014-8817
MISC (link is external)
apple — mac_os_x The Intel Graphics Driver in Apple OS X before 10.10.2 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2014-8820 and CVE-2014-8821. 2015-01-30 7.2 CVE-2014-8819
apple — mac_os_x The Intel Graphics Driver in Apple OS X before 10.10.2 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2014-8819 and CVE-2014-8821. 2015-01-30 7.2 CVE-2014-8820
apple — mac_os_x The Intel Graphics Driver in Apple OS X before 10.10.2 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2014-8819 and CVE-2014-8820. 2015-01-30 7.2 CVE-2014-8821
apple — mac_os_x IOHIDFamily in Apple OS X before 10.10.2 allows attackers to execute arbitrary code in a kernel context or cause a denial of service (write to kernel memory) via a crafted app that calls an unspecified user-client method. 2015-01-30 10.0 CVE-2014-8822
apple — mac_os_x The kernel in Apple OS X before 10.10.2 does not properly validate IODataQueue object metadata fields, which allows attackers to execute arbitrary code in a privileged context via a crafted app. 2015-01-30 10.0 CVE-2014-8824
apple — mac_os_x The kernel in Apple OS X before 10.10.2 does not properly perform identitysvc validation of certain directory-service functionality, which allows local users to gain privileges or spoof directory-service responses via unspecified vectors. 2015-01-30 7.2 CVE-2014-8825
apple — mac_os_x Sandbox in Apple OS X before 10.10 allows attackers to write to the sandbox-profile cache via a sandboxed app that includes a com.apple.sandbox segment in a path. 2015-01-30 7.5 CVE-2014-8828
XF (link is external)
apple — mac_os_x SceneKit in Apple OS X before 10.10.2 allows attackers to execute arbitrary code or cause a denial of service (out-of-bounds write) via a crafted app. 2015-01-30 7.5 CVE-2014-8829
XF (link is external)
apple — mac_os_x The xpc_data_get_bytes function in libxpc in Apple OS X before 10.10.2 does not verify that a dictionary’s Attributes key has the xpc_data data type, which allows attackers to execute arbitrary code by providing a crafted dictionary to sysmond, related to an “XPC type confusion” issue. 2015-01-30 10.0 CVE-2014-8835
MISC (link is external)
XF (link is external)
BID (link is external)
EXPLOIT-DB (link is external)
apple — mac_os_x The Bluetooth driver in Apple OS X before 10.10.2 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (arbitrary-size bzero of kernel memory) via a crafted app. 2015-01-30 10.0 CVE-2014-8836
XF (link is external)
SECTRACK (link is external)
MISC (link is external)
apple — mac_os_x Multiple unspecified vulnerabilities in the Bluetooth driver in Apple OS X before 10.10.2 allow attackers to execute arbitrary code in a privileged context via a crafted app. 2015-01-30 10.0 CVE-2014-8837
XF (link is external)
arubanetworks — instant_access_point_firmware Heap-based buffer overflow in Aruba Instant (IAP) with firmware before 4.0.0.7 and 4.1.x before 4.1.1.2 allows remote attackers to cause a denial of service (crash or reset to factory default) via a malformed frame to the wireless interface. 2015-02-03 7.8 CVE-2015-1348
avg — internet_security The TDI driver (avgtdix.sys) in AVG Internet Security before 2013.3495 Hot Fix 18 and 2015.x before 2015.5315 and Protection before 2015.5315 allows local users to write to arbitrary memory locations, and consequently gain privileges, via a crafted 0x830020f8 IOCTL call. 2015-02-06 7.2 CVE-2014-9632
OSVDB
MISC (link is external)
EXPLOIT-DB (link is external)
MISC (link is external)
bluecoat — proxyclient Blue Coat ProxyClient before 3.3.3.3 and 3.4.x before 3.4.4.10 and Unified Agent before 4.1.3.151952 does not properly validate certain certificates, which allows man-in-the-middle attackers to spoof ProxySG Client Managers, and consequently modify configurations and execute arbitrary software updates, via a crafted certificate. 2015-02-02 7.1 CVE-2015-1454
SECUNIA (link is external)
clamav — clamav ClamAV before 0.98.6 allows remote attackers to have unspecified impact via a crafted upack packer file, related to a “heap out of bounds condition.” 2015-02-03 7.5 CVE-2014-9328
BID (link is external)
SECTRACK (link is external)
SECUNIA (link is external)
SECUNIA (link is external)
FEDORA
FEDORA
clamav — clamav ClamAV before 0.98.6 allows remote attackers to have unspecified impact via a crafted (1) Yoda’s crypter or (2) mew packer file, related to a “heap out of bounds condition.” 2015-02-03 7.5 CVE-2015-1461
SECTRACK (link is external)
SECUNIA (link is external)
FEDORA
FEDORA
clamav — clamav ClamAV before 0.98.6 allows remote attackers to have unspecified impact via a crafted upx packer file, related to a “heap out of bounds condition.” 2015-02-03 7.5 CVE-2015-1462
SECTRACK (link is external)
SECUNIA (link is external)
FEDORA
FEDORA
cmsjunkie — j-classifiedsmanager SQL injection vulnerability in the CMSJunkie J-ClassifiedsManager component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a viewad task to classifieds/offerring-ads. 2015-02-04 7.5 CVE-2015-1477
EXPLOIT-DB (link is external)
MISC (link is external)
OSVDB
comodo — backup The bdisk.sys driver in COMODO Backup before 4.4.1.23 allows remote attackers to gain privileges via a crafted device handle, which triggers a NULL pointer dereference. 2015-02-03 7.5 CVE-2014-9633
EXPLOIT-DB (link is external)
MISC (link is external)
CONFIRM (link is external)
