ECI Blog @WordPress

Latest news from the ECI Networks Group

SB15-117 Vulnerability Summary for the Week of April 20, 2015

Original release date: April 27, 2015
The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week.

The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0
  • Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9
  • Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
apport_project — apport The crash reporting feature in Apport 2.13 through 2.17.x before 2.17.1 allows local users to gain privileges via a crafted usr/share/apport/apport file in a namespace (container). 2015-04-17 7.2 CVE-2015-1318
CONFIRM (link is external)
CONFIRM (link is external)
UBUNTU (link is external)
cisco — unified_meetingplace Unrestricted file upload vulnerability in the Custom Prompts upload implementation in Cisco Unified MeetingPlace 8.6(1.9) allows remote authenticated users to execute arbitrary code by using the languageShortName parameter to upload a file that provides shell access, aka Bug ID CSCus95712. 2015-04-20 9.0 CVE-2015-0702
CISCO (link is external)
google — chrome Use-after-free vulnerability in the RenderFrameImpl::OnMessageReceived function in content/renderer/render_frame_impl.cc in Google Chrome before 42.0.2311.90 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger renderer IPC messages during a detach operation. 2015-04-19 7.5 CVE-2015-1237
CONFIRM
CONFIRM (link is external)
CONFIRM (link is external)
google — chrome Skia, as used in Google Chrome before 42.0.2311.90, allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via unknown vectors. 2015-04-19 7.5 CVE-2015-1238
CONFIRM (link is external)
CONFIRM (link is external)
google — chrome The ReduceTransitionElementsKind function in hydrogen-check-elimination.cc in Google V8 before 4.2.77.8, as used in Google Chrome before 42.0.2311.90, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that leverages “type confusion” in the check-elimination optimization. 2015-04-19 7.5 CVE-2015-1242
CONFIRM
CONFIRM
CONFIRM (link is external)
CONFIRM (link is external)
google — chrome Multiple unspecified vulnerabilities in Google Chrome before 42.0.2311.90 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. 2015-04-19 7.5 CVE-2015-1249
CONFIRM (link is external)
CONFIRM (link is external)
CONFIRM (link is external)
CONFIRM (link is external)
CONFIRM (link is external)
CONFIRM (link is external)
CONFIRM (link is external)
CONFIRM (link is external)
CONFIRM (link is external)
CONFIRM (link is external)
CONFIRM (link is external)
CONFIRM (link is external)
CONFIRM (link is external)
CONFIRM (link is external)
CONFIRM (link is external)
CONFIRM (link is external)
CONFIRM (link is external)
CONFIRM (link is external)
CONFIRM (link is external)
CONFIRM (link is external)
CONFIRM (link is external)
CONFIRM (link is external)
CONFIRM (link is external)
CONFIRM (link is external)
CONFIRM (link is external)
CONFIRM (link is external)
CONFIRM (link is external)
google — chrome Multiple unspecified vulnerabilities in Google V8 before 4.2.77.14, as used in Google Chrome before 42.0.2311.90, allow attackers to cause a denial of service or possibly have other impact via unknown vectors. 2015-04-19 7.5 CVE-2015-3333
CONFIRM (link is external)
google — chrome The NaClSandbox::InitializeLayerTwoSandbox function in components/nacl/loader/sandbox_linux/nacl_sandbox_linux.cc in Google Chrome before 42.0.2311.90 does not have RLIMIT_AS and RLIMIT_DATA limits for Native Client (aka NaCl) processes, which might make it easier for remote attackers to conduct row-hammer attacks or have unspecified other impact by leveraging the ability to run a crafted program in the NaCl sandbox. 2015-04-19 7.5 CVE-2015-3335
CONFIRM (link is external)
CONFIRM (link is external)
ibm — domino IBM Domino 8.5 before 8.5.3 FP6 IF4 and 9.0 before 9.0.1 FP3 IF2 allows remote attackers to execute arbitrary code or cause a denial of service (integer truncation and application crash) via a crafted GIF image, aka SPR KLYH9T7NT9. 2015-04-21 10.0 CVE-2015-0135
CONFIRM (link is external)
kiegroup — drools XML external entity (XXE) vulnerability in Drools and jBPM before 6.2.0 allows remote attackers to read arbitrary files or possibly have other unspecified impact via a crafted BPMN2 file. 2015-04-21 7.5 CVE-2014-8125
CONFIRM (link is external)
CONFIRM (link is external)
CONFIRM (link is external)
REDHAT (link is external)
REDHAT (link is external)
