tower4
tower1
cat52
tower3
wifi3
wifi1
cat51
tower2
wifi2
tower5
Security and Firewalls PDF Print E-mail
Written by Administrator   
Tuesday, April 26 2011 09:15

In today's internet, intrusion dectection is a must to ensure data reliablity for all parties. Nexus offers a state-of-the-art security solution to combat unauthorized access to your network. Firewalls are monitored contantly 24x7 by a trained staff with failsafe backup servers at every turn. Whether wirleline or wireless, Nexus has the manpower and resourses to protect your data.

 

Last Updated on Wednesday, March 27 2013 08:26
 

CERT Cyber Security Bulletins

US-CERT Bulletins
Alerts warn about vulnerabilities, incidents, and other security issues that pose a significant risk.
  • SB15-110: Vulnerability Summary for the Week of April 13, 2015
    Original release date: April 20, 2015

    The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

    The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

    • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

    • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

    • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

    Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

    High Vulnerabilities

    Primary
    Vendor -- Product
    DescriptionPublishedCVSS ScoreSource & Patch Info
    adobe -- flash_playerDouble free vulnerability in Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0359.2015-04-1410.0CVE-2015-0346
    CONFIRM
    adobe -- flash_playerAdobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0350, CVE-2015-0352, CVE-2015-0353, CVE-2015-0354, CVE-2015-0355, CVE-2015-0360, CVE-2015-3038, CVE-2015-3041, CVE-2015-3042, and CVE-2015-3043.2015-04-1410.0CVE-2015-0347
    CONFIRM
    adobe -- flash_playerBuffer overflow in Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code via unspecified vectors.2015-04-1410.0CVE-2015-0348
    CONFIRM
    adobe -- flash_playerUse-after-free vulnerability in Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0351, CVE-2015-0358, and CVE-2015-3039.2015-04-1410.0CVE-2015-0349
    CONFIRM
    adobe -- flash_playerAdobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0347, CVE-2015-0352, CVE-2015-0353, CVE-2015-0354, CVE-2015-0355, CVE-2015-0360, CVE-2015-3038, CVE-2015-3041, CVE-2015-3042, and CVE-2015-3043.2015-04-1410.0CVE-2015-0350
    CONFIRM
    adobe -- flash_playerUse-after-free vulnerability in Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0349, CVE-2015-0358, and CVE-2015-3039.2015-04-1410.0CVE-2015-0351
    CONFIRM
    adobe -- flash_playerAdobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0347, CVE-2015-0350, CVE-2015-0353, CVE-2015-0354, CVE-2015-0355, CVE-2015-0360, CVE-2015-3038, CVE-2015-3041, CVE-2015-3042, and CVE-2015-3043.2015-04-1410.0CVE-2015-0352
    CONFIRM
    adobe -- flash_playerAdobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0347, CVE-2015-0350, CVE-2015-0352, CVE-2015-0354, CVE-2015-0355, CVE-2015-0360, CVE-2015-3038, CVE-2015-3041, CVE-2015-3042, and CVE-2015-3043.2015-04-1410.0CVE-2015-0353
    CONFIRM
    adobe -- flash_playerAdobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0347, CVE-2015-0350, CVE-2015-0352, CVE-2015-0353, CVE-2015-0355, CVE-2015-0360, CVE-2015-3038, CVE-2015-3041, CVE-2015-3042, and CVE-2015-3043.2015-04-1410.0CVE-2015-0354
    CONFIRM
    adobe -- flash_playerAdobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0347, CVE-2015-0350, CVE-2015-0352, CVE-2015-0353, CVE-2015-0354, CVE-2015-0360, CVE-2015-3038, CVE-2015-3041, CVE-2015-3042, and CVE-2015-3043.2015-04-1410.0CVE-2015-0355
    CONFIRM
    adobe -- flash_playerAdobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code by leveraging an unspecified "type confusion."2015-04-1410.0CVE-2015-0356
    CONFIRM
    adobe -- flash_playerUse-after-free vulnerability in Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0349, CVE-2015-0351, and CVE-2015-3039.2015-04-1410.0CVE-2015-0358
    CONFIRM
    adobe -- flash_playerDouble free vulnerability in Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0346.2015-04-1410.0CVE-2015-0359
    CONFIRM
    adobe -- flash_playerAdobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0347, CVE-2015-0350, CVE-2015-0352, CVE-2015-0353, CVE-2015-0354, CVE-2015-0355, CVE-2015-3038, CVE-2015-3041, CVE-2015-3042, and CVE-2015-3043.2015-04-1410.0CVE-2015-0360
    CONFIRM
    adobe -- flash_playerAdobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0347, CVE-2015-0350, CVE-2015-0352, CVE-2015-0353, CVE-2015-0354, CVE-2015-0355, CVE-2015-0360, CVE-2015-3041, CVE-2015-3042, and CVE-2015-3043.2015-04-1410.0CVE-2015-3038
    CONFIRM
    adobe -- flash_playerUse-after-free vulnerability in Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0349, CVE-2015-0351, and CVE-2015-0358.2015-04-1410.0CVE-2015-3039
    CONFIRM
    adobe -- flash_playerAdobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0347, CVE-2015-0350, CVE-2015-0352, CVE-2015-0353, CVE-2015-0354, CVE-2015-0355, CVE-2015-0360, CVE-2015-3038, CVE-2015-3042, and CVE-2015-3043.2015-04-1410.0CVE-2015-3041
    CONFIRM
    adobe -- flash_playerAdobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0347, CVE-2015-0350, CVE-2015-0352, CVE-2015-0353, CVE-2015-0354, CVE-2015-0355, CVE-2015-0360, CVE-2015-3038, CVE-2015-3041, and CVE-2015-3043.2015-04-1410.0CVE-2015-3042
    CONFIRM
    adobe -- flash_playerAdobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, as exploited in the wild in April 2015, a different vulnerability than CVE-2015-0347, CVE-2015-0350, CVE-2015-0352, CVE-2015-0353, CVE-2015-0354, CVE-2015-0355, CVE-2015-0360, CVE-2015-3038, CVE-2015-3041, and CVE-2015-3042.2015-04-1410.0CVE-2015-3043
    CONFIRM
    apple -- apple_tvIOHIDFamily in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted HID device.2015-04-107.2CVE-2015-1095
    CONFIRM
    CONFIRM
    CONFIRM
    SECTRACK
    APPLE
    APPLE
    APPLE
    apple -- apple_tvThe kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 does not properly handle TCP headers, which allows man-in-the-middle attackers to cause a denial of service via unspecified vectors.2015-04-107.1CVE-2015-1102
    CONFIRM
    CONFIRM
    CONFIRM
    SECTRACK
    APPLE
    APPLE
    APPLE
    apple -- apple_tvThe kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 makes routing changes in response to ICMP_REDIRECT messages, which allows remote attackers to cause a denial of service (network outage) or obtain sensitive packet-content information via a crafted ICMP packet.2015-04-107.5CVE-2015-1103
    CONFIRM
    CONFIRM
    CONFIRM
    SECTRACK
    APPLE
    APPLE
    APPLE
    apple -- mac_os_xThe XPC implementation in Admin Framework in Apple OS X before 10.10.3 allows local users to bypass authentication and obtain admin privileges via unspecified vectors.2015-04-107.2CVE-2015-1130
    CONFIRM
    SECTRACK
    APPLE
    apple -- mac_os_xfontd in Apple Type Services (ATS) in Apple OS X before 10.10.3 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-1132, CVE-2015-1133, CVE-2015-1134, and CVE-2015-1135.2015-04-107.2CVE-2015-1131
    CONFIRM
    SECTRACK
    APPLE
    apple -- mac_os_xfontd in Apple Type Services (ATS) in Apple OS X before 10.10.3 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-1131, CVE-2015-1133, CVE-2015-1134, and CVE-2015-1135.2015-04-1010.0CVE-2015-1132
    CONFIRM
    SECTRACK
    APPLE
    apple -- mac_os_xfontd in Apple Type Services (ATS) in Apple OS X before 10.10.3 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-1131, CVE-2015-1132, CVE-2015-1134, and CVE-2015-1135.2015-04-107.2CVE-2015-1133
    CONFIRM
    SECTRACK
    APPLE
    apple -- mac_os_xfontd in Apple Type Services (ATS) in Apple OS X before 10.10.3 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-1131, CVE-2015-1132, CVE-2015-1133, and CVE-2015-1135.2015-04-107.2CVE-2015-1134
    CONFIRM
    SECTRACK
    APPLE
    apple -- mac_os_xfontd in Apple Type Services (ATS) in Apple OS X before 10.10.3 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-1131, CVE-2015-1132, CVE-2015-1133, and CVE-2015-1134.2015-04-107.2CVE-2015-1135
    CONFIRM
    SECTRACK
    APPLE