content_rating_extbase_project — content_rating_extbase SQL injection vulnerability in the Content Rating Extbase extension 2.0.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. 2015-02-03 7.5 CVE-2015-1405
BID (link is external)
MLIST (link is external)
MLIST (link is external)
content_rating_project — content_rating SQL injection vulnerability in the Content Rating extension 1.0.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. 2015-02-03 7.5 CVE-2015-1403
BID (link is external)
MLIST (link is external)
MLIST (link is external)
cybozu — remote_service_manager Algorithmic complexity vulnerability in Cybozu Remote Service Manager through 2.3.0 and 3.x through 3.1.2 allows remote attackers to cause a denial of service (CPU consumption) via vectors that trigger colliding hash-table keys. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-1983. 2015-02-01 7.8 CVE-2014-7266
ecommercemajor_project — ecommercemajor Multiple SQL injection vulnerabilities in xlinkerz ecommerceMajor allow remote attackers to execute arbitrary SQL commands via the (1) productbycat parameter to product.php, or (2) username or (3) password parameter to __admin/index.php. 2015-02-04 7.5 CVE-2015-1476
EXPLOIT-DB (link is external)
MISC (link is external)
OSVDB
OSVDB
fluxbb — fluxbb Directory traversal vulnerability in install.php in FluxBB before 1.5.8 allows remote attackers to include and execute arbitrary local install.php files via a .. (dot dot) in the install_lang parameter. 2015-02-03 9.3 CVE-2014-9574
MISC (link is external)
XF (link is external)
fortinet — fortios The Control and Provisioning of Wireless Access Points (CAPWAP) daemon in Fortinet FortiOS 5.0 Patch 7 build 4457 allows remote attackers to cause a denial of service (locked CAPWAP Access Controller) via a large number of ClientHello DTLS messages. 2015-02-02 7.8 CVE-2015-1452
MISC (link is external)
FULLDISC
fortinet — fortiauthenticator Fortinet FortiAuthenticator 3.0.0 has a password of (1) slony for the slony PostgreSQL user and (2) www-data for the www-data PostgreSQL user, which makes it easier for remote attackers to obtain access via unspecified vectors. 2015-02-03 7.5 CVE-2015-1455
BID (link is external)
MISC (link is external)
MISC (link is external)
freebsd — freebsd Integer signedness error in the vt console driver (formerly Newcons) in FreeBSD 10.1 allows local users to cause a denial of service (crash) and possibly gain privileges via a negative value in a VT_WAITACTIVE ioctl call, which triggers an array index error and out-of-bounds kernel memory access. 2015-02-02 7.2 CVE-2014-0998
BUGTRAQ (link is external)
MISC (link is external)
FULLDISC
freebsd — freebsd The sctp module in FreeBSD 10.1 before p5, 10.0 before p17, 9.3 before p9, and 8.4 before p23 allows remote attackers to cause a denial of service (NULL pointer dereference and kernel panic) via a crafted RE_CONFIG chunk. 2015-02-02 7.8 CVE-2014-8613
SECTRACK (link is external)
BID (link is external)
google — chrome Use-after-free vulnerability in the VisibleSelection::nonBoundaryShadowTreeRootNode function in core/editing/VisibleSelection.cpp in the DOM implementation in Blink, as used in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that triggers improper handling of a shadow-root anchor. 2015-02-06 7.5 CVE-2015-1209
CONFIRM
CONFIRM (link is external)
google — chrome The OriginCanAccessServiceWorkers function in content/browser/service_worker/service_worker_dispatcher_host.cc in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android does not properly restrict the URI scheme during a ServiceWorker registration, which allows remote attackers to gain privileges via a filesystem: URI. 2015-02-06 7.5 CVE-2015-1211
CONFIRM (link is external)
google — chrome Multiple unspecified vulnerabilities in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android allow attackers to cause a denial of service or possibly have other impact via unknown vectors. 2015-02-06 7.5 CVE-2015-1212
CONFIRM (link is external)
CONFIRM (link is external)
CONFIRM (link is external)
CONFIRM (link is external)
CONFIRM (link is external)
CONFIRM (link is external)
CONFIRM (link is external)
huawei — quidway_firmware Huawei Quidway switches with firmware before V200R005C00SPC300 allows remote attackers to gain privileges via a crafted packet. 2015-02-03 7.5 CVE-2015-1460
i-o_data_device — np-bbrm I-O DATA DEVICE NP-BBRM routers allow remote attackers to cause a denial of service (SSDP reflection) via UPnP requests. 2015-02-01 7.8 CVE-2015-0869
ibm — tivoli_monitoring IBM Tivoli Monitoring (ITM) 6.2.0 through FP03, 6.2.1 through FP04, 6.2.2 through FP09, 6.2.3 through FP05, and 6.3.0 before FP04 allows remote authenticated users to bypass intended access restrictions and execute arbitrary commands by leveraging Take Action view authority to modify in-progress commands. 2015-02-01 8.5 CVE-2014-6141
XF (link is external)
netapp — oncommand_balance NetApp OnCommand Balance before 4.2P2 contains a “default privileged account,” which allows remote attackers to gain privileges via unspecified vectors. 2015-02-06 10.0 CVE-2014-9353
npds — revolution SQL injection vulnerability in search.php in NPDS Revolution 13 allows remote attackers to execute arbitrary SQL commands via the query parameter. 2015-02-03 7.5 CVE-2015-1400
MISC (link is external)
MISC (link is external)