microsoft — windows_7 Unspecified vulnerability in Microsoft Windows before 8 allows local users to gain privileges via unknown vectors, as exploited in the wild in April 2015. 2015-04-21 7.2 CVE-2015-1701
MISC (link is external)
MISC (link is external)
new_atlanta — blue_dragon Directory traversal vulnerability in the CFChart servlet (com.naryx.tagfusion.cfm.cfchartServlet) in New Atlanta BlueDragon before 7.1.1.18527 allows remote attackers to read or possibly delete arbitrary files via a .. (dot dot) in the QUERY_STRING to cfchart.cfchart. 2015-04-21 7.5 CVE-2014-5370
MISC (link is external)
FULLDISC
MISC (link is external)
searchblox — searchblox Unrestricted file upload vulnerability in admin/uploadImage.html in SearchBlox before 8.2 allows remote attackers to execute arbitrary code by uploading a file with an executable extension and the image/jpeg content type, a different vulnerability than CVE-2013-3590. 2015-04-17 7.5 CVE-2015-0968
CERT-VN
simple_ads_manager_project — simple_ads_manager Unrestricted file upload vulnerability in sam-ajax-admin.php in the Simple Ads Manager plugin before 2.5.96 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in the directory specified by the path parameter. 2015-04-21 7.5 CVE-2015-2825
CONFIRM
MISC (link is external)
FULLDISC
MISC (link is external)
sixapart — movabletype Format string vulnerability in Movable Type Pro, Open Source, and Advanced before 5.2.13 and Pro and Advanced 6.0.x before 6.0.8 allows remote attackers to execute arbitrary code via vectors related to localization of templates. 2015-04-17 7.5 CVE-2015-0845
CONFIRM
DEBIAN
tp-link — tl-wrd741nd_(5.0) Directory traversal vulnerability in TP-LINK Archer C5 (1.2) with firmware before 150317, C7 (2.0) with firmware before 150304, and C8 (1.0) with firmware before 150316, Archer C9 (1.0), TL-WDR3500 (1.0), TL-WDR3600 (1.0), and TL-WDR4300 (1.0) with firmware before 150302, TL-WR740N (5.0) and TL-WR741ND (5.0) with firmware before 150312, and TL-WR841N (9.0), TL-WR841N (10.0), TL-WR841ND (9.0), and TL-WR841ND (10.0) with firmware before 150310 allows remote attackers to read arbitrary files via a .. (dot dot) in the PATH_INFO to login/. 2015-04-21 7.8 CVE-2015-3035
CONFIRM (link is external)
CONFIRM (link is external)
CONFIRM (link is external)
CONFIRM (link is external)
CONFIRM (link is external)
CONFIRM (link is external)
CONFIRM (link is external)
CONFIRM (link is external)
CONFIRM (link is external)
CONFIRM (link is external)
CONFIRM (link is external)
MISC (link is external)
BUGTRAQ (link is external)
FULLDISC
MISC (link is external)
wikiwiki_project — wikiwiki SQL injection vulnerability in the WikiWiki module before 6.x-1.2 for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors. 2015-04-21 7.5 CVE-2015-3346
MISC
CONFIRM
MLIST (link is external)


Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
alfresco — alfresco Cross-site request forgery (CSRF) vulnerability in the Alfresco module before 6.x-1.3 for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that delete an alfresco node via unspecified vectors. 2015-04-21 5.8 CVE-2015-3366
MISC
CONFIRM
MLIST (link is external)
amazon_aws_project — amazon_aws The Amazon AWS module before 7.x-1.3 for Drupal uses the base URL and AWS access key to generate the access token, which makes it easier for remote attackers to guess the token value and create backups via a crafted URL. 2015-04-21 5.0 CVE-2015-3373
MISC
CONFIRM
MLIST (link is external)
CONFIRM
apache — tomcat_connectors Apache Tomcat Connectors (mod_jk) before 1.2.41 ignores JkUnmount rules for subtrees of previous JkMount rules, which allows remote attackers to access otherwise restricted artifacts via unspecified vectors. 2015-04-21 5.0 CVE-2014-8111
REDHAT (link is external)
REDHAT (link is external)
REDHAT (link is external)
REDHAT (link is external)
balanced — commerce_balanced_payments Cross-site request forgery (CSRF) vulnerability in the Commerce Balanced Payments module for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that delete the user’s configured bank accounts via unspecified vectors. 2015-04-21 5.8 CVE-2015-3388
MISC
MLIST (link is external)
batch_jobs_project — batch_jobs Multiple cross-site request forgery (CSRF) vulnerabilities in the Batch Jobs module before 7.x-1.2 for Drupal allow remote attackers to hijack the authentication of certain users for requests that (1) delete a batch job record or (2) execute a task via unspecified vectors. 2015-04-21 6.8 CVE-2015-3355
MISC
MISC
MLIST (link is external)