    apple -- mac_os_xThe NVIDIA graphics driver in Apple OS X before 10.10.3 allows local users to gain privileges or cause a denial of service (NULL pointer dereference) via an unspecified IOService userclient type.2015-04-107.2CVE-2015-1137
    CONFIRM
    SECTRACK
    APPLE
    apple -- mac_os_xBuffer overflow in IOHIDFamily in Apple OS X before 10.10.3 allows local users to gain privileges via unspecified vectors.2015-04-107.2CVE-2015-1140
    CONFIRM
    SECTRACK
    APPLE
    apple -- mac_os_xLaunchServices in Apple OS X before 10.10.3 allows local users to gain privileges via a crafted localized string, related to a "type confusion" issue.2015-04-107.2CVE-2015-1143
    CONFIRM
    SECTRACK
    APPLE
    apple -- mac_os_xBuffer overflow in the UniformTypeIdentifiers component in Apple OS X before 10.10.3 allows local users to gain privileges via a crafted Uniform Type Identifier.2015-04-107.2CVE-2015-1144
    CONFIRM
    SECTRACK
    APPLE
    apple -- xcodeInteger overflow in the simulator in Swift in Apple Xcode before 6.3 allows context-dependent attackers to cause a denial of service or possibly have unspecified other impact by triggering an incorrect result of a type conversion.2015-04-107.5CVE-2015-1149
    CONFIRM
    SECTRACK
    APPLE
    bittorrent -- syncBitTorrent Sync allows remote attackers to execute arbitrary commands via a crafted btsync: link.2015-04-139.3CVE-2015-2846
    MISC
    boosted -- boosted_boardsUnspecified vulnerability in Boosted Boards skateboards allows physically proximate attackers to modify skateboard movement, cause human injury, or cause physical damage via vectors related to an "injection attack" that blocks and hijacks a Bluetooth signal.2015-04-108.3CVE-2015-2247
    MISC
    MISC
    MISC
    MISC
    cisco -- adaptive_security_appliance_softwareThe failover ipsec implementation in Cisco Adaptive Security Appliance (ASA) Software 9.1 before 9.1(6), 9.2 before 9.2(3.3), and 9.3 before 9.3(3) does not properly validate failover communication messages, which allows remote attackers to reconfigure an ASA device, and consequently obtain administrative control, by sending crafted UDP packets over the local network to the failover interface, aka Bug ID CSCur21069.2015-04-128.3CVE-2015-0675
    SECTRACK
    CISCO
    cisco -- adaptive_security_appliance_softwareThe DNS implementation in Cisco Adaptive Security Appliance (ASA) Software 7.2 before 7.2(5.16), 8.2 before 8.2(5.57), 8.3 before 8.3(2.44), 8.4 before 8.4(7.28), 8.5 before 8.5(1.24), 8.6 before 8.6(1.17), 8.7 before 8.7(1.16), 9.0 before 9.0(4.33), 9.1 before 9.1(6.1), 9.2 before 9.2(3.4), and 9.3 before 9.3(3) allows man-in-the-middle attackers to cause a denial of service (memory consumption or device outage) by triggering outbound DNS queries and then sending crafted responses to these queries, aka Bug ID CSCuq77655.2015-04-127.1CVE-2015-0676
    SECTRACK
    CISCO
    cisco -- adaptive_security_appliance_softwareThe XML parser in Cisco Adaptive Security Appliance (ASA) Software 8.4 before 8.4(7.28), 8.6 before 8.6(1.17), 9.0 before 9.0(4.33), 9.1 before 9.1(6), 9.2 before 9.2(3.4), and 9.3 before 9.3(3), when Clientless SSL VPN, AnyConnect SSL VPN, or AnyConnect IKEv2 VPN is used, allows remote attackers to cause a denial of service (VPN outage or device reload) via a crafted XML document, aka Bug ID CSCus95290.2015-04-127.8CVE-2015-0677
    SECTRACK
    CISCO
    cisco -- asa_cx_context-aware_security_softwareThe virtualization layer in Cisco ASA FirePOWER Software before 5.3.1.2 and 5.4.x before 5.4.0.1 and ASA Context-Aware (CX) Software before 9.3.2.1-9 allows remote attackers to cause a denial of service (device reload) by rapidly sending crafted packets to the management interface, aka Bug IDs CSCus11007 and CSCun56954.2015-04-107.8CVE-2015-0678
    SECTRACK
    CISCO
    cisco -- secure_desktopA certain Cisco JAR file, as distributed in Cache Cleaner in Cisco Secure Desktop (CSD), allows remote attackers to execute arbitrary commands via a crafted web site, aka Bug ID CSCup83001.2015-04-169.3CVE-2015-0691
    CISCO
    cisco -- web_security_applianceCisco Web Security Appliance (WSA) devices with software 8.5.0-ise-147 do not properly restrict use of the pickle Python module during certain tunnel-status checks, which allows local users to execute arbitrary Python code and gain privileges via crafted serialized objects, aka Bug ID CSCut39230.2015-04-107.2CVE-2015-0692
    CISCO
    cisco -- web_security_applianceCisco Web Security Appliance (WSA) devices with software 8.5.0-ise-147 do not properly restrict use of the pickle Python module during certain tunnel-status checks, which allows local users to execute arbitrary Python code and gain privileges via a crafted pickle file, aka Bug ID CSCut39259.2015-04-157.2CVE-2015-0693
    CISCO
    cisco -- ios_xrCisco IOS XR 4.3.4 through 5.3.0 on ASR 9000 devices, when uRPF, PBR, QoS, or an ACL is configured, does not properly handle bridge-group virtual interface (BVI) traffic, which allows remote attackers to cause a denial of service (chip and card hangs and reloads) by triggering use of a BVI interface for IPv4 packets, aka Bug ID CSCur62957.2015-04-167.8CVE-2015-0695
    CISCO
    das_watchdog_project -- das_watchdogBuffer overflow in das_watchdog 0.9.0 allows local users to execute arbitrary code with root privileges via a large string in the XAUTHORITY environment variable.2015-04-147.2CVE-2015-2831
    CONFIRM
    MLIST
    MLIST
    DEBIAN
    debian -- dbd-firebirdMultiple stack-based buffer overflows in the ib_fill_isqlda function in dbdimp.c in DBD-Firebird before 1.19 allow remote attackers to have unspecified impact via unknown vectors that trigger an error condition, related to binding octets to columns.2015-04-1410.0CVE-2015-2788
    CONFIRM
    CONFIRM
    MLIST
    MLIST
    DEBIAN
    emc -- networkerBuffer overflow in an unspecified function in nsr_render_log in EMC NetWorker before 8.0.4.3, 8.1.x before 8.1.2.6, and 8.2.x before 8.2.1.2 allows local users to gain privileges via unknown vectors.2015-04-167.2CVE-2015-0530
    BUGTRAQ
    fiyo -- fiyo_cmsMultiple SQL injection vulnerabilities in Fiyo CMS 2.0.1.8 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in an edit action to dapur/index.php; (2) cat, (3) user, or (4) level parameter to dapur/apps/app_article/controller/article_list.php; or (5) email parameter in an email action or (6) username parameter in a user action to dapur/apps/app_user/controller/check_user.php.2015-04-147.5CVE-2014-9145
    MISC
    glpi-project -- glpiDirectory traversal vulnerability in inc/autoload.function.php in GLPI before 0.84.8 allows remote attackers to include and execute arbitrary local files via a .._ (dot dot underscore) in an item type to the getItemForItemtype, as demonstrated by the itemtype parameter in ajax/common.tabs.php.2015-04-147.5CVE-2014-8360
    CONFIRM
    MANDRIVA
    CONFIRM
    MISC
    CONFIRM
    gnu -- lessThe is_utf8_well_formed function in GNU less before 475 allows remote attackers to have unspecified impact via malformed UTF-8 characters, which triggers an out-of-bounds read.2015-04-1410.0CVE-2014-9488
    MISC
    MANDRIVA
    SUSE
    CONFIRM
    gnu -- mailmanDirectory traversal vulnerability in GNU Mailman before 2.1.20, when not using a static alias, allows remote attackers to execute arbitrary files via a .. (dot dot) in a list name.2015-04-137.6CVE-2015-2775
    MLIST
    MLIST
    MLIST
    CONFIRM
    UBUNTU
    SECTRACK
    DEBIAN
    gnu -- libtasn1Stack-based buffer overflow in asn1_der_decoding in libtasn1 before 4.4 allows remote attackers to have unspecified impact via unknown vectors.2015-04-1010.0CVE-2015-2806
    UBUNTU
    MLIST
    MLIST
    MANDRIVA
    DEBIAN
    CONFIRM
    hp -- easy_toolsUnspecified vulnerability in HP Easy Deploy, as distributed standalone and in HP Easy Tools before 3.0.1.1650, on HP Thin Client t5540, t5740, and t5740e devices and HP Flexible Thin Client t510, t520, t610, t620, and t820 devices allows remote authenticated users to execute arbitrary code via unknown vectors.2015-04-149.0CVE-2015-2112
    HP