pexip — pexip_infinity Pexip Infinity before 8 uses the same SSH host keys across different customers’ installations, which allows man-in-the-middle attackers to spoof Management and Conferencing Nodes by leveraging these keys. 2015-02-03 7.1 CVE-2014-8779
BID (link is external)
BUGTRAQ (link is external)
MISC (link is external)
piwigo — piwigo SQL injection vulnerability in Piwigo before 2.5.6, 2.6.x before 2.6.5, and 2.7.x before 2.7.3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. 2015-02-03 7.5 CVE-2015-1441
BID (link is external)
SECUNIA (link is external)
restaurantbiller — restaurant_biller SQL injection vulnerability in Restaurant Biller allows remote attackers to execute arbitrary SQL commands via the cid parameter in a category action to index.php. 2015-02-02 7.5 CVE-2015-1450
MISC (link is external)
schneider-electric — somachine Stack-based buffer overflow in an unspecified DLL file in a DTM development kit in Schneider Electric Unity Pro, SoMachine, SoMove, SoMove Lite, Modbus Communication Library 2.2.6 and earlier, CANopen Communication Library 1.0.2 and earlier, EtherNet/IP Communication Library 1.0.0 and earlier, EM X80 Gateway DTM (MB TCP/SL), Advantys DTM for OTB, Advantys DTM for STB, KINOS DTM, SOLO DTM, and Xantrex DTMs allows remote attackers to execute arbitrary code via unspecified vectors. 2015-02-01 7.5 CVE-2014-9200
sefrengo — sefrengo Multiple SQL injection vulnerabilities in Sefrengo before 1.6.2 allow (1) remote attackers to execute arbitrary SQL commands via the sefrengo cookie in a login to backend/main.php or (2) remote authenticated users to execute arbitrary SQL commands via the value_id parameter in a save_value action to backend/main.php. 2015-02-03 7.5 CVE-2015-1428
MISC (link is external)
MISC (link is external)
BUGTRAQ (link is external)
MISC (link is external)
EXPLOIT-DB (link is external)
servision — hvg_video_gateway_firmware time.htm in the web interface on SerVision HVG Video Gateway devices with firmware before 2.2.26a78 allows remote attackers to bypass authentication and obtain administrative access by leveraging a cookie received in an HTTP response. 2015-02-03 10.0 CVE-2015-0929
servision — hvg_video_gateway_firmware The web interface on SerVision HVG Video Gateway devices with firmware before 2.2.26a100 has a hardcoded administrative password, which makes it easier for remote attackers to obtain access via an HTTP session. 2015-02-03 10.0 CVE-2015-0930
servision — hvg_video_gateway_firmware time.htm in the web interface on SerVision HVG Video Gateway devices with firmware through 2.2.26a100 allows remote authenticated users to gain privileges by leveraging a cookie received in an HTTP response, a different vulnerability than CVE-2015-0929 and CVE-2015-0930. 2015-02-03 9.0 CVE-2015-1469
shiromuku — bu2_bbs Unrestricted file upload vulnerability in Mrs. Shiromuku Perl CGI shiromuku(bu2)BBS before 2.91 allows remote attackers to execute arbitrary code by uploading an executable file. 2015-02-01 7.5 CVE-2015-0868
siemens — ruggedcom_firmware The integrated management service on Siemens Ruggedcom WIN51xx devices with firmware before SS4.4.4624.35, WIN52xx devices with firmware before SS4.4.4624.35, WIN70xx devices with firmware before BS4.4.4621.32, and WIN72xx devices with firmware before BS4.4.4621.32 allows remote attackers to bypass authentication and perform administrative actions via unspecified vectors. 2015-02-02 10.0 CVE-2015-1448
siemens — ruggedcom_firmware Buffer overflow in the integrated web server on Siemens Ruggedcom WIN51xx devices with firmware before SS4.4.4624.35, WIN52xx devices with firmware before SS4.4.4624.35, WIN70xx devices with firmware before BS4.4.4621.32, and WIN72xx devices with firmware before BS4.4.4621.32 allows remote attackers to execute arbitrary code via unspecified vectors. 2015-02-02 10.0 CVE-2015-1449
symantec — encryption_management_server Symantec PGP Universal Server and Encryption Management Server before 3.3.2 MP7 allow remote authenticated administrators to execute arbitrary shell commands via a crafted command line in a database-backup restore action. 2015-01-31 9.0 CVE-2014-7288
BID (link is external)
zohocorp — manageengine_opmanager Multiple SQL injection vulnerabilities in the FailOverHelperServlet (aka FailServlet) servlet in ZOHO ManageEngine OpManager 8 through 11.5 build 11400 and IT360 10.5 and earlier allow remote attackers and remote authenticated users to execute arbitrary SQL commands via the (1) customerName or (2) serverRole parameter in a standbyUpdateInCentral operation to servlet/com.adventnet.me.opmanager.servlet.FailOverHelperServlet. 2015-02-04 7.5 CVE-2014-7864
CONFIRM (link is external)
MISC (link is external)
XF (link is external)
BUGTRAQ (link is external)
FULLDISC
MISC (link is external)

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
ansible — tower Ansible Tower (aka Ansible UI) before 2.0.5 allows remote organization administrators to gain privileges by creating a superuser account. 2015-02-04 6.5 CVE-2015-1481
MISC (link is external)
BUGTRAQ (link is external)
EXPLOIT-DB (link is external)
FULLDISC
MISC (link is external)
ansible — tower Ansible Tower (aka Ansible UI) before 2.0.5 allows remote attackers to bypass authentication and obtain sensitive information via a websocket connection to socket.io/1/. 2015-02-04 5.0 CVE-2015-1482
MISC (link is external)
BUGTRAQ (link is external)
EXPLOIT-DB (link is external)
FULLDISC
MISC (link is external)