certify_project — certify The Certify module before 6.x-2.3 for Drupal does not properly perform node access checks, which allows remote authenticated users to bypass intended access restrictions and obtain sensitive PDF certificate information via vectors related to “showing (and creating) the PDF certificates.” 2015-04-22 4.0 CVE-2015-3404
MISC
CONFIRM
MLIST (link is external)
MLIST (link is external)
cisco — unified_meetingplace Cross-site scripting (XSS) vulnerability in the administrative web interface in Cisco Unified MeetingPlace 8.6(1.9) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCus95857. 2015-04-20 4.3 CVE-2015-0703
CISCO (link is external)
cisco — unified_meetingplace Multiple cross-site request forgery (CSRF) vulnerabilities in API features in Cisco Unified MeetingPlace 8.6(1.9) allow remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCus95884. 2015-04-21 6.8 CVE-2015-0704
CISCO (link is external)
cisco — unified_meetingplace Cross-site request forgery (CSRF) vulnerability in the SOAP API endpoints of the web-services directory in Cisco Unified MeetingPlace 8.6(1.9) allows remote attackers to hijack the authentication of administrators for requests that create administrative accounts, aka Bug ID CSCus97494. 2015-04-21 6.8 CVE-2015-0705
CISCO (link is external)
cisco — firesight_system_software Open redirect vulnerability in Cisco FireSIGHT System Software 5.3.1.1, 5.3.1.2, and 6.0.0 in FireSIGHT Management Center allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted HTTP header, aka Bug IDs CSCut06060, CSCut06056, and CSCus98966. 2015-04-22 5.8 CVE-2015-0706
CISCO (link is external)
cloudwords — cloudwords_for_multilingual Cross-site request forgery (CSRF) vulnerability in the Cloudwords for Multilingual Drupal module before 7.x-2.3 for Drupal allows remote attackers to hijack the authentication of unspecified victims via an unknown menu callback. 2015-04-21 6.8 CVE-2015-3347
MISC
CONFIRM
MLIST (link is external)
corner_project — _corner Multiple cross-site request forgery (CSRF) vulnerabilities in the Corner module for Drupal allow remote attackers to hijack the authentication of administrators for requests that (1) enable or (2) disable corners via unspecified vectors. 2015-04-21 5.8 CVE-2015-3374
MISC
MLIST (link is external)
dounokouno — transmitmail Cross-site scripting (XSS) vulnerability in TAGAWA Takao TransmitMail 1.0.11 through 1.5.8 allows remote attackers to inject arbitrary web script or HTML via a crafted filename. 2015-04-23 4.3 CVE-2015-0910
JVNDB (link is external)
JVN (link is external)
CONFIRM (link is external)
dounokouno — transmitmail Directory traversal vulnerability in TAGAWA Takao TransmitMail 1.0.11 through 1.5.8 allows remote attackers to read arbitrary files via vectors related to attachment handling. 2015-04-23 5.0 CVE-2015-0911
JVNDB (link is external)
JVN (link is external)
CONFIRM (link is external)
fibonacciorange — wedeal Open redirect vulnerability in the Commerce WeDeal module before 7.x-1.3 for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via an unspecified parameter. 2015-04-21 5.8 CVE-2015-3393
MISC
CONFIRM
XF (link is external)
MLIST (link is external)
funnymonkey — feature_set Multiple cross-site request forgery (CSRF) vulnerabilities in the Feature Set module for Drupal allow remote attackers to hijack the authentication of administrator for requests that (1) enable or (2) disable a module via unspecified vectors. 2015-04-21 5.8 CVE-2015-3380
MISC
MLIST (link is external)
google — chrome The ContainerNode::parserRemoveChild function in core/dom/ContainerNode.cpp in the HTML parser in Blink, as used in Google Chrome before 42.0.2311.90, allows remote attackers to bypass the Same Origin Policy via a crafted HTML document with an IFRAME element. 2015-04-19 5.0 CVE-2015-1235
CONFIRM
CONFIRM (link is external)
CONFIRM (link is external)
google — chrome The MediaElementAudioSourceNode::process function in modules/webaudio/MediaElementAudioSourceNode.cpp in the Web Audio API implementation in Blink, as used in Google Chrome before 42.0.2311.90, allows remote attackers to bypass the Same Origin Policy and obtain sensitive audio sample values via a crafted web site containing a media element. 2015-04-19 4.3 CVE-2015-1236
CONFIRM
CONFIRM (link is external)
CONFIRM (link is external)
google — chrome gpu/blink/webgraphicscontext3d_impl.cc in the WebGL implementation in Google Chrome before 42.0.2311.90 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WebGL program that triggers a state inconsistency. 2015-04-19 5.0 CVE-2015-1240
