ECI Blog @WordPress

Latest news from the ECI Networks Group

SB15-075 Vulnerability Summary for the Week of March 9, 2015

Original release date: March 16, 2015

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week.

The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0
  • Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9
  • Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
agilent_technologies — feature_extraction The AnnotationX.AnnList.1 ActiveX control in Agilent Technologies Feature Extraction allows remote attackers to execute arbitrary code via a crafted object parameter in the Insert function, related to “Index Out-Of-Bounds.” 2015-03-09 7.5 CVE-2015-2092
MISC (link is external)
ajsquare — zeuscart Multiple SQL injection vulnerabilities in the administrative backend in ZeusCart 4 allow remote administrators to execute arbitrary SQL commands via the id parameter in a (1) disporders detail or (2) subadminmgt edit action or (3) cid parameter in an editcurrency action to admin/. 2015-03-10 7.5 CVE-2015-2183
MISC (link is external)
BID (link is external)
EXPLOIT-DB (link is external)
MISC (link is external)
MLIST
MLIST
FULLDISC
MISC (link is external)
apache — standard_taglibs Apache Standard Taglibs before 1.2.3 allows remote attackers to execute arbitrary code or conduct external XML entity (XXE) attacks via a crafted XSLT extension in a (1) <x:parse> or (2) <x:transform> JSTL XML tag. 2015-03-09 7.5 CVE-2015-0254
BID (link is external)
MISC (link is external)
MLIST
apple — apple_tv IOSurface in Apple iOS before 8.2, Apple OS X through 10.10.2, and Apple TV before 7.1 allows attackers to execute arbitrary code in a privileged context via a crafted app that leverages “type confusion” during serialized-object handling. 2015-03-12 9.3 CVE-2015-1061
CONFIRM (link is external)
CONFIRM (link is external)
CONFIRM (link is external)
APPLE (link is external)
APPLE (link is external)
APPLE (link is external)
apple — iphone_os CoreTelephony in Apple iOS before 8.2 allows remote attackers to cause a denial of service (NULL pointer dereference and device restart) via a Class 0 SMS message. 2015-03-12 7.8 CVE-2015-1063
CONFIRM (link is external)
APPLE (link is external)
apple — mac_os_x Off-by-one error in IOAcceleratorFamily in Apple OS X through 10.10.2 allows attackers to execute arbitrary code in a privileged context via a crafted app. 2015-03-12 10.0 CVE-2015-1066
CONFIRM (link is external)
APPLE (link is external)
avinu — phpmoadmin The saveObject function in moadmin.php in phpMoAdmin 1.1.2 allows remote attackers to execute arbitrary commands via shell metacharacters in the object parameter. 2015-03-12 7.5 CVE-2015-2208
MLIST (link is external)
MLIST (link is external)
EXPLOIT-DB (link is external)
FULLDISC
MISC (link is external)
bestpractical — request_tracker The email gateway in RT (aka Request Tracker) 3.0.0 through 4.x before 4.0.23 and 4.2.x before 4.2.10 allows remote attackers to cause a denial of service (CPU and disk consumption) via a crafted email. 2015-03-09 7.1 CVE-2014-9472
DEBIAN
CONFIRM (link is external)
betster_project — betster Multiple SQL injection vulnerabilities in Betster (aka PHP Betoffice) 1.0.4 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) showprofile.php or (2) categoryedit.php or (3) username parameter in a login to index.php. 2015-03-12 7.5 CVE-2015-2237
BUGTRAQ (link is external)
MISC (link is external)
cisco — expressway_software The Session Description Protocol (SDP) implementation in Cisco TelePresence Video Communication Server (VCS) and Cisco Expressway before X8.2 and Cisco TelePresence Conductor before XC2.4 allows remote attackers to cause a denial of service (mishandled exception and device reload) via a crafted media description, aka Bug IDs CSCus96593 and CSCun73192. 2015-03-12 7.8 CVE-2015-0652
CISCO (link is external)
cisco — expressway_software The management interface in Cisco TelePresence Video Communication Server (VCS) and Cisco Expressway before X7.2.4, X8 before X8.1.2, and X8.2 before X8.2.2 and Cisco TelePresence Conductor before X2.3.1 and XC2.4 before XC2.4.1 allows remote attackers to bypass authentication via crafted login parameters, aka Bug IDs CSCur02680 and CSCur05556. 2015-03-12 10.0 CVE-2015-0653
CISCO (link is external)
cisco — intrusion_prevention_system Race condition in the TLS implementation in MainApp in the management interface in Cisco Intrusion Prevention System (IPS) Software before 7.3(3)E4 allows remote attackers to cause a denial of service (process hang) by establishing many HTTPS sessions, aka Bug ID CSCuq40652. 2015-03-12 7.1 CVE-2015-0654
CISCO (link is external)
emc — rsa_certificate_manager EMC RSA Certificate Manager (RCM) before 6.9 build 558 and RSA Registration Manager (RRM) before 6.9 build 558 allow remote attackers to cause an Administration Server denial of service via an invalid MIME e-mail message with a multipart/* Content-Type header. 2015-03-12 7.8 CVE-2015-0523
BUGTRAQ
emc — secure_remote_services SQL injection vulnerability in the Gateway Provisioning service in EMC Secure Remote Services Virtual Edition (ESRS VE) 3.02 and 3.03 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. 2015-03-12 7.5 CVE-2015-0524
BUGTRAQ
emc — secure_remote_services The Gateway Provisioning service in EMC Secure Remote Services Virtual Edition (ESRS VE) 3.02 and 3.03 allows remote attackers to execute arbitrary OS commands via unspecified vectors. 2015-03-12 7.5 CVE-2015-0525
BUGTRAQ
google — chrome The SkBitmap::ReadRawPixels function in core/SkBitmap.cpp in the filters implementation in Skia, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an out-of-bounds write operation. 2015-03-08 7.5 CVE-2015-1213
CONFIRM (link is external)
CONFIRM (link is external)
BID (link is external)
REDHAT (link is external)
CONFIRM (link is external)
google — chrome Integer overflow in the SkAutoSTArray implementation in include/core/SkTemplates.h in the filters implementation in Skia, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a reset action with a large count value, leading to an out-of-bounds write operation. 2015-03-08 7.5 CVE-2015-1214
CONFIRM (link is external)
CONFIRM (link is external)
BID (link is external)
REDHAT (link is external)
CONFIRM (link is external)
google — chrome The filters implementation in Skia, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an out-of-bounds write operation. 2015-03-08 7.5 CVE-2015-1215
CONFIRM (link is external)
BID (link is external)
REDHAT (link is external)
CONFIRM (link is external)
google — chrome Use-after-free vulnerability in the V8Window::namedPropertyGetterCustom function in bindings/core/v8/custom/V8WindowCustom.cpp in the V8 bindings in Blink, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a frame detachment. 2015-03-08 7.5 CVE-2015-1216
CONFIRM
CONFIRM (link is external)
BID (link is external)
REDHAT (link is external)
CONFIRM (link is external)
google — chrome The V8LazyEventListener::prepareListenerObject function in bindings/core/v8/V8LazyEventListener.cpp in the V8 bindings in Blink, as used in Google Chrome before 41.0.2272.76, does not properly compile listeners, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage “type confusion.” 2015-03-08 7.5 CVE-2015-1217
CONFIRM
CONFIRM
CONFIRM
CONFIRM (link is external)
BID (link is external)
REDHAT (link is external)
CONFIRM (link is external)