apache — qpid Unspecified vulnerability in Apache Qpid 0.30 and earlier allows remote attackers to bypass access restrictions on qpidd via unknown vectors, related to 0-10 connection handling. 2015-02-02 5.0 CVE-2015-0223
BID (link is external)
BUGTRAQ
MISC (link is external)
apple — iphone_os WebKit, as used in Apple iOS before 8.1.3, does not properly determine scrollbar boundaries during the rendering of FRAME elements, which allows remote attackers to spoof the UI via a crafted web site. 2015-01-30 4.3 CVE-2014-4467
apple — apple_tv WebKit, as used in Apple iOS before 8.1.3; Apple Safari before 6.2.3, 7.x before 7.1.3, and 8.x before 8.0.3; and Apple TV before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-4477 and CVE-2014-4479. 2015-01-30 6.8 CVE-2014-4476
apple — apple_tv WebKit, as used in Apple iOS before 8.1.3; Apple Safari before 6.2.3, 7.x before 7.1.3, and 8.x before 8.0.3; and Apple TV before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-4476 and CVE-2014-4479. 2015-01-30 6.8 CVE-2014-4477
apple — apple_tv WebKit, as used in Apple iOS before 8.1.3; Apple Safari before 6.2.3, 7.x before 7.1.3, and 8.x before 8.0.3; and Apple TV before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-4476 and CVE-2014-4477. 2015-01-30 6.8 CVE-2014-4479
apple — apple_tv Integer overflow in CoreGraphics in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document. 2015-01-30 6.8 CVE-2014-4481
apple — apple_tv Buffer overflow in FontParser in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted font file in a PDF document. 2015-01-30 6.8 CVE-2014-4483
apple — apple_tv The extension APIs in the kernel in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 do not prevent the presence of addresses within an OSBundleMachOHeaders key in a response, which makes it easier for attackers to bypass the ASLR protection mechanism via a crafted app. 2015-01-30 5.0 CVE-2014-4491
apple — iphone_os Springboard in Apple iOS before 8.1.3 does not properly validate signatures when determining whether to solicit an app trust decision from the user, which allows attackers to bypass intended first-launch restrictions by leveraging access to an enterprise distribution certificate for signing a crafted app. 2015-01-30 6.8 CVE-2014-4494
apple — mac_os_x The CPU Software in Apple OS X before 10.10.2 allows physically proximate attackers to modify firmware during the EFI update process by inserting a Thunderbolt device with crafted code in an Option ROM, aka the “Thunderstrike” issue. 2015-01-30 4.9 CVE-2014-4498
MISC (link is external)
apple — mac_os_x CoreGraphics in Apple OS X before 10.10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted PDF document. 2015-01-30 6.8 CVE-2014-8816
apple — mac_os_x The IOUSBControllerUserClient::ReadRegister function in the IOUSB controller in IOUSBFamily in Apple OS X before 10.10.2 allows local users to read data from arbitrary kernel-memory locations by leveraging root access and providing a crafted first argument. 2015-01-30 4.7 CVE-2014-8823
MISC (link is external)
apple — mac_os_x LaunchServices in Apple OS X before 10.10.2 does not properly handle file-type metadata, which allows attackers to bypass the Gatekeeper protection mechanism via a crafted JAR archive. 2015-01-30 5.0 CVE-2014-8826
BUGTRAQ (link is external)
FULLDISC
apple — mac_os_x Heap-based buffer overflow in SceneKit in Apple OS X before 10.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted accessor element in a Collada file. 2015-01-30 6.8 CVE-2014-8830
XF (link is external)
apple — mac_os_x security_taskgate in Apple OS X before 10.10.2 allows attackers to read group-ACL-restricted keychain items of arbitrary apps via a crafted app with a signature from a (1) self-signed certificate or (2) Developer ID certificate. 2015-01-30 5.0 CVE-2014-8831
XF (link is external)
apple — mac_os_x The indexing functionality in Spotlight in Apple OS X before 10.10.2 writes memory contents to an external hard drive, which allows local users to obtain sensitive information by reading from this drive. 2015-01-30 4.9 CVE-2014-8832
XF (link is external)
apple — mac_os_x The Security component in Apple OS X before 10.10.2 does not properly process cached information about app certificates, which allows attackers to bypass the Gatekeeper protection mechanism by leveraging access to a revoked Developer ID certificate for signing a crafted app. 2015-01-30 4.3 CVE-2014-8838
XF (link is external)
apple — mac_os_x Spotlight in Apple OS X before 10.10.2 does not enforce the Mail “Load remote content in messages” configuration, which allows remote attackers to discover recipient IP addresses by including an inline image in an HTML e-mail message and logging HTTP requests for this image’s URL. 2015-01-30 5.0 CVE-2014-8839
XF (link is external)
MISC (link is external)
SECTRACK (link is external)
MISC (link is external)
apple — iphone_os The iTunes Store component in Apple iOS before 8.1.3 allows remote attackers to bypass a Safari sandbox protection mechanism by leveraging redirection of an SSL URL to the iTunes Store. 2015-01-30 6.8 CVE-2014-8840
MISC (link is external)
XF (link is external)
asus — rt-ac56s ASUS JAPAN RT-AC87U routers with firmware 3.0.0.4.378.3754 and earlier, RT-AC68U routers with firmware 3.0.0.4.376.3715 and earlier, RT-AC56S routers with firmware 3.0.0.4.376.3715 and earlier, RT-N66U routers with firmware 3.0.0.4.376.3715 and earlier, and RT-N56U routers with firmware 3.0.0.4.376.3715 and earlier allow remote authenticated users to execute arbitrary OS commands via unspecified vectors. 2015-02-01 6.5 CVE-2014-7269