CONFIRM
CONFIRM (link is external)
CONFIRM (link is external)
google — chrome Google Chrome before 42.0.2311.90 does not properly consider the interaction of page navigation with the handling of touch events and gesture events, which allows remote attackers to trigger unintended UI actions via a crafted web site that conducts a “tapjacking” attack. 2015-04-19 4.3 CVE-2015-1241
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM (link is external)
CONFIRM (link is external)
google — chrome The URLRequest::GetHSTSRedirect function in url_request/url_request.cc in Google Chrome before 42.0.2311.90 does not replace the ws scheme with the wss scheme whenever an HSTS Policy is active, which makes it easier for remote attackers to obtain sensitive information by sniffing the network for WebSocket traffic. 2015-04-19 5.0 CVE-2015-1244
CONFIRM (link is external)
CONFIRM (link is external)
CONFIRM (link is external)
google — chrome Use-after-free vulnerability in the OpenPDFInReaderView::Update function in browser/ui/views/location_bar/open_pdf_in_reader_view.cc in Google Chrome before 41.0.2272.76 might allow user-assisted remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact by triggering interaction with a PDFium “Open PDF in Reader” button that has an invalid tab association. 2015-04-19 6.8 CVE-2015-1245
CONFIRM
CONFIRM (link is external)
CONFIRM (link is external)
google — chrome Blink, as used in Google Chrome before 42.0.2311.90, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. 2015-04-19 5.0 CVE-2015-1246
CONFIRM (link is external)
CONFIRM (link is external)
google — chrome The SearchEngineTabHelper::OnPageHasOSDD function in browser/ui/search_engines/search_engine_tab_helper.cc in Google Chrome before 42.0.2311.90 does not prevent use of a file: URL for an OpenSearch descriptor XML document, which might allow remote attackers to obtain sensitive information from local files via a crafted (1) http or (2) https web site. 2015-04-19 5.0 CVE-2015-1247
CONFIRM
CONFIRM (link is external)
CONFIRM (link is external)
google — chrome The FileSystem API in Google Chrome before 40.0.2214.91 allows remote attackers to bypass the SafeBrowsing for Executable Files protection mechanism by creating a .exe file in a temporary filesystem and then referencing this file with a filesystem:http: URL. 2015-04-19 4.3 CVE-2015-1248
CONFIRM (link is external)
CONFIRM (link is external)
google — chrome browser/ui/website_settings/website_settings.cc in Google Chrome before 42.0.2311.90 does not always display “Media: Allowed by you” in a Permissions table after the user has granted camera permission to a web site, which might make it easier for user-assisted remote attackers to obtain sensitive video data from a device’s physical environment via a crafted web site that turns on the camera at a time when the user believes that camera access is prohibited. 2015-04-19 4.3 CVE-2015-3334
CONFIRM (link is external)
CONFIRM (link is external)
google — chrome Google Chrome before 42.0.2311.90 does not always ask the user before proceeding with CONTENT_SETTINGS_TYPE_FULLSCREEN and CONTENT_SETTINGS_TYPE_MOUSELOCK changes, which allows user-assisted remote attackers to cause a denial of service (UI disruption) by constructing a crafted HTML document containing JavaScript code with requestFullScreen and requestPointerLock calls, and arranging for the user to access this document with a file: URL. 2015-04-19 4.3 CVE-2015-3336
CONFIRM (link is external)
CONFIRM (link is external)
htaccess_project — htaccess Multiple cross-site request forgery (CSRF) vulnerabilities in the Htaccess module before 7.x-2.3 for Drupal allow remote attackers to hijack the authentication of administrators for requests that (1) deploy or (2) delete an .htaccess file via unspecified vectors. 2015-04-21 6.8 CVE-2015-3349
MISC
CONFIRM
MLIST (link is external)
ibm — infosphere_biginsights The Big SQL component in IBM InfoSphere BigInsights 3.0 through 3.0.0.2 allows remote authenticated users to bypass intended HDFS data-access restrictions via (1) a crafted CREATE HADOOP TABLE statement referencing the data of an arbitrary user or (2) an import of a certain Hive table definition with the HCAT_SYNC_OBJECTS procedure. 2015-04-22 6.5 CVE-2015-1889
CONFIRM (link is external)