google — chrome Multiple use-after-free vulnerabilities in the DOM implementation in Blink, as used in Google Chrome before 41.0.2272.76, allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger movement of a SCRIPT element to different documents, related to (1) the HTMLScriptElement::didMoveToNewDocument function in core/html/HTMLScriptElement.cpp and (2) the SVGScriptElement::didMoveToNewDocument function in core/svg/SVGScriptElement.cpp. 2015-03-08 7.5 CVE-2015-1218
CONFIRM
CONFIRM (link is external)
BID (link is external)
REDHAT (link is external)
CONFIRM (link is external)
google — chrome Integer overflow in the SkMallocPixelRef::NewAllocate function in core/SkMallocPixelRef.cpp in Skia, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an attempted allocation of a large amount of memory during WebGL rendering. 2015-03-08 7.5 CVE-2015-1219
CONFIRM (link is external)
CONFIRM (link is external)
BID (link is external)
REDHAT (link is external)
CONFIRM (link is external)
google — chrome Use-after-free vulnerability in Blink, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging incorrect ordering of operations in the Web SQL Database thread relative to Blink’s main thread, related to the shutdown function in web/WebKit.cpp. 2015-03-08 7.5 CVE-2015-1221
CONFIRM
CONFIRM
CONFIRM (link is external)
BID (link is external)
REDHAT (link is external)
CONFIRM (link is external)
google — chrome Multiple use-after-free vulnerabilities in the ServiceWorkerScriptCacheMap implementation in content/browser/service_worker/service_worker_script_cache_map.cc in Google Chrome before 41.0.2272.76 allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a ServiceWorkerContextWrapper::DeleteAndStartOver call, related to the NotifyStartedCaching and NotifyFinishedCaching functions. 2015-03-08 7.5 CVE-2015-1222
CONFIRM
CONFIRM (link is external)
BID (link is external)
REDHAT (link is external)
CONFIRM (link is external)
google — chrome Multiple use-after-free vulnerabilities in core/html/HTMLInputElement.cpp in the DOM implementation in Blink, as used in Google Chrome before 41.0.2272.76, allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger extraneous change events, as demonstrated by events for invalid input or input to read-only fields, related to the initializeTypeInParsing and updateType functions. 2015-03-08 7.5 CVE-2015-1223
CONFIRM (link is external)
CONFIRM (link is external)
BID (link is external)
REDHAT (link is external)
CONFIRM (link is external)
google — chrome The DragImage::create function in platform/DragImage.cpp in Blink, as used in Google Chrome before 41.0.2272.76, does not initialize memory for image drawing, which allows remote attackers to have an unspecified impact by triggering a failed image decoding, as demonstrated by an image for which the default orientation cannot be used. 2015-03-08 7.5 CVE-2015-1227
CONFIRM
CONFIRM
CONFIRM (link is external)
BID (link is external)
REDHAT (link is external)
CONFIRM (link is external)
google — chrome The RenderCounter::updateCounter function in core/rendering/RenderCounter.cpp in Blink, as used in Google Chrome before 41.0.2272.76, does not force a relayout operation and consequently does not initialize memory for a data structure, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted Cascading Style Sheets (CSS) token sequence. 2015-03-08 7.5 CVE-2015-1228
CONFIRM
CONFIRM (link is external)
BID (link is external)
REDHAT (link is external)
CONFIRM (link is external)
google — chrome The getHiddenProperty function in bindings/core/v8/V8EventListenerList.h in Blink, as used in Google Chrome before 41.0.2272.76, has a name conflict with the AudioContext class, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via JavaScript code that adds an AudioContext event listener and triggers “type confusion.” 2015-03-08 7.5 CVE-2015-1230
CONFIRM
CONFIRM (link is external)
BID (link is external)
REDHAT (link is external)
CONFIRM (link is external)
google — chrome Multiple unspecified vulnerabilities in Google Chrome before 41.0.2272.76 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. 2015-03-08 7.5 CVE-2015-1231
CONFIRM (link is external)
CONFIRM (link is external)
CONFIRM (link is external)
CONFIRM (link is external)
CONFIRM (link is external)
CONFIRM (link is external)
CONFIRM (link is external)
CONFIRM (link is external)
CONFIRM (link is external)
CONFIRM (link is external)
CONFIRM (link is external)
CONFIRM (link is external)
CONFIRM (link is external)
CONFIRM (link is external)
CONFIRM (link is external)
CONFIRM (link is external)
CONFIRM (link is external)
CONFIRM (link is external)
CONFIRM (link is external)
CONFIRM (link is external)
CONFIRM (link is external)
CONFIRM (link is external)
CONFIRM (link is external)
CONFIRM (link is external)
CONFIRM (link is external)
CONFIRM (link is external)
CONFIRM (link is external)
CONFIRM (link is external)
CONFIRM (link is external)
CONFIRM (link is external)
CONFIRM (link is external)
REDHAT (link is external)
CONFIRM (link is external)
google — chrome Array index error in the MidiManagerUsb::DispatchSendMidiData function in media/midi/midi_manager_usb.cc in Google Chrome before 41.0.2272.76 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging renderer access to provide an invalid port index that triggers an out-of-bounds write operation, a different vulnerability than CVE-2015-1212. 2015-03-08 7.5 CVE-2015-1232
CONFIRM
CONFIRM (link is external)
CONFIRM (link is external)
google — chrome Multiple unspecified vulnerabilities in Google V8 before 4.1.0.21, as used in Google Chrome before 41.0.2272.76, allow attackers to cause a denial of service or possibly have other impact via unknown vectors. 2015-03-08 7.5 CVE-2015-2238
CONFIRM (link is external)
hp — ole_point_of_sale_driver The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via vectors involving OPOSMICR.ocx for PUSB Thermal Receipt printers, SerialUSB Thermal Receipt printers, Hybrid POS printers with MICR, Value PUSB Receipt printers, and Value Serial/USB Receipt printers, aka ZDI-CAN-2512. 2015-03-09 10.0 CVE-2014-7888
HP (link is external)
SECTRACK (link is external)
hp — ole_point_of_sale_driver The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via vectors involving OPOSLineDisplay.ocx for Retail RP7 VFD Customer Display monitors, Retail Integrated 2×20 Display monitors, Retail Integrated 2×20 Complex monitors, POS Pole Display monitors, Graphical POS Pole Display monitors, and LCD Pole Display monitors, aka ZDI-CAN-2511. 2015-03-09 10.0 CVE-2014-7889
HP (link is external)
SECTRACK (link is external)
hp — ole_point_of_sale_driver The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via vectors involving OPOSToneIndicator.ocx for POS keyboards and POS keyboards with MSR, aka ZDI-CAN-2510. 2015-03-09 10.0 CVE-2014-7890
HP (link is external)
SECTRACK (link is external)
hp — ole_point_of_sale_driver The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via vectors involving OPOSPOSKeyboard.ocx for POS keyboards and POS keyboards with MSR, aka ZDI-CAN-2509. 2015-03-09 10.0 CVE-2014-7891
HP (link is external)
SECTRACK (link is external)
hp — ole_point_of_sale_driver The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via vectors involving OPOSMSR.ocx for Mini MSR magnetic stripe readers, Retail Integrated Dual-Head MSR magnetic stripe readers, Integrated Single Head MSR w/o SRED magnetic stripe readers, Integrated Single Head w/o MSR SRED magnetic stripe readers, RP7 Single Head MSR w/o SRED magnetic stripe readers, POS keyboards, and POS keyboards with MSR, aka ZDI-CAN-2508. 2015-03-09 10.0 CVE-2014-7892