    hp -- easy_toolsUnspecified vulnerability in HP Easy Deploy, as distributed standalone and in HP Easy Tools before 3.0.1.1650, on HP Thin Client t5540, t5740, and t5740e devices and HP Flexible Thin Client t510, t520, t610, t620, and t820 devices allows remote attackers to execute arbitrary code via unknown vectors.2015-04-1410.0CVE-2015-2113
    HP
    ibm -- tivoli_storage_manager_fastbackStack-based buffer overflow in the FastBackMount process in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.11.1 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-1898.2015-04-157.2CVE-2015-1897
    CONFIRM
    ibm -- tivoli_storage_manager_fastbackStack-based buffer overflow in the FastBackMount process in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.11.1 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-1897.2015-04-157.2CVE-2015-1898
    CONFIRM
    juniper -- junosJuniper Junos 12.1X44 before 12.1X44-D45, 12.1X46 before 12.1X46-D30, 12.1X47 before 12.1X47-D20, 12.3 before 12.3R9, 12.3X48 before 12.3X48-D10, 13.2 before 13.2R6, 13.3 before 13.3R5, 14.1 before 14.1R3, and 14.2 before 14.2R1 allows local users to gain privileges via crafted combinations of CLI commands and arguments.2015-04-107.2CVE-2015-3003
    CONFIRM
    SECTRACK
    mediawiki -- mediawikiMediaWiki 1.24.x before 1.24.2, when using PBKDF2 for password hashing, allows remote attackers to cause a denial of service (CPU consumption) via a long password.2015-04-137.1CVE-2015-2936
    MLIST
    CONFIRM
    MLIST
    MLIST
    MANDRIVA
    mediawiki -- mediawikiMediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2, when using HHVM or Zend PHP, allows remote attackers to cause a denial of service ("quadratic blowup" and memory consumption) via an XML file containing an entity declaration with long replacement text and many references to this entity, a different vulnerability than CVE-2015-2942.2015-04-137.1CVE-2015-2937
    MLIST
    CONFIRM
    MLIST
    MLIST
    MANDRIVA
    mediawiki -- mediawikiMediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2, when using HHVM, allows remote attackers to cause a denial of service (CPU and memory consumption) via a large number of nested entity references in an (1) SVG file or (2) XMP metadata in a PDF file, aka a "billion laughs attack," a different vulnerability than CVE-2015-2937.2015-04-137.1CVE-2015-2942
    MLIST
    CONFIRM
    MLIST
    MLIST
    microsoft -- windows_7Task Scheduler in Microsoft Windows 7 SP1 and Windows Server 2008 R2 SP1 allows local users to gain privileges by triggering application execution by an invalid task, aka "Task Scheduler Elevation of Privilege Vulnerability."2015-04-147.2CVE-2015-0098
    MS
    microsoft -- windows_7HTTP.sys in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote attackers to execute arbitrary code via crafted HTTP requests, aka "HTTP.sys Remote Code Execution Vulnerability."2015-04-1410.0CVE-2015-1635
    MS
    microsoft -- officeMicrosoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2 and 2013 SP1, and Office Web Apps Server 2010 SP2 and 2013 SP1 allow remote attackers to execute arbitrary code via a crafted RTF document, aka "Microsoft Office Memory Corruption Vulnerability."2015-04-149.3CVE-2015-1641
    MS
    microsoft -- windows_7Microsoft Windows Server 2003 R2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 do not properly constrain impersonation levels, which allows local users to gain privileges via a crafted application, aka "NtCreateTransactionManager Type Confusion Vulnerability."2015-04-147.2CVE-2015-1643
    MS
    microsoft -- windows_7Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 do not properly constrain impersonation levels, which allows local users to gain privileges via a crafted application, aka "Windows MS-DOS Device Name Vulnerability."2015-04-147.2CVE-2015-1644
    MS
    microsoft -- windows_7Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allow remote attackers to execute arbitrary code via a crafted Enhanced Metafile (EMF) image, aka "EMF Processing Remote Code Execution Vulnerability."2015-04-149.3CVE-2015-1645
    MS
    microsoft -- officeUse-after-free vulnerability in Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word Viewer, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps Server 2010 SP2 allows remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Component Use After Free Vulnerability."2015-04-149.3CVE-2015-1649
    MS
    microsoft -- officeUse-after-free vulnerability in Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word Viewer, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2 and 2013 SP1, and Office Web Apps Server 2010 SP2 and 2013 SP1 allows remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Component Use After Free Vulnerability."2015-04-149.3CVE-2015-1650
    MS
    microsoft -- office_compatibility_packUse-after-free vulnerability in Microsoft Word 2007 SP3, Word Viewer, and Office Compatibility Pack SP3 allows remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Component Use After Free Vulnerability."2015-04-149.3CVE-2015-1651
    MS
    microsoft -- internet_explorerMicrosoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1666.2015-04-149.3CVE-2015-1652
    MS
    microsoft -- internet_explorerMicrosoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."2015-04-149.3CVE-2015-1657
    MS
    microsoft -- internet_explorerMicrosoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1662 and CVE-2015-1665.2015-04-149.3CVE-2015-1659
    MS
    microsoft -- internet_explorerMicrosoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."2015-04-149.3CVE-2015-1660
    MS
    microsoft -- internet_explorerMicrosoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1659 and CVE-2015-1665.2015-04-149.3CVE-2015-1662
    MS
    microsoft -- internet_explorerMicrosoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1659 and CVE-2015-1662.2015-04-149.3CVE-2015-1665
    MS
    microsoft -- internet_explorerMicrosoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1652.2015-04-149.3CVE-2015-1666
    MS
    microsoft -- internet_explorerMicrosoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."2015-04-149.3CVE-2015-1667
    MS
    microsoft -- internet_explorerMicrosoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."2015-04-149.3CVE-2015-1668
    MS
    oracle -- solarisUnspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect confidentiality, integrity, and availability via vectors related to ZFS File system.2015-04-167.2CVE-2015-0448
    CONFIRM
    oracle -- database_serverUnspecified vulnerability in the Java VM component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.2015-04-169.0CVE-2015-0457
    CONFIRM
    oracle -- jdkUnspecified vulnerability in in Oracle Java SE 6u91, 7u76, and 8u40 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.2015-04-167.6CVE-2015-0458
    CONFIRM
    oracle -- javafxUnspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40, and JavaFX 2.2.76, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2015-0491.2015-04-1610.0CVE-2015-0459
    CONFIRM
    oracle -- jdkUnspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.2015-04-169.3CVE-2015-0460
    CONFIRM
    oracle -- fusion_middlewareUnspecified vulnerability in the Oracle Access Manager component in Oracle Fusion Middleware 11.1.1.5 and 11.1.1.7 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Authentication Engine.2015-04-167.0CVE-2015-0461
    CONFIRM
    oracle -- jdkUnspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.2015-04-1610.0CVE-2015-0469
    CONFIRM
    oracle -- javafxUnspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40, and Java FX 2.2.76, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2015-0459.2015-04-1610.0CVE-2015-0491
    CONFIRM
    oracle -- javafxUnspecified vulnerability in Oracle Java SE 7u76 and 8u40, and JavaFX 2.2.76, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2015-0484.2015-04-169.3CVE-2015-0492
    CONFIRM
    oracle -- solarisUnspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Accounting commands.2015-04-167.2CVE-2015-2577
    CONFIRM
    oracle -- solarisUnspecified vulnerability in Oracle Sun Solaris 11.2 allows remote attackers to affect availability via vectors related to Kernel IDMap.2015-04-167.1CVE-2015-2578
    CONFIRM
    Back to top