insite — node_basket Multiple cross-site request forgery (CSRF) vulnerabilities in the Node basket module for Drupal allow remote attackers to hijack the authentication of arbitrary users for requests that (1) add or (2) remove nodes from a basket via unspecified vectors. 2015-04-21 5.8 CVE-2015-3382
MISC
MLIST (link is external)
insite — node_basket Open redirect vulnerability in the Node basket module for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. 2015-04-21 5.8 CVE-2015-3383
MISC
MLIST (link is external)
jammer_project — jammer Multiple cross-site request forgery (CSRF) vulnerabilities in the Jammer module before 6.x-1.8 and 7.x-1.x before 7.x-1.4 for Drupal allow remote attackers to hijack the authentication of administrators for requests that delete a setting for (1) hidden form elements or (2) status messages via unspecified vectors, related to “report administration.” 2015-04-21 6.8 CVE-2015-3352
MISC
CONFIRM
CONFIRM
MLIST (link is external)
joshics — contact_form_fields Cross-site request forgery (CSRF) vulnerability in the Contact Form Fields module before 6.x-2.3 for Drupal allows remote attackers to hijack the authentication of administrators for requests that delete fields via unspecified vectors. 2015-04-21 6.8 CVE-2015-3363
MISC
CONFIRM
MLIST (link is external)
landesk — landesk_management_suite Multiple cross-site request forgery (CSRF) vulnerabilities in Landesk Management Suite 9.6 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) start, (2) stop, or (3) restart services via a request to remote/serverServices.aspx. 2015-04-21 6.8 CVE-2014-5361
BUGTRAQ (link is external)
MISC (link is external)
levelteninteractive — content_analysis Cross-site scripting (XSS) vulnerability in the Content Analysis module before 6.x-1.7 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, which are not properly handled in a log message. 2015-04-21 4.3 CVE-2015-3364
MISC
CONFIRM
MLIST (link is external)
linux — linux_kernel net/llc/sysctl_net_llc.c in the Linux kernel before 3.19 uses an incorrect data type in a sysctl table, which allows local users to obtain potentially sensitive information from kernel memory or possibly have unspecified other impact by accessing a sysctl entry. 2015-04-21 4.6 CVE-2015-2041
CONFIRM (link is external)
CONFIRM (link is external)
MLIST (link is external)
CONFIRM
linux — linux_kernel net/rds/sysctl.c in the Linux kernel before 3.19 uses an incorrect data type in a sysctl table, which allows local users to obtain potentially sensitive information from kernel memory or possibly have unspecified other impact by accessing a sysctl entry. 2015-04-21 4.6 CVE-2015-2042
CONFIRM (link is external)
CONFIRM (link is external)
MLIST (link is external)
CONFIRM
log_watcher_project — log_watcher Multiple cross-site request forgery (CSRF) vulnerabilities in the Log Watcher module before 6.x-1.2 for Drupal allow remote attackers to hijack the authentication of administrators for requests that (1) enable, (2) disable, or (3) delete a report via unspecified vectors. 2015-04-21 6.8 CVE-2015-3351
MISC
CONFIRM
MLIST (link is external)
niif — shibboleth_authentication_module Cross-site request forgery (CSRF) vulnerability in the Shibboleth Authentication module before 6.x-4.1 and 7.x-4.x before 7.x-4.1 for Drupal allows remote attackers to hijack the authentication of administrators for requests that delete user role matching rules via unspecified vectors. 2015-04-21 5.8 CVE-2015-3375
MISC
CONFIRM
CONFIRM
MLIST (link is external)
node_invite_project — node_invite Cross-site request forgery (CSRF) vulnerability in the Node Invite module before 6.x-2.5 for Drupal allows remote attackers to hijack the authentication of users with the “node_invite_can_manage_invite” permission for requests that re-enable node invitations via unspecified vectors. 2015-04-21 6.8 CVE-2015-3370
MISC
CONFIRM
MLIST (link is external)
node_invite_project — node_invite Open redirect vulnerability in the Node Invite module before 6.x-2.5 for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the destination parameter. 2015-04-21 5.8 CVE-2015-3371
MISC
CONFIRM
MLIST (link is external)
opac_project — opac Cross-site request forgery (CSRF) vulnerability in the OPAC module before 7.x-2.3 for Drupal allows remote attackers to hijack the authentication of unspecified victims for requests that remove a mapping via unknown vectors. 2015-04-21 6.8 CVE-2015-3343
MISC
CONFIRM
MLIST (link is external)