asus — rt-ac56s Cross-site request forgery (CSRF) vulnerability on ASUS JAPAN RT-AC87U routers with firmware 3.0.0.4.378.3754 and earlier, RT-AC68U routers with firmware 3.0.0.4.376.3715 and earlier, RT-AC56S routers with firmware 3.0.0.4.376.3715 and earlier, RT-N66U routers with firmware 3.0.0.4.376.3715 and earlier, and RT-N56U routers with firmware 3.0.0.4.376.3715 and earlier allows remote attackers to hijack the authentication of arbitrary users. 2015-02-01 6.8 CVE-2014-7270
asus — rt-n10+d1_firmware Multiple cross-site scripting (XSS) vulnerabilities in Asus RT-N10+ D1 router with firmware 2.1.1.1.70 allow remote attackers to inject arbitrary web script or HTML via the flag parameter to (1) result_of_get_changed_status.asp or (2) error_page.htm. 2015-02-04 4.3 CVE-2015-1437
XF (link is external)
XF (link is external)
BID (link is external)
BUGTRAQ (link is external)
BUGTRAQ (link is external)
BUGTRAQ (link is external)
MISC (link is external)
banner_effect_header_project — banner_effect_header Cross-site scripting (XSS) vulnerability in the Banner Effect Header plugin before 1.2.8 for WordPress allows remote attackers to inject arbitrary web script or HTML via the banner_effect_divid parameter in the BannerEffectOptions page to wp-admin/options-general.php. 2015-02-03 4.3 CVE-2015-1384
MISC (link is external)
BUGTRAQ (link is external)
FULLDISC
blubrry — powerpress_podcasting Cross-site scripting (XSS) vulnerability in the Blubrry PowerPress Podcasting plugin before 6.0.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cat parameter in a powerpress-editcategoryfeed action in the powerpressadmin_categoryfeeds.php page to wp-admin/admin.php. 2015-02-02 4.3 CVE-2015-1385
MISC (link is external)
BID (link is external)
BUGTRAQ (link is external)
FULLDISC
MISC (link is external)
cisco — nx-os The TACACS+ command-authorization implementation in Cisco NX-OS allows local users to cause a denial of service (device reload) via a long CLI command, aka Bug ID CSCur54182. 2015-02-03 4.9 CVE-2014-8013
cisco — anyconnect_secure_mobility_client Cross-site scripting (XSS) vulnerability in Cisco AnyConnect Secure Mobility Client 3.1(.02043) and earlier and Cisco HostScan Engine 3.1(.05183) and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving an applet-path URL, aka Bug IDs CSCup82990 and CSCuq80149. 2015-02-03 4.3 CVE-2014-8021
cisco — webex_meetings_server The XMLAPI in Cisco WebEx Meetings Server 1.5(.1.131) and earlier allows remote attackers to obtain sensitive information by reading return messages from crafted GET requests, aka Bug ID CSCuj67079. 2015-02-01 5.0 CVE-2015-0595
SECTRACK (link is external)
BID (link is external)
SECUNIA (link is external)
cisco — webex_meetings_server Cross-site request forgery (CSRF) vulnerability in Cisco WebEx Meetings Server 1.5(.1.131) and earlier allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuj67163. 2015-02-01 6.8 CVE-2015-0596
SECTRACK (link is external)
BID (link is external)
SECUNIA (link is external)
cisco — webex_meetings_server The Forgot Password feature in Cisco WebEx Meetings Server 1.5(.1.131) and earlier allows remote attackers to enumerate administrative accounts via crafted packets, aka Bug IDs CSCuj67166 and CSCuj67159. 2015-02-01 5.0 CVE-2015-0597
SECTRACK (link is external)
BID (link is external)
cisco — unified_computing_system The web interface in Cisco Integrated Management Controller in Cisco Unified Computing System (UCS) on C-Series Rack Servers does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a “cross-frame scripting (XFS)” issue, aka Bug ID CSCuf50138. 2015-02-03 4.3 CVE-2015-0599
clamav — clamav ClamAV before 0.98.6 allows remote attackers to cause a denial of service (crash) via a crafted petite packer file, related to an “incorrect compiler optimization.” 2015-02-03 5.0 CVE-2015-1463
FEDORA
FEDORA
cmsjunkie — j-classifiedsmanager Cross-site scripting (XSS) vulnerability in the CMSJunkie J-ClassifiedsManager component for Joomla! allows remote attackers to inject arbitrary web script or HTML via the view parameter to /classifieds. 2015-02-04 4.3 CVE-2015-1478
EXPLOIT-DB (link is external)
MISC (link is external)
OSVDB
content_rating_extbase_project — content_rating_extbase Cross-site scripting (XSS) vulnerability in the Content Rating Extbase extension 2.0.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2015-02-03 4.3 CVE-2015-1404
BID (link is external)
MLIST (link is external)
MLIST (link is external)
content_rating_project — content_rating Cross-site scripting (XSS) vulnerability in the Content Rating extension 1.0.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2015-02-03 4.3 CVE-2015-1402
BID (link is external)
MLIST (link is external)
MLIST (link is external)
emc — unisphere_central Open redirect vulnerability in EMC Unisphere Central before 4.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via an unspecified parameter. 2015-02-01 5.8 CVE-2015-0512
SECTRACK (link is external)
BID (link is external)
BUGTRAQ (link is external)
fortinet — forticlient The qm class in Fortinet FortiClient 5.2.3.091 for Android uses a hardcoded encryption key of FoRtInEt!AnDrOiD, which makes it easier for attackers to obtain passwords and possibly other sensitive data by leveraging the key to decrypt data in the Shared Preferences. 2015-02-02 5.0 CVE-2015-1453