HP (link is external)
SECTRACK (link is external)
hp — ole_point_of_sale_driver The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via vectors involving OPOSCheckScanner.ocx for PUSB Thermal Receipt printers, SerialUSB Thermal Receipt printers, Hybrid POS printers with MICR, Value PUSB Receipt printers, and Value Serial/USB Receipt printers, aka ZDI-CAN-2507. 2015-03-09 10.0 CVE-2014-7893
HP (link is external)
SECTRACK (link is external)
hp — ole_point_of_sale_driver The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via vectors involving OPOSPOSPrinter.ocx for PUSB Thermal Receipt printers, SerialUSB Thermal Receipt printers, Hybrid POS printers with MICR, Value PUSB Receipt printers, and Value Serial/USB Receipt printers, aka ZDI-CAN-2506. 2015-03-09 10.0 CVE-2014-7894
HP (link is external)
SECTRACK (link is external)
hp — ole_point_of_sale_driver The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via vectors involving OPOSCashDrawer.ocx for PUSB Thermal Receipt printers, SerialUSB Thermal Receipt printers, Hybrid POS printers with MICR, Value PUSB Receipt printers, Value Serial/USB Receipt printers, and USB Standard Duty cash drawers, aka ZDI-CAN-2505. 2015-03-09 10.0 CVE-2014-7895
HP (link is external)
SECTRACK (link is external)
hp — ole_point_of_sale_driver The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via vectors involving OPOSScanner.ocx for Imaging Barcode scanners, Linear Barcode scanners, Presentation Barcode scanners, Retail Integrated Barcode scanners, Wireless Barcode scanners, and 2D Value Wireless scanners. 2015-03-09 10.0 CVE-2014-7897
HP (link is external)
SECTRACK (link is external)
hp — ole_point_of_sale_driver The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via unspecified vectors. 2015-03-09 10.0 CVE-2014-7898
HP (link is external)
SECTRACK (link is external)
ibm — java_sdk Unspecified vulnerability in the Java Virtual Machine (JVM) in IBM SDK, Java Technology Edition 5.0 before SR16-FP9, 6 before SR16-FP3, 6R1 before SR8-FP3, 7 before SR8-FP10, and 7R1 before SR2-FP10 allows remote attackers to escape the Java sandbox and execute arbitrary code via unspecified vectors related to the security manager. 2015-03-06 10.0 CVE-2014-8891
CONFIRM (link is external)
CONFIRM (link is external)
CONFIRM (link is external)
SUSE
SUSE
SUSE
ibm — java_sdk Unspecified vulnerability in the Java Virtual Machine (JVM) in IBM SDK, Java Technology Edition 5.0 before SR16-FP9, 6 before SR16-FP3, 6R1 before SR8-FP3, 7 before SR8-FP10, and 7R1 before SR2-FP10 allows remote attackers to bypass intended access permissions and obtain sensitive information via unspecified vectors related to the security manager. 2015-03-06 7.8 CVE-2014-8892
CONFIRM (link is external)
CONFIRM (link is external)
CONFIRM (link is external)
SUSE
SUSE
SUSE
microsoft — internet_explorer vbscript.dll in Microsoft VBScript 5.6 through 5.8, as used with Internet Explorer 8 through 11 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “VBScript Memory Corruption Vulnerability.” 2015-03-11 9.3 CVE-2015-0032
MS (link is external)
MS (link is external)
microsoft — internet_explorer Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability,” a different vulnerability than CVE-2015-1623 and CVE-2015-1626. 2015-03-11 9.3 CVE-2015-0056
MS (link is external)
microsoft — windows_7 The Windows Registry Virtualization feature in the kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly restrict changes to virtual stores, which allows local users to gain privileges via a crafted application, aka “Registry Virtualization Elevation of Privilege Vulnerability.” 2015-03-11 7.2 CVE-2015-0073
MS (link is external)
microsoft — windows_2003_server The kernel in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 does not properly constrain impersonation levels, which allows local users to gain privileges via a crafted application, aka “Impersonation Level Check Elevation of Privilege Vulnerability.” 2015-03-11 7.2 CVE-2015-0075
MS (link is external)
microsoft — windows_8 win32k.sys in the kernel-mode drivers in Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly validate the token of a calling thread, which allows local users to gain privileges via a crafted application, aka “Win32k Elevation of Privilege Vulnerability.” 2015-03-11 7.2 CVE-2015-0078
MS (link is external)
microsoft — windows_7 The Remote Desktop Protocol (RDP) implementation in Microsoft Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote attackers to cause a denial of service (memory consumption and RDP outage) by establishing many RDP sessions that do not properly free allocated memory, aka “Remote Desktop Protocol (RDP) Denial of Service Vulnerability.” 2015-03-11 7.8 CVE-2015-0079
MS (link is external)
microsoft — windows_2003_server Windows Text Services (WTS) in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a crafted (1) web site or (2) file, aka “WTS Remote Code Execution Vulnerability.” 2015-03-11 9.3 CVE-2015-0081
MS (link is external)
microsoft — excel Use-after-free vulnerability in Microsoft Office 2007 SP3, Excel 2007 SP3, PowerPoint 2007 SP3, Word 2007 SP3, Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Word 2010 SP2, Office 2013 Gold and SP1, Word 2013 Gold and SP1, Office 2013 RT Gold and SP1, Word 2013 RT Gold and SP1, Excel Viewer, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2, Excel Services on SharePoint Server 2013 Gold and SP1, Word Automation Services on SharePoint Server 2013 Gold and SP1, Web Applications 2010 SP2, Office Web Apps Server 2010 SP2, Web Apps Server 2013 Gold and SP1, SharePoint Server 2007 SP3, Windows SharePoint Services 3.0 SP3, SharePoint Foundation 2010 SP2, SharePoint Server 2010 SP2, SharePoint Foundation 2013 Gold and SP1, and SharePoint Server 2013 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted Office document, aka “Microsoft Office Component Use After Free Vulnerability.” 2015-03-11 9.3 CVE-2015-0085
MS (link is external)
microsoft — office Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 Gold and SP1, Word 2013 RT Gold and SP1, Word Viewer, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint Server 2013 Gold and SP1, Web Applications 2010 SP2, and Web Apps Server 2013 Gold and SP1 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted RTF document, aka “Microsoft Office Memory Corruption Vulnerability.” 2015-03-11 9.3 CVE-2015-0086
MS (link is external)
microsoft — windows_7 Adobe Font Driver in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a crafted (1) web site or (2) file, aka “Adobe Font Driver Remote Code Execution Vulnerability,” a different vulnerability than CVE-2015-0090, CVE-2015-0091, CVE-2015-0092, and CVE-2015-0093. 2015-03-11 9.3 CVE-2015-0088
MS (link is external)
microsoft — windows_7 Adobe Font Driver in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a crafted (1) web site or (2) file, aka “Adobe Font Driver Remote Code Execution Vulnerability,” a different vulnerability than CVE-2015-0088, CVE-2015-0091, CVE-2015-0092, and CVE-2015-0093. 2015-03-11 9.3 CVE-2015-0090
MS (link is external)
microsoft — windows_7 Adobe Font Driver in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a crafted (1) web site or (2) file, aka “Adobe Font Driver Remote Code Execution Vulnerability,” a different vulnerability than CVE-2015-0088, CVE-2015-0090, CVE-2015-0092, and CVE-2015-0093. 2015-03-11 9.3 CVE-2015-0091
MS (link is external)