openstack — keystonemiddleware The s3_token middleware in OpenStack keystonemiddleware before 1.6.0 and python-keystoneclient before 1.4.0 disables certification verification when the “insecure” option is set in a paste configuration (paste.ini) file regardless of the value, which allows remote attackers to conduct man-in-the-middle attacks via a crafted certificate, a different vulnerability than CVE-2014-7144. 2015-04-17 4.3 CVE-2015-1852
CONFIRM (link is external)
MLIST
openstack — swift OpenStack Object Storage (Swift) before 2.3.0, when allow_version is configured, allows remote authenticated users to delete the latest version of an object by leveraging listing access to the x-versions-location container. 2015-04-17 5.5 CVE-2015-1856
CONFIRM (link is external)
MLIST
path_breadcrumbs_project — path_breadcrumbs The Path Breadcrumbs module before 7.x-3.2 for Drupal allows remote attackers to bypass intended access restrictions and obtaining sensitive node titles by reading a 403 Not Found page. 2015-04-21 5.0 CVE-2015-3391
MISC
CONFIRM
XF (link is external)
MLIST (link is external)
patterns — patterns Multiple cross-site request forgery (CSRF) vulnerabilities in the Patterns module before 7.x-2.2 for Drupal allow remote attackers to hijack the authentication of administrators for requests that (1) restore, (2) publish, or (3) unpublish a pattern via unspecified vectors. 2015-04-21 6.8 CVE-2015-3367
MISC
CONFIRM
MLIST (link is external)
phplist_integration_project — phplist_integration SQL injection vulnerability in the PHPlist Integration Module before 6.x-1.7 for Drupal allows remote administrators to execute arbitrary SQL commands via unspecified vectors, related to the “phpList database.” 2015-04-21 6.5 CVE-2015-3345
MISC
CONFIRM
MLIST (link is external)
qemu — qemu The (1) BMDMA and (2) AHCI HBA interfaces in the IDE functionality in QEMU 1.0 through 2.1.3 have multiple interpretations of a function’s return value, which allows guest OS users to cause a host OS denial of service (memory consumption or infinite loop, and system crash) via a PRDT with zero complete sectors, related to the bmdma_prepare_buf and ahci_dma_prepare_buf functions. 2015-04-21 4.9 CVE-2014-9718
MLIST (link is external)
CONFIRM
searchblox — searchblox Multiple cross-site scripting (XSS) vulnerabilities in SearchBlox before 8.2 allow remote attackers to inject arbitrary web script or HTML via (1) the search field in plugin/index.html or (2) the title field in the Create Featured Result form in admin/main.jsp. 2015-04-17 4.3 CVE-2015-0967
CERT-VN
searchblox — searchblox SearchBlox before 8.2 allows remote attackers to obtain sensitive information via a pretty=true action to the _cluster/health URI. 2015-04-17 5.0 CVE-2015-0969
CERT-VN
searchblox — searchblox Cross-site request forgery (CSRF) vulnerability in SearchBlox before 8.2 allows remote attackers to hijack the authentication of arbitrary users. 2015-04-17 6.8 CVE-2015-0970
CERT-VN
symantec — workspace_streaming Unquoted Windows search path vulnerability in the agent in Symantec Workspace Streaming (SWS) 6.1 before SP8 MP2 HF7 and 7.5 before SP1 HF4, when AppMgrService.exe is configured as a service, allows local users to gain privileges via a Trojan horse executable file in the %SYSTEMDRIVE% directory, as demonstrated by program.exe. 2015-04-22 6.9 CVE-2015-1484
CONFIRM (link is external)
BID (link is external)
tadaa!_project — tadaa! Multiple cross-site request forgery (CSRF) vulnerabilities in the Tadaa! module before 7.x-1.4 for Drupal allow remote attackers to hijack the authentication of arbitrary users for requests that (1) enable or (2) disable modules or (3) change variables via unspecified vectors. 2015-04-21 6.8 CVE-2015-3356
CONFIRM
MISC
MLIST (link is external)
tadaa!_project — tadaa! Multiple open redirect vulnerabilities in the Tadaa! module before 7.x-1.4 for Drupal allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a destination parameter, related to callbacks that (1) enable and disable modules or (2) change variables. 2015-04-21 5.8 CVE-2015-3358
MISC
CONFIRM
MLIST (link is external)
todo_filter_project — todo_filter Cross-site request forgery (CSRF) vulnerability in the Todo Filter module before 6.x-1.1 and 7.x-1.x before 7.x-1.1 for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that toggle a task via unspecified vectors. 2015-04-21 6.8 CVE-2015-3350
MISC
CONFIRM
CONFIRM
MLIST (link is external)
ubercart_currency_conversion_project — ubercart_currency_conversion Open redirect vulnerability in the Ubercart Currency Conversion module before 6.x-1.2 for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the destination query parameter. 2015-04-21 5.8 CVE-2015-3342