    Medium Vulnerabilities

    Primary
    Vendor -- Product
    DescriptionPublishedCVSS ScoreSource & Patch Info
    adobe -- coldfusionCross-site scripting (XSS) vulnerability in Adobe ColdFusion 10 before Update 16 and 11 before Update 5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2015-04-154.3CVE-2015-0345
    CONFIRM
    adobe -- flash_playerAdobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux does not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism via unspecified vectors, a different vulnerability than CVE-2015-3040.2015-04-145.0CVE-2015-0357
    CONFIRM
    adobe -- flash_playerAdobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux does not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism via unspecified vectors, a different vulnerability than CVE-2015-0357.2015-04-145.0CVE-2015-3040
    CONFIRM
    adobe -- flash_playerAdobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors.2015-04-145.0CVE-2015-3044
    CONFIRM
    apple -- apple_tvThe Audio Drivers subsystem in Apple iOS before 8.3 and Apple TV before 7.2 does not properly validate IOKit object metadata, which allows attackers to execute arbitrary code in a privileged context via a crafted app.2015-04-106.9CVE-2015-1086
    CONFIRM
    CONFIRM
    SECTRACK
    APPLE
    APPLE
    apple -- iphone_osCFURL in Apple iOS before 8.3 and Apple OS X before 10.10.3 does not properly validate URLs, which allows remote attackers to execute arbitrary code via a crafted web site.2015-04-106.8CVE-2015-1088
    CONFIRM
    CONFIRM
    SECTRACK
    APPLE
    APPLE
    apple -- iphone_osCFNetwork in Apple iOS before 8.3 and Apple OS X before 10.10.3 does not properly handle cookies during processing of redirects in HTTP responses, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.2015-04-105.0CVE-2015-1089
    CONFIRM
    CONFIRM
    SECTRACK
    APPLE
    APPLE
    apple -- iphone_osCFNetwork in Apple iOS before 8.3 does not delete HTTP Strict Transport Security (HSTS) state information in response to a Safari history-clearing action, which allows attackers to obtain sensitive information by reading a history file.2015-04-105.0CVE-2015-1090
    CONFIRM
    SECTRACK
    APPLE
    apple -- iphone_osThe CFNetwork Session component in Apple iOS before 8.3 and Apple OS X before 10.10.3 does not properly handle request headers during processing of redirects in HTTP responses, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.2015-04-104.3CVE-2015-1091
    CONFIRM
    CONFIRM
    SECTRACK
    APPLE
    APPLE
    apple -- apple_tvNSXMLParser in Foundation in Apple iOS before 8.3 and Apple TV before 7.2 allows remote attackers to read arbitrary files via an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.2015-04-105.0CVE-2015-1092
    CONFIRM
    CONFIRM
    SECTRACK
    APPLE
    APPLE
    apple -- iphone_osFontParser in Apple iOS before 8.3 and Apple OS X before 10.10.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file.2015-04-106.8CVE-2015-1093
    CONFIRM
    CONFIRM
    SECTRACK
    APPLE
    APPLE
    apple -- iphone_osiWork in Apple iOS before 8.3 and Apple OS X before 10.10.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted iWork file.2015-04-106.8CVE-2015-1098
    CONFIRM
    CONFIRM
    SECTRACK
    APPLE
    APPLE
    apple -- apple_tvRace condition in the setreuid system-call implementation in the kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to cause a denial of service via a crafted app.2015-04-104.0CVE-2015-1099
    CONFIRM
    CONFIRM
    CONFIRM
    SECTRACK
    APPLE
    APPLE
    APPLE
    apple -- apple_tvThe kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to cause a denial of service (out-of-bounds memory access) or obtain sensitive memory-content information via a crafted app.2015-04-105.4CVE-2015-1100
    CONFIRM
    CONFIRM
    CONFIRM
    SECTRACK
    APPLE
    APPLE
    APPLE
    apple -- apple_tvThe kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.2015-04-106.9CVE-2015-1101
    CONFIRM
    CONFIRM
    CONFIRM
    SECTRACK
    APPLE
    APPLE
    APPLE
    apple -- apple_tvThe kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 does not properly determine whether an IPv6 packet had a local origin, which allows remote attackers to bypass an intended network-filtering protection mechanism via a crafted packet.2015-04-105.0CVE-2015-1104
    CONFIRM
    CONFIRM
    CONFIRM
    SECTRACK
    APPLE
    APPLE
    APPLE
    apple -- apple_tvThe TCP implementation in the kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 does not properly implement the Urgent (aka out-of-band data) mechanism, which allows remote attackers to cause a denial of service via crafted packets.2015-04-105.0CVE-2015-1105
    CONFIRM
    CONFIRM
    CONFIRM
    SECTRACK
    APPLE
    APPLE
    APPLE
    apple -- apple_tvThe Podcasts component in Apple iOS before 8.3 and Apple TV before 7.2 allows remote attackers to discover unique identifiers by reading asset-download request data.2015-04-105.0CVE-2015-1110
    CONFIRM
    CONFIRM
    SECTRACK
    APPLE
    APPLE
    apple -- iphone_osSafari in Apple iOS before 8.3 does not delete Recently Closed Tabs data in response to a history-clearing action, which allows attackers to obtain sensitive information by reading a history file.2015-04-105.0CVE-2015-1111
    CONFIRM
    SECTRACK
    APPLE
    apple -- safariApple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, as used on iOS before 8.3 and other platforms, does not properly delete browsing-history data from the history.plist file, which allows attackers to obtain sensitive information by reading this file.2015-04-105.0CVE-2015-1112
    CONFIRM
    CONFIRM
    SECTRACK
    APPLE
    APPLE
    apple -- iphone_osThe Telephony component in Apple iOS before 8.3 allows attackers to bypass a sandbox protection mechanism and access unintended telephone capabilities via a crafted app.2015-04-104.4CVE-2015-1115
    CONFIRM
    SECTRACK
    APPLE
    apple -- apple_tvThe (1) setreuid and (2) setregid system-call implementations in the kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 do not properly perform privilege drops, which makes it easier for attackers to execute code with unintended user or group privileges via a crafted app.2015-04-106.9CVE-2015-1117
    CONFIRM
    CONFIRM
    CONFIRM
    SECTRACK
    APPLE
    APPLE
    APPLE
    apple -- apple_tvlibnetcore in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to cause a denial of service (memory corruption and application crash) via a crafted configuration profile.2015-04-105.0CVE-2015-1118
    CONFIRM
    CONFIRM
    CONFIRM
    SECTRACK
    APPLE
    APPLE
    APPLE
    apple -- apple_tvWebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-04-08-1, APPLE-SA-2015-04-08-3, and APPLE-SA-2015-04-08-4.2015-04-106.8CVE-2015-1119
    CONFIRM
    CONFIRM
    CONFIRM
    SECTRACK
    APPLE
    APPLE
    APPLE
    apple -- apple_tvWebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-04-08-1, APPLE-SA-2015-04-08-3, and APPLE-SA-2015-04-08-4.2015-04-106.8CVE-2015-1120
    CONFIRM
    CONFIRM
    CONFIRM
    SECTRACK
    APPLE
    APPLE
    APPLE
    apple -- apple_tvWebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-04-08-1, APPLE-SA-2015-04-08-3, and APPLE-SA-2015-04-08-4.2015-04-106.8CVE-2015-1121
    CONFIRM
    CONFIRM
    CONFIRM
    SECTRACK
    APPLE
    APPLE
    APPLE
    apple -- apple_tvWebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-04-08-1, APPLE-SA-2015-04-08-3, and APPLE-SA-2015-04-08-4.2015-04-106.8CVE-2015-1122
    CONFIRM
    CONFIRM
    CONFIRM
    SECTRACK
    APPLE
    APPLE
    APPLE
    apple -- apple_tvWebKit, as used in Apple iOS before 8.3 and Apple TV before 7.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-04-08-3 and APPLE-SA-2015-04-08-4.2015-04-106.8CVE-2015-1123
    CONFIRM
    CONFIRM
    SECTRACK
    APPLE
    APPLE
    apple -- apple_tvWebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-04-08-1, APPLE-SA-2015-04-08-3, and APPLE-SA-2015-04-08-4.2015-04-106.8CVE-2015-1124
    CONFIRM
    CONFIRM
    CONFIRM
    SECTRACK
    APPLE
    APPLE
    APPLE
    apple -- iphone_osThe touch-events implementation in WebKit in Apple iOS before 8.3 allows remote attackers to trigger an association between a tap and an unintended web resource via a crafted web site.2015-04-104.3CVE-2015-1125
    CONFIRM
    SECTRACK
    APPLE
    apple -- safariWebKit, as used in Apple iOS before 8.3 and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, does not properly handle the userinfo field in FTP URLs, which allows remote attackers to trigger incorrect resource access via unspecified vectors.2015-04-104.3CVE-2015-1126
    CONFIRM
    CONFIRM
    SECTRACK
    APPLE
    APPLE
    apple -- safariThe private-browsing implementation in Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5 allows attackers to obtain sensitive browsing-history information via vectors involving push-notification requests.2015-04-105.0CVE-2015-1128
    CONFIRM
    SECTRACK
    APPLE