MISC (link is external)
FULLDISC
fortinet — fortiauthenticator Fortinet FortiAuthenticator 3.0.0 logs the PostgreSQL usernames and passwords in cleartext, which allows remote administrators to obtain sensitive information by reading the log at debug/startup/. 2015-02-03 4.0 CVE-2015-1456
BID (link is external)
MISC (link is external)
MISC (link is external)
fortinet — fortiauthenticator Fortinet FortiAuthenticator 3.0.0 allows local users to read arbitrary files via the -f flag to the dig command. 2015-02-03 4.9 CVE-2015-1457
XF (link is external)
BID (link is external)
MISC (link is external)
MISC (link is external)
fortinet — fortiauthenticator Fortinet FortiAuthenticator 3.0.0 allows local users to bypass intended restrictions and gain privileges by creating /tmp/privexec/dbgcore_enable_shell_access and executing the “shell” command. 2015-02-03 6.9 CVE-2015-1458
XF (link is external)
BID (link is external)
MISC (link is external)
MISC (link is external)
fortinet — fortiauthenticator Cross-site scripting (XSS) vulnerability in Fortinet FortiAuthenticator 3.0.0 allows remote attackers to inject arbitrary web script or HTML via the operation parameter to cert/scep/. 2015-02-03 4.3 CVE-2015-1459
XF (link is external)
BID (link is external)
MISC (link is external)
MISC (link is external)
freebsd — freebsd Multiple array index errors in the Stream Control Transmission Protocol (SCTP) module in FreeBSD 10.1 before p5, 10.0 before p17, 9.3 before p9, and 8.4 before p23 allow local users to (1) gain privileges via the stream id to the setsockopt function, when setting the SCTIP_SS_VALUE option, or (2) read arbitrary kernel memory via the stream id to the getsockopt function, when getting the SCTP_SS_PRIORITY option. 2015-02-02 4.6 CVE-2014-8612
SECTRACK (link is external)
BID (link is external)
BUGTRAQ (link is external)
MISC (link is external)
FULLDISC
geo_mashup_project — geo_mashup Cross-site scripting (XSS) vulnerability in the geo search widget in the Geo Mashup plugin before 1.8.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the search key. 2015-02-02 4.3 CVE-2015-1383
MLIST (link is external)
FULLDISC
google — chrome The V8ThrowException::createDOMException function in bindings/core/v8/V8ThrowException.cpp in the V8 bindings in Blink, as used in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android, does not properly consider frame access restrictions during the throwing of an exception, which allows remote attackers to bypass the Same Origin Policy via a crafted web site. 2015-02-06 5.0 CVE-2015-1210
CONFIRM
CONFIRM (link is external)
hp — sitescope Unspecified vulnerability in HP SiteScope 11.1x and 11.2x allows remote authenticated users to gain privileges via unknown vectors. 2015-02-01 5.5 CVE-2014-7882
ibm — security_appscan IBM Security AppScan Standard 8.x and 9.x before 9.0.1.1 FP1 supports unencrypted sessions, which allows remote attackers to obtain sensitive information by sniffing the network. 2015-02-01 5.0 CVE-2014-6136
XF (link is external)
ibm — integration_bus The HTTPInput node in IBM WebSphere Message Broker 7.0 before 7.0.0.8 and 8.0 before 8.0.0.6 and IBM Integration Bus 9.0 before 9.0.0.4 allows remote attackers to obtain sensitive information by triggering a SOAP fault. 2015-02-01 5.0 CVE-2014-6170
XF (link is external)
ibm — security_appscan IBM Security AppScan Standard 8.x and 9.x before 9.0.1.1 FP1 does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. 2015-02-01 5.8 CVE-2014-8918
XF (link is external)
labtech_software — labtech Labtech before 100.237 on Linux uses world-writable permissions for root-executed scripts, which allows local users to gain privileges by modifying a script file. 2015-01-31 6.8 CVE-2015-0926
landesk — landesk_management_suite Cross-site scripting (XSS) vulnerability in the admin interface in LANDESK Management Suite before 9.6 SP1 allows remote attackers to inject arbitrary web script or HTML via the AMTVersion parameter to remote/serverlist_grouptree.aspx. 2015-02-03 4.3 CVE-2014-5360
FULLDISC
libmspack_project — libmspack Integer overflow in the qtmd_decompress function in libmspack 0.4 allows remote attackers to cause a denial of service (hang) via a crafted CAB file, which triggers an infinite loop. 2015-02-03 5.0 CVE-2014-9556
CONFIRM
MLIST (link is external)
MLIST (link is external)
SECUNIA (link is external)
SUSE
linux — linux_kernel Race condition in NVMap in NVIDIA Tegra Linux Kernel 3.10 alllows local users to gain privileges via a crafted NVMAP_IOC_CREATE IOCTL call, which triggers a use-after-free error, as demonstrated by using a race condition to escape the Chrome sandbox. 2015-02-06 6.9 CVE-2014-5332
MISC (link is external)
m2_technologies — optimalsite Cross-site scripting (XSS) vulnerability in display_dialog.php in M2 OptimalSite 0.1 and 2.4 allows remote attackers to inject arbitrary web script or HTML via the image parameter. 2015-02-04 4.3 CVE-2014-9562
MISC (link is external)
FULLDISC
manageengine — supportcenter_plus Multiple cross-site scripting (XSS) vulnerabilities in Zoho ManageEngine SupportCenter Plus 7.9 before hotfix 7941 allow remote attackers to inject arbitrary web script or HTML via the (1) fromCustomer, (2) username, or (3) password parameter to HomePage.do. 2015-02-02 4.3 CVE-2015-0866
MISC (link is external)
BID (link is external)