microsoft — windows_7 Adobe Font Driver in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a crafted (1) web site or (2) file, aka “Adobe Font Driver Remote Code Execution Vulnerability,” a different vulnerability than CVE-2015-0088, CVE-2015-0090, CVE-2015-0091, and CVE-2015-0093. 2015-03-11 9.3 CVE-2015-0092
MS (link is external)
microsoft — windows_7 Adobe Font Driver in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a crafted (1) web site or (2) file, aka “Adobe Font Driver Remote Code Execution Vulnerability,” a different vulnerability than CVE-2015-0088, CVE-2015-0090, CVE-2015-0091, and CVE-2015-0092. 2015-03-11 9.3 CVE-2015-0093
MS (link is external)
microsoft — windows_7 Untrusted search path vulnerability in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, leading to DLL loading during Windows Explorer access to the icon of a crafted shortcut, aka “DLL Planting Remote Code Execution Vulnerability.” 2015-03-11 9.3 CVE-2015-0096
MS (link is external)
microsoft — excel Microsoft Excel 2007 SP3, PowerPoint 2007 SP3, Word 2007 SP3, Excel 2010 SP2, PowerPoint 2010 SP2, and Word 2010 SP2 allow remote attackers to execute arbitrary code via a crafted Office document, aka “Microsoft Word Local Zone Remote Code Execution Vulnerability.” 2015-03-11 9.3 CVE-2015-0097
MS (link is external)
microsoft — internet_explorer Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability.” 2015-03-11 9.3 CVE-2015-0099
MS (link is external)
microsoft — internet_explorer Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability.” 2015-03-11 9.3 CVE-2015-0100
MS (link is external)
microsoft — internet_explorer Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability.” 2015-03-11 9.3 CVE-2015-1622
MS (link is external)
microsoft — internet_explorer Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability,” a different vulnerability than CVE-2015-0056 and CVE-2015-1626. 2015-03-11 9.3 CVE-2015-1623
MS (link is external)
microsoft — internet_explorer Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability.” 2015-03-11 9.3 CVE-2015-1624
MS (link is external)
microsoft — internet_explorer Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability,” a different vulnerability than CVE-2015-1634. 2015-03-11 9.3 CVE-2015-1625
MS (link is external)
microsoft — internet_explorer Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability,” a different vulnerability than CVE-2015-0056 and CVE-2015-1623. 2015-03-11 9.3 CVE-2015-1626
MS (link is external)
microsoft — internet_explorer Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability,” a different vulnerability than CVE-2015-1625. 2015-03-11 9.3 CVE-2015-1634
MS (link is external)
nvidia — gpu_driver_r304 The NVIDIA Display Driver R304 before 309.08, R340 before 341.44, R343 before 345.20, and R346 before 347.52 does not properly validate local client impersonation levels when performing a “kernel administrator check,” which allows local users to gain administrator privileges via unspecified API calls. 2015-03-06 7.2 CVE-2015-1170
CONFIRM (link is external)
palosanto — elastix SQL injection vulnerability in a2billing/customer/iridium_threed.php in Elastix 2.5.0 and earlier allows remote attackers to execute arbitrary SQL commands via the transactionID parameter. 2015-03-11 7.5 CVE-2015-1875
MISC (link is external)
ptc — creo_view Heap-based buffer overflow in the browser plugin for PTC Creo View allows remote attackers to execute arbitrary code via vectors involving setting a large buffer to an unspecified attribute. 2015-03-09 7.5 CVE-2015-2061
MISC (link is external)
MISC (link is external)
siemens — spc4000_firmware Siemens SPC controllers SPC4000, SPC5000, and SPC6000 before 3.6.0 allow remote attackers to cause a denial of service (device restart) via crafted packets. 2015-03-06 7.8 CVE-2014-9369
CONFIRM (link is external)
siemens — simatic_s7-300_cpu Siemens SIMATIC S7-300 CPU devices allow remote attackers to cause a denial of service (defect-mode transition) via crafted packets on (1) TCP port 102 or (2) Profibus. 2015-03-06 7.8 CVE-2015-2177
CONFIRM (link is external)
solarwinds — orion_ip_address_manager Multiple SQL injection vulnerabilities in the Manage Accounts page in the AccountManagement.asmx service in the Solarwinds Orion Platform 2015.1, as used in Network Performance Monitor (NPM) before 11.5, NetFlow Traffic Analyzer (NTA) before 4.1, Network Configuration Manager (NCM) before 7.3.2, IP Address Manager (IPAM) before 4.3, User Device Tracker (UDT) before 3.2, VoIP & Network Quality Manager (VNQM) before 4.2, Server & Application Manager (SAM) before 6.2, Web Performance Monitor (WPM) before 2.2, and possibly other Solarwinds products, allow remote authenticated users to execute arbitrary SQL commands via the (1) dir or (2) sort parameter to the (a) GetAccounts or (b) GetAccountGroups endpoint. 2015-03-10 7.5 CVE-2014-9566
MISC (link is external)
CONFIRM (link is external)
EXPLOIT-DB (link is external)
MISC (link is external)
FULLDISC
MISC (link is external)
OSVDB
theforeman — foreman Smart Proxy (aka Smart-Proxy and foreman-proxy) in Foreman before 1.5.4 and 1.6.x before 1.6.2 does not validate SSL certificates, which allows remote attackers to bypass intended authentication and execute arbitrary API request via a request without a certificate. 2015-03-09 7.5 CVE-2014-3691
CONFIRM (link is external)
CONFIRM (link is external)
REDHAT (link is external)
REDHAT (link is external)
CONFIRM
ubuntu — upstart The logrotation script (/etc/cron.daily/upstart) in the Ubuntu Upstart package before 1.13.2-0ubuntu9, as used in Ubuntu Vivid 15.04, allows local users to execute arbitrary commands and gain privileges via a crafted file in /run/user/*/upstart/sessions/. 2015-03-12 7.2 CVE-2015-2285
CONFIRM (link is external)
MISC (link is external)
FULLDISC
MISC (link is external)
webgate — webgate_embedded_standard_protocol_sdk Multiple buffer overflows in WebGate Embedded Standard Protocol (WESP) SDK allow remote attackers to execute arbitrary code via unspecified vectors to the (1) LoadImage or (2) LoadImageEx function in the WESPMonitor.WESPMonitorCtrl.1 control, (3) ChangePassword function in the WESPCONFIGLib.UserItem control, Connect function in the (4) WESPSerialPort.WESPSerialPortCtrl.1 or (5) WESPPLAYBACKLib.WESPPlaybackCtrl control, or (6) AddID function in the WESPCONFIGLib.IDList control or a (7) long string to the second argument to the ConnectEx3 function in the WESPPLAYBACKLib.WESPPlaybackCtrl control. 2015-03-09 7.5 CVE-2015-2097
MISC (link is external)
MISC (link is external)
MISC (link is external)
FULLDISC
webgateinc — winrds Stack-based buffer overflow in the WESPPlayback.WESPPlaybackCtrl.1 control in WebGate WinRDS allows remote attackers to execute arbitrary code via unspecified vectors to the (1) PrintSiteImage, (2) PlaySiteAllChannel, (3) StopSiteAllChannel, or (4) SaveSiteImage function. 2015-03-09 7.5 CVE-2015-2094
MISC (link is external)
MISC (link is external)
MISC (link is external)
MISC (link is external)
webshophun — webshop_hun Multiple SQL injection vulnerabilities in Webshop hun 1.062S allow remote attackers to execute arbitrary SQL commands via the (1) termid or (2) nyelv_id parameter to index.php. 2015-03-09 7.5 CVE-2015-2242
MISC (link is external)
FULLDISC
MISC (link is external)
webshophun — webshop_hun Directory traversal vulnerability in Webshop hun 1.062S allows remote attackers to have unspecified impact via directory traversal sequences in the mappa parameter to index.php. 2015-03-09 7.5 CVE-2015-2243