MISC
CONFIRM
BID (link is external)
MLIST (link is external)
views_project — views Open redirect vulnerability in the Views module before 6.x-2.18, 6.x-3.x before 6.x-3.2, and 7.x-3.x before 7.x-3.10 for Drupal, when the Views UI submodule is enabled, allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via vectors related to the break lock page for edited views. 2015-04-21 4.9 CVE-2015-3378
MISC
CONFIRM
CONFIRM
CONFIRM
MLIST (link is external)
views_project — views The Views module before 6.x-2.18, 6.x-3.x before 6.x-3.2, and 7.x-3.x before 7.x-3.10 for Drupal does not properly restrict access to the default views configurations, which allows remote authenticated users to obtain sensitive information via unspecified vectors. 2015-04-21 4.0 CVE-2015-3379
MISC
CONFIRM
CONFIRM
CONFIRM
MLIST (link is external)
wishlist_project — wishlist Cross-site request forgery (CSRF) vulnerability in the Wishlist module before 6.x-2.7 and 7.x-2.x before 7.x-2.7 for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that delete wishlist purchase intentions via unspecified vectors. 2015-04-21 5.8 CVE-2015-3354
MISC
CONFIRM
CONFIRM
MLIST (link is external)


Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
ajax_timeline_project — ajax_timeline Cross-site scripting (XSS) vulnerability in the Ajax Timeline module before 7.x-1.1 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a node title. 2015-04-21 3.5 CVE-2015-3392
MISC
CONFIRM
XF (link is external)
MLIST (link is external)
cisco — firesight_system_software Cross-site scripting (XSS) vulnerability in Cisco FireSIGHT System Software 5.3.1.1 and 6.0.0 in FireSIGHT Management Center allows remote authenticated users to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCus85425. 2015-04-22 3.5 CVE-2015-0707
CISCO (link is external)
cloudwords — cloudwords_for_multilingual Cross-site scripting (XSS) vulnerability in the Cloudwords for Multilingual Drupal module before 7.x-2.3 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a node title. 2015-04-21 3.5 CVE-2015-3348
MISC
CONFIRM
MLIST (link is external)
commerce_balanced_payments_project — commerce_balanced_payments Cross-site scripting (XSS) vulnerability in the Bank Account Listing Page in the Commerce Balanced Payments module for Drupal allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. 2015-04-21 3.5 CVE-2015-3384
MISC
MLIST (link is external)
dlc_solutions — course Cross-site scripting (XSS) vulnerability in the Course module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.4 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a node title. 2015-04-21 3.5 CVE-2015-3344
MISC
CONFIRM
CONFIRM
MLIST (link is external)
facebook_album_fetcher_project — facebook_album_fetcher Cross-site scripting (XSS) vulnerability in the Facebook Album Fetcher module for Drupal allows remote authenticated users with the “access administration pages” permission to inject arbitrary web script or HTML via unspecified vectors. 2015-04-21 3.5 CVE-2015-3390
MISC
XF (link is external)
MLIST (link is external)
field_display_label_project — field_display_label Cross-site scripting (XSS) vulnerability in the Field Display Label module before 7.x-1.3 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via the alternate field label in content types settings. 2015-04-21 3.5 CVE-2015-3353
MISC
CONFIRM
MLIST (link is external)
insite — node_basket Cross-site scripting (XSS) vulnerability in the Node basket module for Drupal allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. 2015-04-21 3.5 CVE-2015-3381
MISC
MLIST (link is external)
linkit_project — linkit Cross-site scripting (XSS) vulnerability in the Linkit module before 7.x-2.7 and 7.x-3.x before 7.x-3.3 for Drupal, when the node search plugin is enabled, allows remote authenticated users to inject arbitrary web script or HTML via a node title. 2015-04-21 2.1 CVE-2015-3361
MISC
CONFIRM
CONFIRM
MLIST (link is external)
node_access_product_project — node_access_product Cross-site scripting (XSS) vulnerability in the Node Access Product module for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a node title. 2015-04-21 3.5 CVE-2015-3386
MISC
MLIST (link is external)
node_invite_project — node_invite Cross-site scripting (XSS) vulnerability in the Node Invite module before 6.x-2.5 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a node title. 2015-04-21 3.5 CVE-2015-3372
MISC
CONFIRM