BUGTRAQ (link is external)
manageengine — servicedesk_plus ZOHO ManageEngine ServiceDesk Plus (SDP) before 9.0 build 9031 allows remote authenticated users to obtain sensitive ticket information via a (1) getTicketData action to servlet/AJaxServlet or a direct request to (2) swf/flashreport.swf, (3) reports/flash/details.jsp, or (4) reports/CreateReportTable.jsp. 2015-02-04 4.0 CVE-2015-1480
BID (link is external)
BUGTRAQ (link is external)
MISC (link is external)
EXPLOIT-DB (link is external)
MISC (link is external)
OSVDB
mozilla — bugzilla Bugzilla before 4.0.16, 4.1.x and 4.2.x before 4.2.12, 4.3.x and 4.4.x before 4.4.7, and 5.x before 5.0rc1 allows remote authenticated users to execute arbitrary commands by leveraging the editcomponents privilege and triggering crafted input to a two-argument Perl open call, as demonstrated by shell metacharacters in a product name. 2015-02-01 6.5 CVE-2014-8630
mylittleforum — mylittleforum Multiple cross-site scripting (XSS) vulnerabilities in my little forum 2.3.3, 2.2, and 1.7 allow remote attackers to inject arbitrary web script or HTML via the (1) page or (2) category parameter to forum.php or the (3) page or (4) order parameter to (a) board_entry.php or (b) forum_entry.php. 2015-02-04 4.3 CVE-2015-1475
MISC (link is external)
FULLDISC
nishishi — fumy_news_clipper Cross-site scripting (XSS) vulnerability in hb.cgi in Nishishi Factory Fumy News Clipper 2.x before 2.5.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2015-01-31 4.3 CVE-2015-0870
owncloud — owncloud The SFTP external storage driver (files_external) in ownCloud Server before 6.0.5 validates the RSA Host key after login, which allows remote attackers to obtain sensitive information by sniffing the network. 2015-02-04 4.3 CVE-2014-5341
owncloud — owncloud The import functionality in the bookmarks application in ownCloud server before 5.0.18, 6.x before 6.0.6, and 7.x before 7.0.3 does not validate CSRF tokens, which allow remote attackers to conduct CSRF attacks. 2015-02-04 6.8 CVE-2014-9041
owncloud — owncloud The user_ldap (aka LDAP user and group backend) application in ownCloud before 5.0.18, 6.x before 6.0.6, and 7.x before 7.0.3 allows remote attackers to bypass authentication via a null byte in the password and a valid user name, which triggers an unauthenticated bind. 2015-02-04 5.0 CVE-2014-9043
owncloud — owncloud Asset Pipeline in ownCloud 7.x before 7.0.3 uses an MD5 hash of the absolute file paths of the original CSS and JS files as the name of the concatenated file, which allows remote attackers to obtain sensitive information via a brute force attack. 2015-02-04 5.0 CVE-2014-9044
owncloud — owncloud The FTP backend in user_external in ownCloud Server before 5.0.18 and 6.x before 6.0.6 allows remote attackers to bypass intended authentication requirements via a crafted password. 2015-02-04 5.0 CVE-2014-9045
owncloud — owncloud The OC_Util::getUrlContent function in ownCloud Server before 5.0.18, 6.x before 6.0.6, and 7.x before 7.0.3 allows remote attackers to read arbitrary files via a file:// protocol. 2015-02-04 5.0 CVE-2014-9046
owncloud — owncloud Multiple unspecified vulnerabilities in the preview system in ownCloud 6.x before 6.0.6 and 7.x before 7.0.3 allow remote attackers to read arbitrary files via unknown vectors. 2015-02-04 4.3 CVE-2014-9047
owncloud — owncloud The documents application in ownCloud Server 6.x before 6.0.6 and 7.x before 7.0.3 allows remote attackers to bypass the password-protection for shared files via the API. 2015-02-04 5.0 CVE-2014-9048
owncloud — owncloud The documents application in ownCloud Server 6.x before 6.0.6 and 7.x before 7.0.3 allows remote authenticated users to obtain all valid session IDs via an unspecified API method. 2015-02-04 4.0 CVE-2014-9049
privoxy — privoxy jcc.c in Privoxy before 3.0.23 allows remote attackers to cause a denial of service (abort) via a crafted chunk-encoded body. 2015-02-03 5.0 CVE-2015-1380
MLIST (link is external)
MLIST (link is external)
CONFIRM (link is external)
privoxy — privoxy Multiple unspecified vulnerabilities in pcrs.c in Privoxy before 3.0.23 allow remote attackers to cause a denial of service (segmentation fault or memory consumption) via unspecified vectors. 2015-02-03 5.0 CVE-2015-1381
MLIST (link is external)
MLIST (link is external)
DEBIAN
SECUNIA (link is external)
CONFIRM (link is external)
CONFIRM (link is external)
privoxy — privoxy parsers.c in Privoxy before 3.0.23 allows remote attackers to cause a denial of service (invalid read and crash) via vectors related to an HTTP time header. 2015-02-03 5.0 CVE-2015-1382
MLIST (link is external)
MLIST (link is external)
DEBIAN
SECUNIA (link is external)
CONFIRM (link is external)
CONFIRM (link is external)
qpr — portal Multiple cross-site scripting (XSS) vulnerabilities in the note-creation page in QPR Portal 2014.1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) title or (2) body field. 2015-01-31 4.3 CVE-2014-8266
qpr — portal Cross-site scripting (XSS) vulnerability in QPR Portal 2014.1.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the RID parameter. 2015-01-31 4.3 CVE-2014-8267
qpr — portal QPR Portal before 2012.2.1 allows remote attackers to modify or delete notes via a direct request. 2015-01-31 6.4 CVE-2014-8268
roundcube — webmail program/lib/Roundcube/rcube_washtml.php in Roundcube before 1.0.5 does not properly quote strings, which allows remote attackers to conduct cross-site scripting (XSS) attacks via the style attribute in an email. 2015-02-03 4.3 CVE-2015-1433