MISC (link is external)
FULLDISC
MISC (link is external)
xen — xen The x86 emulator in Xen 3.2.x through 4.5.x does not properly ignore segment overrides for instructions with register operands, which allows local guest users to obtain sensitive information, cause a denial of service (memory corruption), or possibly execute arbitrary code via unspecified vectors. 2015-03-12 7.2 CVE-2015-2151
CONFIRM

Back to top

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
ajsquare — zeuscart Cross-site scripting (XSS) vulnerability in ZeusCart 4.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameter in a search action to index.php. 2015-03-11 4.3 CVE-2010-5322
MISC (link is external)
BID (link is external)
EXPLOIT-DB (link is external)
MISC (link is external)
MISC
MISC
MLIST
FULLDISC
MISC (link is external)
OSVDB
ajsquare — zeuscart Multiple cross-site scripting (XSS) vulnerabilities in ZeusCart 4 allow remote attackers to inject arbitrary web script or HTML via the (1) schltr parameter in a brands action or (2) brand parameter in a viewbrands action to index.php. NOTE: The search parameter vector is already covered by CVE-2010-5322. 2015-03-11 4.3 CVE-2015-2182
MISC (link is external)
BID (link is external)
EXPLOIT-DB (link is external)
MISC (link is external)
MISC
MISC
MLIST
MLIST
FULLDISC
MISC (link is external)
OSVDB
ajsquare — zeuscart ZeusCart 4 allows remote attackers to obtain configuration information via a getphpinfo action to admin/, which calls the phpinfo function. 2015-03-10 5.0 CVE-2015-2184
MISC (link is external)
BID (link is external)
EXPLOIT-DB (link is external)
MISC (link is external)
MLIST
MLIST
FULLDISC
MISC (link is external)
apache — http_server The lua_websocket_read function in lua_request.c in the mod_lua module in the Apache HTTP Server through 2.4.12 allows remote attackers to cause a denial of service (child-process crash) by sending a crafted WebSocket Ping frame after a Lua script has called the wsupgrade function. 2015-03-07 5.0 CVE-2015-0228
CONFIRM (link is external)
CONFIRM
apache — mod-gnutls The authentication hook (mgs_hook_authz) in mod-gnutls 0.5.10 and earlier does not validate client certificates when “GnuTLSClientVerify require” is set, which allows remote attackers to spoof clients via a crafted certificate. 2015-03-13 5.0 CVE-2015-2091
CONFIRM
DEBIAN
MISC (link is external)
apple — apple_tv MobileStorageMounter in Apple iOS before 8.2 and Apple TV before 7.1 does not delete invalid disk-image folders, which allows attackers to create folders in arbitrary filesystem locations via a crafted app. 2015-03-12 5.0 CVE-2015-1062
CONFIRM (link is external)
CONFIRM (link is external)
APPLE (link is external)
APPLE (link is external)
apple — iphone_os Multiple buffer overflows in iCloud Keychain in Apple iOS before 8.2 and Apple OS X through 10.10.2 allow man-in-the-middle attackers to execute arbitrary code by modifying the client-server data stream during keychain recovery. 2015-03-12 5.4 CVE-2015-1065
CONFIRM (link is external)
CONFIRM (link is external)
APPLE (link is external)
APPLE (link is external)
apple — apple_tv Secure Transport in Apple iOS before 8.2, Apple OS X through 10.10.2, and Apple TV before 7.1 does not properly restrict TLS state transitions, which makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the “FREAK” issue, a different vulnerability than CVE-2015-0204 and CVE-2015-1637. 2015-03-10 5.0 CVE-2015-1067
CONFIRM (link is external)
CONFIRM (link is external)
CONFIRM (link is external)
MISC (link is external)
APPLE (link is external)
APPLE (link is external)
APPLE (link is external)
bestpractical — request_tracker RT (aka Request Tracker) 3.8.8 through 4.x before 4.0.23 and 4.2.x before 4.2.10 allows remote attackers to obtain sensitive RSS feed URLs and ticket data via unspecified vectors. 2015-03-09 5.0 CVE-2015-1165
DEBIAN
CONFIRM (link is external)
bestpractical — request_tracker RT (aka Request Tracker) before 4.0.23 and 4.2.x before 4.2.10 allows remote attackers to hijack sessions via an RSS feed URL. 2015-03-09 6.4 CVE-2015-1464
DEBIAN
CONFIRM (link is external)
cfdbplugin — contact_form_db Cross-site request forgery (CSRF) vulnerability in the Contact Form DB (aka CFDB and contact-form-7-to-database-extension) plugin before 2.8.32 for WordPress allows remote attackers to hijack the authentication of administrators for requests that delete all plugin records via a request in the CF7DBPluginSubmissions page to wp-admin/admin.php. 2015-03-09 6.8 CVE-2015-1874
CONFIRM
MISC (link is external)
FULLDISC
MISC (link is external)
djangoproject — django Cross-site scripting (XSS) vulnerability in the contents function in admin/helpers.py in Django before 1.7.6 and 1.8 before 1.8b2 allows remote attackers to inject arbitrary web script or HTML via a model attribute in ModelAdmin.readonly_fields, as demonstrated by a @property. 2015-03-12 4.3 CVE-2015-2241
CONFIRM (link is external)
CONFIRM (link is external)
emc — rsa_certificate_manager Cross-site scripting (XSS) vulnerability in EMC RSA Certificate Manager (RCM) before 6.9 build 558 and RSA Registration Manager (RRM) before 6.9 build 558 allows remote attackers to inject arbitrary web script or HTML via vectors related to the email address parameter. 2015-03-12 4.3 CVE-2015-0522
BUGTRAQ
fedoraproject — 389_directory_server 389 Directory Server before 1.3.2.27 and 1.3.3.x before 1.3.3.9 does not properly restrict access to the “cn=changelog” LDAP sub-tree, which allows remote attackers to obtain sensitive information from the changelog via unspecified vectors. 2015-03-10 5.0 CVE-2014-8105
REDHAT (link is external)
REDHAT (link is external)
CONFIRM
CONFIRM
fedoraproject — 389_directory_server 389 Directory Server 1.3.1.x, 1.3.2.x before 1.3.2.27, and 1.3.3.x before 1.3.3.9 stores “unhashed” passwords even when the nsslapd-unhashed-pw-switch option is set to off, which allows remote authenticated users to obtain sensitive information by reading the Changelog. 2015-03-10 4.0 CVE-2014-8112
CONFIRM (link is external)
REDHAT (link is external)
CONFIRM
CONFIRM
google — chrome content/renderer/device_sensors/device_motion_event_pump.cc in Google Chrome before 41.0.2272.76 does not properly restrict access to high-rate accelerometer data, which makes it easier for remote attackers to capture keystrokes via a crafted web site that listens for ondevicemotion events, a different vulnerability than CVE-2015-1231. 2015-03-08 5.0 CVE-2011-5319
CONFIRM (link is external)
CONFIRM (link is external)
MISC (link is external)
CONFIRM (link is external)
MISC
google — chrome content/renderer/device_sensors/device_orientation_event_pump.cc in Google Chrome before 41.0.2272.76 does not properly restrict access to high-rate gyroscope data, which makes it easier for remote attackers to obtain speech signals from a device’s physical environment via a crafted web site that listens for ondeviceorientation events, a different vulnerability than CVE-2015-1231. 2015-03-08 5.0 CVE-2014-9689
MISC
MISC (link is external)
CONFIRM (link is external)
CONFIRM (link is external)
CONFIRM (link is external)
google — chrome Use-after-free vulnerability in the GIFImageReader::parseData function in platform/image-decoders/gif/GIFImageReader.cpp in Blink, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted frame size in a GIF image. 2015-03-08 6.8 CVE-2015-1220
CONFIRM
CONFIRM (link is external)
BID (link is external)