    apple -- safariApple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5 does not properly select X.509 client certificates, which makes it easier for remote attackers to track users via a crafted web site.2015-04-104.3CVE-2015-1129
    CONFIRM
    SECTRACK
    APPLE
    apple -- mac_os_xUse-after-free vulnerability in CoreAnimation in Apple OS X before 10.10.3 allows remote attackers to execute arbitrary code by leveraging improper use of a mutex.2015-04-106.8CVE-2015-1136
    CONFIRM
    SECTRACK
    APPLE
    apple -- mac_os_xHypervisor in Apple OS X before 10.10.3 allows local users to cause a denial of service via unspecified vectors.2015-04-104.9CVE-2015-1138
    CONFIRM
    SECTRACK
    APPLE
    apple -- mac_os_xImageIO in Apple OS X before 10.10.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted .sgi file.2015-04-106.8CVE-2015-1139
    CONFIRM
    SECTRACK
    APPLE
    apple -- mac_os_xThe mach_vm_read functionality in the kernel in Apple OS X before 10.10.3 allows local users to cause a denial of service (system crash) via unspecified vectors.2015-04-104.9CVE-2015-1141
    CONFIRM
    SECTRACK
    APPLE
    apple -- mac_os_xOpen Directory Client in Apple OS X before 10.10.3 sends unencrypted password-change requests in certain circumstances involving missing certificates, which allows remote attackers to obtain sensitive information by sniffing the network.2015-04-105.0CVE-2015-1147
    CONFIRM
    SECTRACK
    APPLE
    apple -- mac_os_xScreen Sharing in Apple OS X before 10.10.3 stores the password of a user in a log file, which might allow context-dependent attackers to obtain sensitive information by reading this file.2015-04-105.0CVE-2015-1148
    CONFIRM
    SECTRACK
    APPLE
    apple -- xcodeClang in LLVM, as used in Apple Xcode before 6.3, performs incorrect register allocation in a way that triggers stack storage for stack cookie pointers, which might allow context-dependent attackers to bypass a stack-guard protection mechanism via crafted input to an affected C program.2015-04-105.0CVE-2015-3027
    CONFIRM
    SECTRACK
    APPLE
    blue_coat -- malware_analysis_applianceCross-site scripting (XSS) vulnerability in search.php on the Blue Coat Malware Analysis appliance with software before 4.2.4.20150312-RELEASE allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2015-04-164.3CVE-2015-0937
    CERT-VN
    blue_coat -- malware_analysis_appliancesearch.php on the Blue Coat Malware Analysis appliance with software before 4.2.4.20150312-RELEASE allows remote attackers to bypass intended access restrictions, and list or read arbitrary documents, by providing matching keywords in conjunction with a crafted parameter.2015-04-165.0CVE-2015-0938
    CERT-VN
    cisco -- asr_9001Cisco ASR 9000 devices with software 5.3.0.BASE do not recognize that certain ACL entries have a single-host constraint, which allows remote attackers to bypass intended network-resource access restrictions by using an address that was not supposed to have been allowed, aka Bug ID CSCur28806.2015-04-105.0CVE-2015-0694
    SECTRACK
    CISCO
    cisco -- telepresence_tc_softwareCross-site scripting (XSS) vulnerability in the login page in Cisco TC Software before 7.1.0 on Cisco TelePresence Collaboration Desk and Room Endpoints devices allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCuq94977.2015-04-154.3CVE-2015-0696
    CISCO
    cisco -- telepresence_tc_softwareOpen redirect vulnerability in the login page in Cisco TC Software before 6.3-26 and 7.x before 7.3.0 on Cisco TelePresence Collaboration Desk and Room Endpoints devices allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka Bug ID CSCuq94980.2015-04-155.8CVE-2015-0697
    CISCO
    cisco -- web_security_applianceMultiple cross-site scripting (XSS) vulnerabilities in filter search forms in admin web pages on Cisco Web Security Appliance (WSA) devices with software 8.5.0-497 allow remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCut39213.2015-04-154.3CVE-2015-0698
    CISCO
    cisco -- unified_communications_domain_managerSQL injection vulnerability in the Interactive Voice Response (IVR) component in Cisco Unified Communications Manager (UCM) 10.5(1.98991.13) allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCut21563.2015-04-155.0CVE-2015-0699
    CISCO
    cisco -- secure_access_control_serverCross-site request forgery (CSRF) vulnerability in the Dashboard page in the monitoring-and-report section in Cisco Secure Access Control Server Solution Engine before 5.5(0.46.5) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuj62924.2015-04-166.8CVE-2015-0700
    CISCO
    debian -- dpkgThe dpkg-source command in Debian dpkg before 1.16.16 and 1.17.x before 1.17.25 allows remote attackers to bypass signature verification via a crafted Debian source control file (.dsc).2015-04-134.3CVE-2015-0840
    UBUNTU
    DEBIAN
    digium -- asteriskAsterisk Open Source 1.8 before 1.8.32.3, 11.x before 11.17.1, 12.x before 12.8.2, and 13.x before 13.3.2 and Certified Asterisk 1.8.28 before 1.8.28-cert5, 11.6 before 11.6-cert11, and 13.1 before 13.1-cert2, when registering a SIP TLS device, does not properly handle a null byte in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.2015-04-104.3CVE-2015-3008
    SECTRACK
    BUGTRAQ
    FULLDISC
    MISC
    CONFIRM
    facebook -- hiphop_virtual_machineCross-site scripting (XSS) vulnerability in the WddxPacket::recursiveAddVar function in HHVM (aka the HipHop Virtual Machine) before 3.5.0 allows remote attackers to inject arbitrary web script or HTML via a crafted string to the wddx_serialize_value function.2015-04-134.3CVE-2014-9714
    CONFIRM
    MLIST
    CONFIRM
    CONFIRM
    MLIST
    MLIST
    fiyo -- fiyo_cmsMultiple cross-site scripting (XSS) vulnerabilities in Fiyo CMS 2.0.1.8 allow remote attackers to inject arbitrary web script or HTML via the (1) view, (2) id, (3) page, or (4) app parameter to the default URI or the (5) act parameter to dapur/index.php.2015-04-144.3CVE-2014-9146
    MISC
    fortinet -- fortimailFortiMail 5.0.3 through 5.2.3 allows remote administrators to obtain credentials via the "diag debug application httpd" command.2015-04-144.0CVE-2015-3293
    CONFIRM
    glpi-project -- glpiGLPI before 0.84.7 does not properly restrict access to cost information, which allows remote attackers to obtain sensitive information via the cost criteria in the search bar.2015-04-145.0CVE-2014-5032
    CONFIRM
    MANDRIVA
    CONFIRM
    CONFIRM
    hotspot_express -- hotex_billing_managerCross-site scripting (XSS) vulnerability in cgi-bin/hotspotlogin.cgi in Hotspot Express hotEx Billing Manager 73 allows remote attackers to inject arbitrary web script or HTML via the reply parameter.2015-04-144.3CVE-2015-2781
    BUGTRAQ
    FULLDISC
    MISC
    hotspotexpress -- hotex_billing_managerHotspot Express hotEx Billing Manager 73 does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.2015-04-165.0CVE-2015-3319
    BUGTRAQ
    FULLDISC
    MISC
    hp -- support_solution_frameworkHP Support Solution Framework before 11.51.0049 allows remote attackers to download an arbitrary program onto a client machine and execute this program via unspecified vectors.2015-04-146.8CVE-2015-2114
    HP
    juniper -- junosJuniper Junos 12.1X44 before 12.1X44-D45, 12.1X46 before 12.1X46-D30, 12.1X47 before 12.1X47-D15, and 12.3X48 before 12.3X48-D10 on SRX series devices does not properly enforce the log-out-on-disconnect feature when configured in the [system port console] stanza, which allows physically proximate attackers to reconnect to the console port and gain administrative access by leveraging access to the device.2015-04-106.9CVE-2015-3002
    CONFIRM
    SECTRACK
    juniper -- junosJ-Web in Juniper Junos 11.4 before 11.4R12, 12.1X44 before 12.1X44-D35, 12.1X46 before 12.1X46-D25, 12.1X47 before 12.1X47-D10, 12.3X48 before 12.3X48-D10, 12.2 before 12.2R9, 12.3 before 12.3R7, 13.2 before 13.2R6, 13.2X51 before 13.2X51-D20, 13.3 before 13.3R5, 14.1 before 14.1R3, 14.1X53 before 14.1X53-D10, and 14.2 before 14.2R1 allows remote attackers to conduct clickjacking attacks via an X-Frame-Options header.2015-04-104.3CVE-2015-3004
    CONFIRM
    SECTRACK
    juniper -- junosCross-site scripting (XSS) vulnerability in the Dynamic VPN in Juniper Junos 12.1X44 before 12.1X44-D45, 12.1X46 before 12.1X46-D30, 12.1X47 before 12.1X47-D20, and 12.3X48 before 12.3X48-D10 on SRX series devices allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2015-04-104.3CVE-2015-3005
    CONFIRM
    SECTRACK
    kanaka -- novncnoVNC before 0.5 does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.2015-04-104.3CVE-2013-7436
    CONFIRM
    CONFIRM
    MLIST
    MLIST
    REDHAT
    lhaplus -- lhaplusDirectory traversal vulnerability in Lhaplus before 1.70 allows remote attackers to write to arbitrary files via a crafted archive.2015-04-155.8CVE-2015-0906
    CONFIRM
    JVNDB
    JVN
    CONFIRM