BID (link is external)
MLIST (link is external)
MLIST (link is external)
CONFIRM (link is external)
siemens — scalance_x-200_series_firmware The web server on Siemens SCALANCE X-200IRT switches with firmware before 5.2.0 allows remote attackers to hijack sessions via unspecified vectors. 2015-02-02 6.8 CVE-2015-1049
siemens — ruggedcom_firmware Siemens Ruggedcom WIN51xx devices with firmware before SS4.4.4624.35, WIN52xx devices with firmware before SS4.4.4624.35, WIN70xx devices with firmware before BS4.4.4621.32, and WIN72xx devices with firmware before BS4.4.4621.32 allow context-dependent attackers to discover password hashes by reading (1) files or (2) security logs. 2015-02-02 5.0 CVE-2015-1357
snipsnap — snipsnap Cross-site scripting (XSS) vulnerability in SnipSnap 0.5.2a, 1.0b1, and 1.0b2 allows remote attackers to inject arbitrary web script or HTML via the query parameter to /snipsnap-search. 2015-02-03 4.3 CVE-2014-9559
MISC (link is external)
FULLDISC
symantec — encryption_management_server The key-management component in Symantec PGP Universal Server and Encryption Management Server before 3.3.2 MP7 allows remote attackers to trigger unintended content in outbound e-mail messages via a crafted key UID value in an inbound e-mail message, as demonstrated by the outbound Subject header. 2015-01-31 5.0 CVE-2014-7287
BID (link is external)
vmware — vsphere_data_protection VMware vSphere Data Protection (VDP) 5.1, 5.5 before 5.5.9, and 5.8 before 5.8.1 does not properly verify X.509 certificates from vCenter Server SSL servers, which allows man-in-the-middle attackers to spoof servers, and bypass intended backup and restore access restrictions, via a crafted certificate. 2015-01-31 4.3 CVE-2014-4632
web-dorado — photo_gallery SQL injection vulnerability in the Photo Gallery plugin before 1.2.11 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the asc_or_desc parameter in a create gallery request in the galleries_bwg page to wp-admin/admin.php. 2015-02-02 6.5 CVE-2015-1393
CONFIRM
BUGTRAQ (link is external)
zohocorp — manageengine_desktop_central Cross-site request forgery (CSRF) vulnerability in ZOHO ManageEngine Desktop Central before 9 build 90130 allows remote attackers to hijack the authentication of administrators for requests that add an administrator account via an addUser action to STATE_ID/1417736606982/roleMgmt.do. 2015-02-04 6.8 CVE-2014-9331
BID (link is external)
BUGTRAQ (link is external)
EXPLOIT-DB (link is external)
MISC (link is external)
zohocorp — servicedesk_plus SQL injection vulnerability in reports/CreateReportTable.jsp in ZOHO ManageEngine ServiceDesk Plus (SDP) before 9.0 build 9031 allows remote authenticated users to execute arbitrary SQL commands via the site parameter. 2015-02-04 6.5 CVE-2015-1479
BID (link is external)
MISC (link is external)
EXPLOIT-DB (link is external)
MISC (link is external)

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
apple — mac_os_x The App Store process in CommerceKit Framework in Apple OS X before 10.10.2 places Apple ID credentials in App Store logs, which allows local users to obtain sensitive information by reading a file. 2015-01-30 2.1 CVE-2014-4499
apple — mac_os_x LoginWindow in Apple OS X before 10.10.2 does not transition to the lock-screen state immediately upon being woken from sleep, which allows physically proximate attackers to obtain sensitive information by reading the screen. 2015-01-30 2.1 CVE-2014-8827
XF (link is external)
apple — mac_os_x SpotlightIndex in Apple OS X before 10.10.2 does not properly perform deserialization during access to a permission cache, which allows local users to read search results associated with other users’ protected files via a Spotlight query. 2015-01-30 2.1 CVE-2014-8833
XF (link is external)
apple — mac_os_x UserAccountUpdater in Apple OS X 10.10 before 10.10.2 stores a PDF document’s password in a printing preference file, which allows local users to obtain sensitive information by reading a file. 2015-01-30 2.1 CVE-2014-8834
fortinet — fortios Multiple cross-site scripting (XSS) vulnerabilities in Fortinet FortiOS 5.0 Patch 7 build 4457 allow remote authenticated users to inject arbitrary web script or HTML via the (1) WTP Name or (2) WTP Active Software Version field in a CAPWAP Join request. 2015-02-02 3.5 CVE-2015-1451
MISC (link is external)
FULLDISC
owncloud — owncloud Cross-site scripting (XSS) vulnerability in the import functionality in the bookmarks application in ownCloud before 5.0.18, 6.x before 6.0.6, and 7.x before 7.0.3 allows remote authenticated users to inject arbitrary web script or HTML by importing a link with an unspecified protocol. NOTE: this can be leveraged by remote attackers using CVE-2014-9041. 2015-02-04 3.5 CVE-2014-9042
puppetlabs — rabbitmq puppetlabs-rabbitmq 3.0 through 4.1 stores the RabbitMQ Erlang cookie value in the facts of a node, which allows local users to obtain sensitive information as demonstrated by using Facter. 2015-02-03 2.1 CVE-2014-9568

(SB15-040) Vulnerability Summary for the Week of February 2, 2015 was originally published on Blogg'n @ ECI

February 14, 2015 - Posted by | IT Security, NewsUpdate, Security Alerts, Security Issues, US-CERT | , , , , , , , , , , , , , , ,

Sorry, the comment form is closed at this time.