REDHAT (link is external)
CONFIRM (link is external)
google — chrome The VpxVideoDecoder::VpxDecode function in media/filters/vpx_video_decoder.cc in the vpxdecoder implementation in Google Chrome before 41.0.2272.76 does not ensure that alpha-plane dimensions are identical to image dimensions, which allows remote attackers to cause a denial of service (out-of-bounds read) via crafted VPx video data. 2015-03-08 5.0 CVE-2015-1224
CONFIRM
CONFIRM (link is external)
BID (link is external)
REDHAT (link is external)
CONFIRM (link is external)
google — chrome PDFium, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. 2015-03-08 5.0 CVE-2015-1225
CONFIRM (link is external)
BID (link is external)
REDHAT (link is external)
CONFIRM (link is external)
google — chrome The DebuggerFunction::InitAgentHost function in browser/extensions/api/debugger/debugger_api.cc in Google Chrome before 41.0.2272.76 does not properly restrict what URLs are available as debugger targets, which allows remote attackers to bypass intended access restrictions via a crafted extension. 2015-03-08 5.0 CVE-2015-1226
CONFIRM
CONFIRM (link is external)
BID (link is external)
REDHAT (link is external)
CONFIRM (link is external)
google — chrome net/http/proxy_client_socket.cc in Google Chrome before 41.0.2272.76 does not properly handle a 407 (aka Proxy Authentication Required) HTTP status code accompanied by a Set-Cookie header, which allows remote proxy servers to conduct cookie-injection attacks via a crafted response. 2015-03-08 5.0 CVE-2015-1229
CONFIRM
CONFIRM (link is external)
BID (link is external)
REDHAT (link is external)
CONFIRM (link is external)
google — chrome Google Chrome before 41.0.2272.76, when Instant Extended mode is used, does not properly consider the interaction between the “1993 search” features and restore-from-disk RELOAD transitions, which makes it easier for remote attackers to spoof the address bar for a search-results page by leveraging (1) a compromised search engine or (2) an XSS vulnerability in a search engine, a different vulnerability than CVE-2015-1231. 2015-03-08 4.3 CVE-2015-2239
CONFIRM (link is external)
CONFIRM (link is external)
CONFIRM (link is external)
ibm — websphere_portal Cross-site request forgery (CSRF) vulnerability in IBM WebSphere Portal 8.0.0 through 8.0.0.1 CF15 and 8.5.0 before CF05 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. 2015-03-12 6.8 CVE-2014-6214
CONFIRM (link is external)
AIXAPAR (link is external)
ibm — websphere_commerce IBM WebSphere Commerce 7.0 Feature Pack 4 through 8 allows remote attackers to read arbitrary files and possibly obtain administrative privileges via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. 2015-03-12 5.0 CVE-2015-0133
CONFIRM (link is external)
AIXAPAR (link is external)
libssh2 — libssh2 The kex_agree_methods function in libssh2 before 1.5.0 allows remote servers to cause a denial of service (crash) or have other unspecified impact via crafted length values in an SSH_MSG_KEXINIT packet. 2015-03-13 6.8 CVE-2015-1782
CONFIRM
DEBIAN
microsoft — windows_2003_server The NETLOGON service in Microsoft Windows Server 2003 SP2, Windows Server 2008 SP2 and R2 SP1, and Windows Server 2012 Gold and R2, when a Domain Controller is configured, allows remote attackers to spoof the computer name of a secure channel’s endpoint, and obtain sensitive session information, by running a crafted application and leveraging the ability to sniff network traffic, aka “NETLOGON Spoofing Vulnerability.” 2015-03-11 4.3 CVE-2015-0005
MS (link is external)
microsoft — windows_2003_server Adobe Font Driver in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly allocate memory, which allows remote attackers to cause a denial of service via a crafted (1) web site or (2) file, aka “Adobe Font Driver Denial of Service Vulnerability.” 2015-03-11 4.3 CVE-2015-0074
MS (link is external)
microsoft — windows_2003_server The photo-decoder implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly initialize memory for rendering of JXR images, which allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka “JPEG XR Parser Information Disclosure Vulnerability.” 2015-03-11 4.3 CVE-2015-0076
MS (link is external)
microsoft — windows_2003_server Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 do not properly initialize memory for rendering of malformed PNG images, which allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka “Malformed PNG Parsing Information Disclosure Vulnerability.” 2015-03-11 4.3 CVE-2015-0080
MS (link is external)
microsoft — windows_7 Adobe Font Driver in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to obtain sensitive information from kernel memory, and possibly bypass the KASLR protection mechanism, via a crafted font, aka “Adobe Font Driver Information Disclosure Vulnerability,” a different vulnerability than CVE-2015-0089. 2015-03-11 5.0 CVE-2015-0087
MS (link is external)
microsoft — windows_7 Adobe Font Driver in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to obtain sensitive information from kernel memory, and possibly bypass the KASLR protection mechanism, via a crafted font, aka “Adobe Font Driver Information Disclosure Vulnerability,” a different vulnerability than CVE-2015-0087. 2015-03-11 5.0 CVE-2015-0089
MS (link is external)
microsoft — windows_7 The kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow local users to cause a denial of service (NULL pointer dereference and blue screen), or obtain sensitive information from kernel memory and possibly bypass the ASLR protection mechanism, via a crafted application, aka “Microsoft Windows Kernel Memory Disclosure Vulnerability.” 2015-03-11 5.6 CVE-2015-0095
MS (link is external)
microsoft — internet_explorer Microsoft Internet Explorer 7 through 11 allows remote attackers to gain privileges via a crafted web site, aka “Internet Explorer Elevation of Privilege Vulnerability.” 2015-03-11 4.3 CVE-2015-1627
MS (link is external)
microsoft — exchange_server Cross-site scripting (XSS) vulnerability in Outlook Web App (OWA) in Microsoft Exchange Server 2013 SP1 and Cumulative Update 7 allows remote attackers to inject arbitrary web script or HTML via a crafted X-OWA-Canary cookie in an AD.RecipientType.User action, aka “OWA Modified Canary Parameter Cross Site Scripting Vulnerability.” 2015-03-11 4.3 CVE-2015-1628
MS (link is external)
microsoft — exchange_server Cross-site scripting (XSS) vulnerability in Outlook Web App (OWA) in Microsoft Exchange Server 2013 SP1 and Cumulative Update 7 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka “ExchangeDLP Cross Site Scripting Vulnerability.” 2015-03-11 4.3 CVE-2015-1629
MS (link is external)
microsoft — exchange_server Cross-site scripting (XSS) vulnerability in Outlook Web App (OWA) in Microsoft Exchange Server 2013 SP1 and Cumulative Update 7 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka “Audit Report Cross Site Scripting Vulnerability.” 2015-03-11 4.3 CVE-2015-1630
MS (link is external)
microsoft — exchange_server Microsoft Exchange Server 2013 SP1 and Cumulative Update 7 allows remote attackers to spoof meeting organizers via unspecified vectors, aka “Exchange Forged Meeting Request Spoofing Vulnerability.” 2015-03-11 5.0 CVE-2015-1631
MS (link is external)