MLIST (link is external)
nodeauthor_project — nodeauthor Cross-site scripting (XSS) vulnerability in the nodeauthor module for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a Profile2 field in a provided block. 2015-04-21 3.5 CVE-2015-3365
MISC
MLIST (link is external)
osinet — classified_ads Cross-site scripting (XSS) vulnerability in the administration user interface in the Classified Ads module before 6.x-3.1 and 7.x-3.x before 7.x-3.1 for Drupal allows remote authenticated users with the “administer taxonomy” permission to inject arbitrary web script or HTML via a category name. 2015-04-21 3.5 CVE-2015-3368
MISC
CONFIRM
CONFIRM
MLIST (link is external)
public_download_count_project — public_download_count Cross-site scripting (XSS) vulnerability in the Download counts report page in the Public Download Count module (pubdlcnt) 7.x-1.x-dev and earlier for Drupal allows remote authnticated users to inject arbitrary web script or HTML via unspecified vectors. 2015-04-21 3.5 CVE-2015-3389
MISC
XF (link is external)
MLIST (link is external)
quizzler_project — quizzler Cross-site scripting (XSS) vulnerability in the Quizzler module before 7-x.1.16 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a node title. 2015-04-21 3.5 CVE-2015-3376
MISC
CONFIRM
MLIST (link is external)
randall_library — room_reservations Multiple cross-site scripting (XSS) vulnerabilities in the Room Reservations module before 7.x-1.1 for Drupal allow remote authenticated users with the “Administer the room reservations system” permission to inject arbitrary web script or HTML via the (1) node title of a “Room Reservations Category” or (2) body of a “Room Reservations Room” node. 2015-04-21 3.5 CVE-2015-3359
MISC
CONFIRM
MLIST (link is external)
redhat — jboss_enterprise_application_platform The default configuration for the Command Line Interface in Red Hat Enterprise Application Platform before 6.4.0 and WildFly (formerly JBoss Application Server) uses weak permissions for .jboss-cli-history, which allows local users to obtain sensitive information via unspecified vectors. 2015-04-21 2.1 CVE-2014-3586
CONFIRM (link is external)
REDHAT (link is external)
REDHAT (link is external)
REDHAT (link is external)
REDHAT (link is external)
taxonews_project — taxonews Cross-site scripting (XSS) vulnerability in the Taxonews module before 6.x-1.2 and 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the “administer taxonomy” permission to inject arbitrary web script or HTML via a term name in a block. 2015-04-21 3.5 CVE-2015-3369
MISC
CONFIRM
CONFIRM
MLIST (link is external)
taxonomy_path_project — taxonomy_path Cross-site scripting (XSS) vulnerability in the Taxonomy Path module before 7.x-1.2 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via the “Link to path” field formatter. 2015-04-21 3.5 CVE-2015-3385
MISC
CONFIRM
MLIST (link is external)
taxonomy_tools_project — taxonomy_tools Multiple cross-site scripting (XSS) vulnerabilities in the Taxonomy Tools module before 7.x-1.4 for Drupal allow remote authenticated users to inject arbitrary web script or HTML via a (1) node or (2) taxonomy term title. 2015-04-21 3.5 CVE-2015-3387
MISC
CONFIRM
MLIST (link is external)
term_merge_project — term_merge Cross-site scripting (XSS) vulnerability in the Term Merge module before 7.x-1.2 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. 2015-04-21 3.5 CVE-2015-3360
MISC
CONFIRM
MLIST (link is external)
video_project — video Cross-site scripting (XSS) vulnerability in the Video module before 7.x-2.11 for Drupal, when using the video WYSIWYG plugin, allows remote authenticated users to inject arbitrary web script or HTML via a node title. 2015-04-21 3.5 CVE-2015-3362
MISC
CONFIRM
MLIST (link is external)
wishlist_project — wishlist Cross-site scripting (XSS) vulnerability in the Wishlist module before 6.x-2.7 and 7.x-2.x before 7.x-2.7 for Drupal allows remote authenticated users with the “access wishlists” permission to inject arbitrary web script or HTML via unspecified vectors, which are not properly handled in a log message. 2015-04-21 3.5 CVE-2015-3357
MISC
CONFIRM
CONFIRM
MLIST (link is external)

#post-1232 .CPlase_panel {display:none;}

SB15-117 Vulnerability Summary for the Week of April 20, 2015 was originally published on Blogg'n @ ECI

April 29, 2015 - Posted by | IT Security, NewsUpdate, Security Alerts, Security Issues, US-CERT | , , , , , , , , , , , , , , , , , , , , , ,

Sorry, the comment form is closed at this time.