    lhaplus -- lhaplusBuffer overflow in Lhaplus before 1.70 allows remote attackers to execute arbitrary code via a crafted archive.2015-04-156.8CVE-2015-0907
    CONFIRM
    JVNDB
    JVN
    CONFIRM
    mediawiki -- mediawikiIncomplete blacklist vulnerability in includes/upload/UploadBase.php in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via an application/xml MIME type for a nested SVG with a data: URI.2015-04-134.3CVE-2015-2931
    MLIST
    CONFIRM
    MLIST
    MLIST
    MANDRIVA
    mediawiki -- mediawikiIncomplete blacklist vulnerability in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via an animated href XLink element.2015-04-134.3CVE-2015-2932
    MLIST
    CONFIRM
    MLIST
    MLIST
    MANDRIVA
    mediawiki -- mediawikiCross-site scripting (XSS) vulnerability in the Html class in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via a LanguageConverter substitution string when using a language variant.2015-04-134.3CVE-2015-2933
    CONFIRM
    MLIST
    MLIST
    MLIST
    MANDRIVA
    mediawiki -- mediawikiMediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 does not properly handle when the Zend interpreter xml_parse function does not expand entities, which allows remote attackers to inject arbitrary web script or HTML via a crafted SVG file.2015-04-134.3CVE-2015-2934
    MLIST
    CONFIRM
    MLIST
    MLIST
    MANDRIVA
    mediawiki -- mediawikiMediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to bypass the SVG filtering and obtain sensitive user information via a mixed case @import in a style element in an SVG file, as demonstrated by "@imporT."2015-04-135.0CVE-2015-2935
    MLIST
    CONFIRM
    MLIST
    MLIST
    MANDRIVA
    mediawiki -- mediawikiCross-site scripting (XSS) vulnerability in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via a custom JavaScript file, which is not properly handled when previewing the file.2015-04-134.3CVE-2015-2938
    MLIST
    CONFIRM
    MLIST
    MLIST
    MANDRIVA
    mediawiki -- scribuntoCross-site scripting (XSS) vulnerability in the Scribunto extension for MediaWiki allows remote attackers to inject arbitrary web script or HTML via a function name, which is not properly handled in a Lua error backtrace.2015-04-134.3CVE-2015-2939
    MLIST
    CONFIRM
    MLIST
    MLIST
    MANDRIVA
    mediawiki -- checkuserCross-site request forgery (CSRF) vulnerability in the CheckUser extension for MediaWiki allows remote attackers to hijack the authentication of certain users for requests that retrieve sensitive user information via unspecified vectors.2015-04-136.8CVE-2015-2940
    MLIST
    CONFIRM
    MLIST
    MLIST
    MANDRIVA
    mediawiki -- mediawikiCross-site scripting (XSS) vulnerability in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2, when using HHVM, allows remote attackers to inject arbitrary web script or HTML via an invalid parameter in a wddx format request to api.php, which is not properly handled in an error message, related to unsafe calls to wddx_serialize_value.2015-04-134.3CVE-2015-2941
    MLIST
    CONFIRM
    MLIST
    MLIST
    microsoft -- windows_server_2012Microsoft Active Directory Federation Services (AD FS) 3.0 on Windows Server 2012 R2 does not properly handle logoff actions, which allows remote attackers to bypass intended access restrictions by leveraging an unattended workstation, aka "Active Directory Federation Services Information Disclosure Vulnerability."2015-04-145.8CVE-2015-1638
    MS
    microsoft -- officeCross-site scripting (XSS) vulnerability in Microsoft Office for Mac 2011 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Microsoft Outlook App for Mac XSS Vulnerability."2015-04-144.3CVE-2015-1639
    MS
    microsoft -- project_serverCross-site scripting (XSS) vulnerability in Microsoft Project Server 2010 SP2 and 2013 SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted request, aka "Microsoft SharePoint XSS Vulnerability."2015-04-144.3CVE-2015-1640
    MS
    microsoft -- xml_core_servicesMicrosoft XML Core Services (aka MSXML) 3.0 allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted DTD, aka "MSXML3 Same Origin Policy SFB Vulnerability."2015-04-144.3CVE-2015-1646
    MS
    microsoft -- sharepoint_foundationCross-site scripting (XSS) vulnerability in Microsoft SharePoint Foundation 2013 SP1 and SharePoint Server 2013 SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted request, aka "Microsoft SharePoint XSS Vulnerability."2015-04-144.3CVE-2015-1653
    MS
    microsoft -- internet_explorerMicrosoft Internet Explorer 6 through 11 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Internet Explorer ASLR Bypass Vulnerability."2015-04-144.3CVE-2015-1661
    MS
    mysql -- mysqlUnspecified vulnerability in the MySQL Connectors component in Oracle MySQL 5.1.34 and earlier allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Connector/J.2015-04-164.9CVE-2015-2575
    CONFIRM
    oracle -- mysqlUnspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to XA.2015-04-164.0CVE-2015-0405
    CONFIRM
    oracle -- mysqlUnspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.2015-04-164.0CVE-2015-0423
    CONFIRM
    oracle -- mysqlUnspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via vectors related to InnoDB : DML.2015-04-164.0CVE-2015-0433
    CONFIRM
    oracle -- mysqlUnspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition.2015-04-164.0CVE-2015-0438
    CONFIRM
    oracle -- mysqlUnspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.2015-04-164.0CVE-2015-0439
    CONFIRM
    oracle -- right_now_service_cloudUnspecified vulnerability in the Oracle Knowledge component in Oracle Right Now Service Cloud 8.2.3.10.1 and 8.4.7.2 allows remote attackers to affect integrity via unknown vectors related to Information Manager Console.2015-04-165.0CVE-2015-0440
    CONFIRM
    oracle -- mysqlUnspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Encryption.2015-04-164.0CVE-2015-0441
    CONFIRM
    oracle -- e-business_suiteUnspecified vulnerability in the Oracle Applications Technology Stack component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3, 12.2.3, and 12.2.4 allows remote attackers to affect confidentiality via vectors related to Configurator DMZ rules.2015-04-164.3CVE-2015-0447
    CONFIRM
    oracle -- fusion_middlewareUnspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0, 12.1.1.0, and 12.1.2.0 allows remote attackers to affect integrity via unknown vectors related to Console.2015-04-165.0CVE-2015-0449
    CONFIRM
    oracle -- fusion_middlewareUnspecified vulnerability in the Oracle WebCenter Portal component in Oracle Fusion Middleware 11.1.1.8.0 allows remote attackers to affect integrity via unknown vectors related to WebCenter Spaces Application.2015-04-164.3CVE-2015-0450
    CONFIRM
    oracle -- vm_serverUnspecified vulnerability in the Oracle VM Server for SPARC component in Oracle Sun Systems Products Suite 3.1 and 3.2 allows remote attackers to affect confidentiality via unknown vectors related to Ldom Manager.2015-04-164.3CVE-2015-0452
    CONFIRM
    oracle -- database_serverUnspecified vulnerability in the XDB - XML Database component in Oracle Database Server 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via unknown vectors.2015-04-166.8CVE-2015-0455
    CONFIRM
    oracle -- fusion_middlewareUnspecified vulnerability in the Oracle WebCenter Portal component in Oracle Fusion Middleware 11.1.1.8.0 allows remote attackers to affect integrity via unknown vectors related to Portlet Services.2015-04-164.3CVE-2015-0456
    CONFIRM
    oracle -- supply_chain_products_suiteUnspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 6.1, 6.2, 6.3.0, 6.3.1, 6.3.2, 6.3.3, 6.3.4, 6.3.5, and 6.3.6 allows remote authenticated users to affect confidentiality via unknown vectors related to Security.2015-04-164.0CVE-2015-0462
    CONFIRM
    oracle -- supply_chain_products_suiteUnspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 6.2, 6.3.0, 6.3.1, 6.3.2, 6.3.3, 6.3.4, 6.3.5, and 6.3.6 allows remote authenticated users to affect confidentiality via unknown vectors related to Security.2015-04-164.0CVE-2015-0463
    CONFIRM
    oracle -- supply_chain_products_suiteUnspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 6.1, 6.2, 6.3.0, 6.3.1, 6.3.2, 6.3.3, 6.3.4, 6.3.5, and 6.3.6 allows remote attackers to affect confidentiality via unknown vectors related to Security.2015-04-165.0CVE-2015-0464
    CONFIRM
    oracle -- supply_chain_products_suiteUnspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 6.1, 6.2, 6.3.0, 6.3.1, 6.3.2, 6.3.3, 6.3.4, 6.3.5, and 6.3.6 allows remote authenticated users to affect confidentiality via unknown vectors related to UI Infrastructure.2015-04-164.0CVE-2015-0465
    CONFIRM
    oracle -- retail_applicationsUnspecified vulnerability in the Oracle Retail Back Office component in Oracle Retail Applications 12.0, 12.0IN, 13.0, 13.1, 13.2, 13.3, 13.4, 14.0, and 14.1 allows remote attackers to affect integrity via unknown vectors.2015-04-164.3CVE-2015-0466
    CONFIRM