microsoft — exchange_server Cross-site scripting (XSS) vulnerability in errorfe.aspx in Outlook Web App (OWA) in Microsoft Exchange Server 2013 SP1 and Cumulative Update 7 allows remote attackers to inject arbitrary web script or HTML via the msgParam parameter in an authError action, aka “Exchange Error Message Cross Site Scripting Vulnerability.” 2015-03-11 4.3 CVE-2015-1632
MS (link is external)
microsoft — windows_2003_server Schannel (aka Secure Channel) in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly restrict TLS state transitions, which makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the “FREAK” issue, a different vulnerability than CVE-2015-0204 and CVE-2015-1067. 2015-03-06 5.0 CVE-2015-1637
CONFIRM (link is external)
MISC (link is external)
MS (link is external)
myupb — ultimate_php_board Multiple cross-site scripting (XSS) vulnerabilities in Ultimate PHP Board (aka myUPB) 2.2.7 allow remote attackers to inject arbitrary web script or HTML via the (1) q parameter to search.php or (2) avatar parameter to profile.php. 2015-03-10 4.3 CVE-2015-2217
BUGTRAQ (link is external)
MISC (link is external)
phpmyadmin — phpmyadmin libraries/select_lang.lib.php in phpMyAdmin 4.0.x before 4.0.10.9, 4.2.x before 4.2.13.2, and 4.3.x before 4.3.11.1 includes invalid language values in unknown-language error responses that contain a CSRF token and may be sent with HTTP compression, which makes it easier for remote attackers to conduct a BREACH attack and determine this token via a series of crafted requests. 2015-03-09 5.0 CVE-2015-2206
CONFIRM (link is external)
CONFIRM (link is external)
pivotal_software — spring_framework The Java SockJS client in Pivotal Spring Framework 4.1.x before 4.1.5 generates predictable session ids, which allows remote attackers to send messages to other sessions via unspecified vectors. 2015-03-10 5.0 CVE-2015-0201
CONFIRM (link is external)
redhat — openstack The log-viewing function in the Red Hat redhat-access-plugin before 6.0.3 for OpenStack Dashboard (horizon) allows remote attackers to read arbitrary files via a crafted path. 2015-03-10 4.0 CVE-2015-0271
REDHAT (link is external)
siemens — simatic_cfc Untrusted search path vulnerability in Siemens SIMATIC ProSave before 13 SP1; SIMATIC CFC before 8.0 SP4 Upd9 and 8.1 before Upd1; SIMATIC STEP 7 before 5.5 SP1 HF2, 5.5 SP2 before HF7, 5.5 SP3, and 5.5 SP4 before HF4; SIMOTION Scout before 4.4; and STARTER before 4.4 HF3 allows local users to gain privileges via a Trojan horse application file. 2015-03-06 6.9 CVE-2015-1594
CONFIRM (link is external)
siemens — spcanywhere The Siemens SPCanywhere application for Android and iOS does not use encryption during lookups of system ID to IP address mappings, which allows man-in-the-middle attackers to discover alarm IP addresses and spoof servers by intercepting the client-server data stream. 2015-03-06 4.3 CVE-2015-1595
CONFIRM (link is external)
siemens — spcanywhere The Siemens SPCanywhere application for Android and iOS does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. 2015-03-06 5.8 CVE-2015-1596
CONFIRM (link is external)
siemens — spcanywhere The Siemens SPCanywhere application for Android does not use encryption during the loading of code, which allows man-in-the-middle attackers to execute arbitrary code by modifying the client-server data stream. 2015-03-06 6.8 CVE-2015-1597
CONFIRM (link is external)
telerik — analytics_monitor_library Multiple untrusted search path vulnerabilities in (1) EQATEC.Analytics.Monitor.Win32_vc100.dll and (2) EQATEC.Analytics.Monitor.Win32_vc100-x64.dll in Telerik Analytics Monitor Library before 3.2.125 allow local users to gain privileges via a Trojan horse (a) csunsapi.dll, (b) swift.dll, (c) nfhwcrhk.dll, or (d) surewarehook.dll file in an unspecified directory. 2015-03-12 6.9 CVE-2015-2264
CERT-VN
tips_and_tricks_hq — all_in_one_wordpress_security_and_firewall SQL injection vulnerability in the All In One WP Security & Firewall plugin before 3.8.8 for WordPress allows remote attackers to execute arbitrary SQL commands via unspecified vectors. 2015-03-06 6.0 CVE-2015-0894
CONFIRM
JVNDB (link is external)
JVN (link is external)
tips_and_tricks_hq — all_in_one_wordpress_security_and_firewall Cross-site request forgery (CSRF) vulnerability in the All In One WP Security & Firewall plugin before 3.9.0 for WordPress allows remote attackers to hijack the authentication of administrators for requests that delete logs of 404 (aka Not Found) HTTP status codes. 2015-03-06 6.8 CVE-2015-0895
CONFIRM
JVNDB (link is external)
JVN (link is external)
unace_project — unace Integer overflow in unace 1.2b allows remote attackers to cause a denial of service (crash) via a small file header in an ace archive, which triggers a buffer overflow. 2015-03-09 4.3 CVE-2015-2063
CONFIRM
MLIST (link is external)
DEBIAN
webgateinc — webeyeaudio Stack-based buffer overflow in the Connect function in the WebGate WebEyeAudio ActiveX control allows remote attackers to execute arbitrary code via a crafted value. 2015-03-09 6.8 CVE-2015-2093
MISC (link is external)
webgateinc — edvr_manager Heap-based buffer overflow in the SetConnectInfo function in the WESPPTZ.WESPPTZCtrl.1 ActiveX control in WebGate eDVR Manager allows remote attackers to execute arbitrary code via crafted arguments. 2015-03-09 6.8 CVE-2015-2095
MISC (link is external)
webgateinc — edvr_manager Use-after-free vulnerability in the Connect function in the WESPMonitor.WESPMonitorCtrl.1 ActiveX control in WebGate eDVR Manager allows remote attackers to execute arbitrary code via an invalid IP address and a page reload. 2015-03-09 6.8 CVE-2015-2096
MISC (link is external)
webshophun — webshop_hun Multiple cross-site scripting (XSS) vulnerabilities in Webshop hun 1.062S allow remote attackers to inject arbitrary web script or HTML via the (1) param, (2) center, (3) lap, (4) termid, or (5) nyelv_id parameter to index.php. 2015-03-09 4.3 CVE-2015-2244
MISC (link is external)
FULLDISC
MISC (link is external)
wireshark — wireshark The dissect_atn_cpdlc_heur function in asn1/atn-cpdlc/packet-atn-cpdlc-template.c in the ATN-CPDLC dissector in Wireshark 1.12.x before 1.12.4 does not properly follow the TRY/ENDTRY code requirements, which allows remote attackers to cause a denial of service (stack memory corruption and application crash) via a crafted packet. 2015-03-07 5.0 CVE-2015-2187
CONFIRM
CONFIRM
CONFIRM
wireshark — wireshark epan/dissectors/packet-wcp.c in the WCP dissector in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 does not properly initialize a data structure, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet that is improperly handled during decompression. 2015-03-07 5.0 CVE-2015-2188
CONFIRM
CONFIRM
CONFIRM
wireshark — wireshark Off-by-one error in the pcapng_read function in wiretap/pcapng.c in the pcapng file parser in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via an invalid Interface Statistics Block (ISB) interface ID in a crafted packet. 2015-03-07 5.0 CVE-2015-2189
CONFIRM
CONFIRM
CONFIRM
wireshark — wireshark epan/proto.c in Wireshark 1.12.x before 1.12.4 does not properly handle integer data types greater than 32 bits in size, which allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted packet that is improperly handled by the LLDP dissector. 2015-03-07 5.0 CVE-2015-2190
CONFIRM
CONFIRM
CONFIRM
wireshark — wireshark Integer overflow in the dissect_tnef function in epan/dissectors/packet-tnef.c in the TNEF dissector in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 allows remote attackers to cause a denial of service (infinite loop) via a crafted length field in a packet. 2015-03-07 5.0 CVE-2015-2191
CONFIRM
CONFIRM
CONFIRM
wireshark — wireshark Integer overflow in the dissect_osd2_cdb_continuation function in epan/dissectors/packet-scsi-osd.c in the SCSI OSD dissector in Wireshark 1.12.x before 1.12.4 allows remote attackers to cause a denial of service (infinite loop) via a crafted length field in a packet. 2015-03-07 5.0 CVE-2015-2192
CONFIRM
CONFIRM
CONFIRM
wotlab — community_gallery Cross-site scripting (XSS) vulnerability in WoltLab Community Gallery 2.0 before 2014-12-26 allows remote attackers to inject arbitrary web script or HTML via the parameters[data][7][title] parameter in a saveImageData action to index.php/AJAXProxy. 2015-03-12 4.3 CVE-2015-2275
BUGTRAQ (link is external)
MISC (link is external)
FULLDISC
MISC (link is external)
xen — xen Xen 3.3.x through 4.5.x does not properly restrict access to PCI command registers, which might allow local guest users to cause a denial of service (non-maskable interrupt and host crash) by disabling the (1) memory or (2) I/O decoding for a PCI Express device and then accessing the device, which triggers an Unsupported Request (UR) response. 2015-03-12 4.9 CVE-2015-2150
CONFIRM
zohocorp — manageengine_admanager_plus Multiple cross-site scripting (XSS) vulnerabilities in ZOHO ManageEngine ADManager Plus before 6.2 Build 6270 allow remote attackers to inject arbitrary web script or HTML via the (1) technicianSearchText parameter to the Help Desk Technician page or (2) rolesSearchText parameter to the Help Desk Roles. 2015-03-11 4.3 CVE-2015-1026
BUGTRAQ (link is external)

Back to top

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
apple — iphone_os Springboard in Apple iOS before 8.2 allows physically proximate attackers to bypass an intended activation requirement and read the home screen by leveraging an application crash during the activation process. 2015-03-12 1.9 CVE-2015-1064
CONFIRM (link is external)
APPLE (link is external)
emc — rsa_certificate_manager Cross-site scripting (XSS) vulnerability in EMC RSA Certificate Manager (RCM) before 6.9 build 558 and RSA Registration Manager (RRM) before 6.9 build 558 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to the CMP shared secret parameter. 2015-03-12 3.5 CVE-2015-0521
BUGTRAQ
ibm — rational_quality_manager Cross-site scripting (XSS) vulnerability in IBM Rational Quality Manager (RQM) 2.x and 3.x before 3.0.1.6 iFix 5, 4.x before 4.0.7 iFix3, and 5.x before 5.0.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. 2015-03-12 3.5 CVE-2014-6144
CONFIRM (link is external)
ibm — rational_team_concert Cross-site scripting (XSS) vulnerability in IBM Rational Team Concert 2.x and 3.x before 3.0.1.6 iFix 5, 4.x before 4.0.7 iFix3, and 5.x before 5.0.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2015-0123. 2015-03-12 3.5 CVE-2015-0122
CONFIRM (link is external)
ibm — rational_team_concert Cross-site scripting (XSS) vulnerability in IBM Rational Team Concert 2.x and 3.x before 3.0.1.6 iFix 5, 4.x before 4.0.7 iFix3, and 5.x before 5.0.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2015-0122. 2015-03-12 3.5 CVE-2015-0123
CONFIRM (link is external)
ibm — rational_quality_manager Cross-site scripting (XSS) vulnerability in IBM Rational Quality Manager (RQM) 4.x before 4.0.7 iFix3 and 5.x before 5.0.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. 2015-03-12 3.5 CVE-2015-0129
CONFIRM (link is external)
ibm — websphere_portal Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.0.0 through 8.0.0.1 CF15 and 8.5.0 before CF05 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. 2015-03-12 3.5 CVE-2015-0139
CONFIRM (link is external)
AIXAPAR (link is external)
ibm — websphere_portal Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.5.0 before CF05 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. 2015-03-12 3.5 CVE-2015-0177
CONFIRM (link is external)
AIXAPAR (link is external)
microsoft — windows_2003_server The kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 do not properly initialize function buffers, which allows local users to obtain sensitive information from kernel memory, and possibly bypass the ASLR protection mechanism, via a crafted application, aka “Microsoft Windows Kernel Memory Disclosure Vulnerability.” 2015-03-11 2.1 CVE-2015-0077
MS (link is external)
microsoft — windows_7 The Task Scheduler in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly constrain impersonation levels, which allows local users to bypass intended restrictions on launching executable files via a crafted task, aka “Task Scheduler Security Feature Bypass Vulnerability.” 2015-03-11 2.1 CVE-2015-0084
MS (link is external)
microsoft — windows_7 The kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 do not properly restrict the availability of address information during a function call, which makes it easier for local users to bypass the ASLR protection mechanism via a crafted application, aka “Microsoft Windows Kernel Memory Disclosure Vulnerability.” 2015-03-11 2.1 CVE-2015-0094
MS (link is external)
microsoft — sharepoint_foundation Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Foundation 2010 SP2, SharePoint Server 2010 SP2, SharePoint Foundation 2013 Gold and SP1, and SharePoint Server 2013 Gold and SP1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted request, aka “Microsoft SharePoint XSS Vulnerability.” 2015-03-11 3.5 CVE-2015-1633
MS (link is external)
microsoft — sharepoint_foundation Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Foundation 2013 Gold and SP1 and SharePoint Server 2013 Gold and SP1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted request, aka “Microsoft SharePoint XSS Vulnerability.” 2015-03-11 3.5 CVE-2015-1636
MS (link is external)
openkm — openkm Cross-site scripting (XSS) vulnerability in OpenKM before 6.4.19 (build 23338) allows remote authenticated users to inject arbitrary web script or HTML via the Subject field in a Task to frontend/index.jsp. 2015-03-11 3.5 CVE-2014-9017
MISC (link is external)
FULLDISC
FULLDISC
MISC (link is external)
siemens — spcanywhere The Siemens SPCanywhere application for Android does not properly store application passwords, which allows physically proximate attackers to obtain sensitive information by examining the device filesystem. 2015-03-06 2.1 CVE-2015-1598
CONFIRM (link is external)
siemens — spcanywhere The Siemens SPCanywhere application for iOS allows physically proximate attackers to bypass intended access restrictions by leveraging a filesystem architectural error. 2015-03-06 2.1 CVE-2015-1599
CONFIRM (link is external)
xen — xen The emulation routines for unspecified X86 devices in Xen 3.2.x through 4.5.x does not properly initialize data, which allow local HVM guest users to obtain sensitive information via vectors involving an unsupported access size. 2015-03-12 2.1 CVE-2015-2044
CONFIRM
SECTRACK (link is external)
xen — xen The HYPERVISOR_xen_version hypercall in Xen 3.2.x through 4.5.x does not properly initialize data structures, which allows local guest users to obtain sensitive information via unspecified vectors. 2015-03-12 2.1 CVE-2015-2045
CONFIRM
SECTRACK (link is external)

SB15-075 Vulnerability Summary for the Week of March 9, 2015 was originally published on Blogg'n @ ECI

March 16, 2015 - Posted by | IT Security, NewsUpdate, NIST, Security Alerts, Security Issues, US-CERT | , , , , , , , , , , , , , , , , , , ,

Sorry, the comment form is closed at this time.