    oracle -- jdkUnspecified vulnerability in Oracle Java SE 8u40 allows remote attackers to affect integrity via unknown vectors related to Hotspot.2015-04-164.3CVE-2015-0470
    CONFIRM
    oracle -- solarisUnspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to libelfsign.2015-04-164.4CVE-2015-0471
    CONFIRM
    oracle -- enterprise_manager_grid_controlUnspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control MOS 12.1.0.5 and 12.1.0.6 allows remote attackers to affect integrity via unknown vectors related to My Oracle Support Plugin.2015-04-164.3CVE-2015-0473
    CONFIRM
    oracle -- jd_edwards_productsUnspecified vulnerability in the JD Edwards EnterpriseOne Technology component in Oracle JD Edwards Products 9.1 allows remote authenticated users to affect confidentiality via unknown vectors related to Web Runtime Security.2015-04-164.0CVE-2015-0475
    CONFIRM
    oracle -- sql_trace_analyzerUnspecified vulnerability in the SQL Trace Analyzer component in Oracle Support Tools before 12.1.11 allows remote authenticated users to affect confidentiality and integrity via unknown vectors.2015-04-165.5CVE-2015-0476
    CONFIRM
    oracle -- jdkUnspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40 allows remote attackers to affect integrity via unknown vectors related to Beans.2015-04-164.3CVE-2015-0477
    CONFIRM
    oracle -- jdkUnspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40, and JRockit R28.3.5, allows remote attackers to affect confidentiality via vectors related to JCE.2015-04-164.3CVE-2015-0478
    CONFIRM
    oracle -- database_serverUnspecified vulnerability in the XDK and XDB - XML Database component in Oracle Database Server 11.2.0.3, 11.2.0.4, and 12.1.0.1 allows remote authenticated users to affect availability via unknown vectors.2015-04-164.0CVE-2015-0479
    CONFIRM
    oracle -- jdkUnspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40 allows remote attackers to affect integrity and availability via unknown vectors related to Tools.2015-04-165.8CVE-2015-0480
    CONFIRM
    oracle -- fusion_middlewareUnspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 12.1.2.0 and 12.1.3.0 allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to WLS-WebServices.2015-04-166.0CVE-2015-0482
    CONFIRM
    oracle -- database_serverUnspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect integrity via unknown vectors.2015-04-164.0CVE-2015-0483
    CONFIRM
    oracle -- javafxUnspecified vulnerability in Oracle Java SE 7u76 and 8u40, and Java FX 2.2.76, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2015-0492.2015-04-166.8CVE-2015-0484
    CONFIRM
    oracle -- jdkUnspecified vulnerability in Oracle Java SE 8u40 allows remote attackers to affect confidentiality via unknown vectors related to Deployment.2015-04-165.0CVE-2015-0486
    CONFIRM
    oracle -- peoplesoft_productsUnspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53 and 8.54 allows remote authenticated users to affect integrity via vectors related to PIA Core Technology, a different vulnerability than CVE-2015-0472.2015-04-164.0CVE-2015-0487
    CONFIRM
    oracle -- jdkUnspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40, and JRockit R28.3.5, allows remote attackers to affect availability via vectors related to JSSE.2015-04-165.0CVE-2015-0488
    CONFIRM
    oracle -- supply_chain_products_suiteUnspecified vulnerability in the Oracle Agile Engineering Data Management component in Oracle Supply Chain Products Suite 6.1.3.0 allows remote authenticated users to affect confidentiality and integrity via vectors related to BAS - Base Component.2015-04-164.9CVE-2015-0490
    CONFIRM
    oracle -- retail_applicationsUnspecified vulnerability in the Oracle Retail Central Office component in Oracle Retail Applications 13.1, 13.2, 13.3, 13.4, 14.0, and 14.1 allows remote attackers to affect integrity via unknown vectors.2015-04-164.3CVE-2015-0494
    CONFIRM
    oracle -- peoplesoft_productsUnspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53 and 8.54 allows remote authenticated users to affect confidentiality via vectors related to PIA Search Functionality.2015-04-164.0CVE-2015-0496
    CONFIRM
    oracle -- peoplesoft_productsUnspecified vulnerability in the PeopleSoft Enterprise Portal Interaction Hub component in Oracle PeopleSoft Products 9.1.00 allows remote attackers to affect integrity via unknown vectors related to Enterprise Portal.2015-04-164.3CVE-2015-0497
    CONFIRM
    oracle -- mysqlUnspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors.2015-04-164.0CVE-2015-0500
    CONFIRM
    oracle -- mysqlUnspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Compiling.2015-04-165.7CVE-2015-0501
    CONFIRM
    oracle -- siebel_crmUnspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1 and 8.2 allows remote attackers to affect integrity via unknown vectors related to Portal Framework.2015-04-164.3CVE-2015-0502
    CONFIRM
    oracle -- mysqlUnspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition.2015-04-164.0CVE-2015-0503
    CONFIRM
    oracle -- mysqlUnspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB, a different vulnerability than CVE-2015-0506.2015-04-164.0CVE-2015-0508
    CONFIRM
    oracle -- hyperionUnspecified vulnerability in the Oracle Hyperion BI+ component in Oracle Hyperion 11.1.2.2 and 11.1.2.3 allows remote attackers to affect integrity via unknown vectors related to Reporting and Analysis.2015-04-164.3CVE-2015-0509
    CONFIRM
    oracle -- commerce_platformUnspecified vulnerability in the Oracle Commerce Platform component in Oracle Commerce Platform 9.4, 10.0, and 10.2 allows remote attackers to affect integrity via vectors related to Dynamo Application Framework - HTML Admin User Interface.2015-04-164.3CVE-2015-0510
    CONFIRM
    oracle -- e-business_suiteUnspecified vulnerability in the Oracle Installed Base component in Oracle E-Business Suite 11.5.10.2, 12.0.4, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect integrity via unknown vectors related to Create Item Instance.2015-04-164.3CVE-2015-2565
    CONFIRM
    oracle -- mysqlUnspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote attackers to affect availability via unknown vectors related to Server : Security : Privileges.2015-04-165.0CVE-2015-2568
    CONFIRM
    oracle -- supply_chain_products_suiteUnspecified vulnerability in the Oracle Demand Planning component in Oracle Supply Chain Products Suite 11.5.10, 12.0, 12.1, and 12.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Security.2015-04-166.5CVE-2015-2570
    CONFIRM
    oracle -- mysqlUnspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.2015-04-164.0CVE-2015-2571
    CONFIRM
    oracle -- hyperion_smart_view_for_officeUnspecified vulnerability in the Oracle Hyperion Smart View for Office component in Oracle Hyperion 11.1.2.x, when running on Windows, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Core.2015-04-164.6CVE-2015-2572
    CONFIRM
    oracle -- mysqlUnspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via vectors related to DDL.2015-04-164.0CVE-2015-2573
    CONFIRM
    palo_alto_networks -- trapsMultiple cross-site scripting (XSS) vulnerabilities in Palo Alto Networks Traps (formerly Cyvera Endpoint Protection) 3.1.2.1546 allow remote attackers to inject arbitrary web script or HTML via the (1) Arguments, (2) FileName, or (3) URL parameter in a SOAP request.2015-04-144.3CVE-2015-2223
    MISC
    quassel-irc -- quasselStack consumption vulnerability in the message splitting functionality in Quassel before 0.12-rc1 allows remote attackers to cause a denial of service (uncontrolled recursion) via a crafted massage.2015-04-105.0CVE-2015-2779
    CONFIRM
    MLIST
    MLIST
    MLIST
    SUSE
    tuxfamily -- chronyHeap-based buffer overflow in chrony before 1.31.1 allows remote authenticated users to cause a denial of service (chronyd crash) or possibly execute arbitrary code by configuring the (1) NTP or (2) cmdmon access with a subnet size that is indivisible by four and an address with a nonzero bit in the subnet remainder.2015-04-166.5CVE-2015-1821
    MLIST
    DEBIAN
    tuxfamily -- chronychrony before 1.31.1 does not initialize the last "next" pointer when saving unacknowledged replies to command requests, which allows remote authenticated users to cause a denial of service (uninitialized pointer dereference and daemon crash) or possibly execute arbitrary code via a large number of command requests.2015-04-166.5CVE-2015-1822
    MLIST
    DEBIAN
    wesnoth -- battle_for_wesnothThe WML/Lua API in Battle for Wesnoth 1.7.x through 1.11.x and 1.12.x before 1.12.2 allows remote attackers to read arbitrary files via a crafted (1) campaign or (2) map file.2015-04-145.0CVE-2015-0844
    DEBIAN
    CONFIRM
    CONFIRM
    zoneo-soft -- phptrafficaCross-site scripting (XSS) vulnerability in Php/stats/statsRecent.inc.php in phpTrafficA 2.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the HTTP User-Agent header to index.php.2015-04-144.3CVE-2015-2926
    BUGTRAQ
    MISC
    Back to top

    Low Vulnerabilities

    Primary
    Vendor -- Product
    DescriptionPublishedCVSS ScoreSource & Patch Info
    apple -- iphone_osAppleKeyStore in Apple iOS before 8.3 does not properly restrict a certain passcode-confirmation interface, which makes it easier for attackers to verify correct passcode guesses via a crafted app.2015-04-101.9CVE-2015-1085
    CONFIRM
    SECTRACK
    APPLE
    apple -- iphone_osDirectory traversal vulnerability in Backup in Apple iOS before 8.3 allows attackers to read arbitrary files via a crafted relative path.2015-04-102.1CVE-2015-1087
    CONFIRM
    SECTRACK
    APPLE
    apple -- apple_tvIOAcceleratorFamily in Apple iOS before 8.3 and Apple TV before 7.2 allows attackers to obtain sensitive information about kernel memory via a crafted app.2015-04-101.9CVE-2015-1094
    CONFIRM
    CONFIRM
    SECTRACK
    APPLE
    APPLE
    apple -- apple_tvIOHIDFamily in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to obtain sensitive information about kernel memory via a crafted app.2015-04-101.9CVE-2015-1096
    CONFIRM
    CONFIRM
    CONFIRM
    SECTRACK
    APPLE
    APPLE
    APPLE
    apple -- apple_tvIOMobileFramebuffer in Apple iOS before 8.3 and Apple TV before 7.2 allows attackers to obtain sensitive information about kernel memory via a crafted app.2015-04-101.9CVE-2015-1097
    CONFIRM
    CONFIRM
    SECTRACK
    APPLE
    APPLE
    apple -- iphone_osThe QuickType feature in the Keyboards subsystem in Apple iOS before 8.3 allows physically proximate attackers to discover passcodes by reading the lock screen during use of a Bluetooth keyboard.2015-04-102.1CVE-2015-1106
    CONFIRM
    SECTRACK
    APPLE
    apple -- iphone_osThe Lock Screen component in Apple iOS before 8.3 does not properly implement the erasure feature for incorrect passcode-authentication attempts, which makes it easier for physically proximate attackers to obtain access by making many passcode guesses.2015-04-101.9CVE-2015-1107
    CONFIRM
    SECTRACK
    APPLE
    apple -- iphone_osThe Lock Screen component in Apple iOS before 8.3 does not properly enforce the limit on incorrect passcode-authentication attempts, which makes it easier for physically proximate attackers to obtain access by making many passcode guesses.2015-04-102.1CVE-2015-1108
    CONFIRM
    SECTRACK
    APPLE
    apple -- iphone_osNetworkExtension in Apple iOS before 8.3 stores credentials in VPN configuration logs, which makes it easier for physically proximate attackers to obtain sensitive information by reading a log file.2015-04-102.1CVE-2015-1109
    CONFIRM
    SECTRACK
    APPLE
    apple -- iphone_osThe Sandbox Profiles component in Apple iOS before 8.3 allows attackers to read the (1) telephone number or (2) e-mail address of a recent contact via a crafted app.2015-04-101.9CVE-2015-1113
    CONFIRM
    SECTRACK
    APPLE
    apple -- apple_tvThe Sandbox Profiles component in Apple iOS before 8.3 and Apple TV before 7.2 allows attackers to discover hardware identifiers via a crafted app.2015-04-101.9CVE-2015-1114
    CONFIRM
    CONFIRM
    SECTRACK
    APPLE
    APPLE
    apple -- iphone_osThe UIKit View component in Apple iOS before 8.3 displays unblurred application snapshots in the Task Switcher, which makes it easier for physically proximate attackers to obtain sensitive information by reading the device screen.2015-04-102.1CVE-2015-1116
    CONFIRM
    SECTRACK
    APPLE
    apple -- safariThe private-browsing implementation in WebKit in Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5 places browsing history into an index, which might allow local users to obtain sensitive information by reading index entries.2015-04-102.1CVE-2015-1127
    CONFIRM
    SECTRACK
    APPLE
    apple -- mac_os_xLaunchServices in Apple OS X before 10.10.3 allows local users to cause a denial of service (Finder crash) via crafted localization data.2015-04-102.1CVE-2015-1142
    CONFIRM
    SECTRACK
    APPLE
    apple -- mac_os_xThe Code Signing implementation in Apple OS X before 10.10.3 does not properly validate signatures, which allows local users to bypass intended access restrictions via a crafted bundle, a different vulnerability than CVE-2015-1146.2015-04-101.9CVE-2015-1145
    CONFIRM
    SECTRACK
    APPLE
    apple -- mac_os_xThe Code Signing implementation in Apple OS X before 10.10.3 does not properly validate signatures, which allows local users to bypass intended access restrictions via a crafted bundle, a different vulnerability than CVE-2015-1145.2015-04-101.9CVE-2015-1146
    CONFIRM
    SECTRACK
    APPLE
    lixil -- my_satis_genius_toiletThe LIXIL Corporation My SATIS Genius Toilet application for Android has a hardcoded Bluetooth PIN, which allows physically proximate attackers to trigger physical resource consumption (water or heat) or user discomfort.2015-04-163.3CVE-2013-4866
    MISC
    MISC
    MISC
    FULLDISC
    MISC
    MISC
    microsoft -- windows_8.1Virtual Machine Manager (VMM) in Hyper-V in Microsoft Windows 8.1 and Windows Server 2012 R2 allows guest OS users to cause a denial of service (VMM functionality loss) via a crafted application, aka "Windows Hyper-V DoS Vulnerability."2015-04-142.1CVE-2015-1647
    MS
    microsoft -- .net_frameworkASP.NET in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2, when the customErrors configuration is disabled, allows remote attackers to obtain sensitive configuration-file information via a crafted request, aka "ASP.NET Information Disclosure Vulnerability."2015-04-142.6CVE-2015-1648
    MS
    oracle -- fusion_middlewareUnspecified vulnerability in the Oracle OpenSSO component in Oracle Fusion Middleware 3.0-04 allows remote authenticated users to affect confidentiality via vectors related to OpenSSO Web Agents.2015-04-163.5CVE-2015-0451
    CONFIRM
    oracle -- peoplesoft_productsUnspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53 and 8.54 allows remote attackers to affect confidentiality via vectors related to PORTAL.2015-04-163.3CVE-2015-0453
    CONFIRM
    oracle -- peoplesoft_productsUnspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53 and 8.54 allows remote authenticated users to affect integrity via vectors related to PIA Core Technology, a different vulnerability than CVE-2015-0487.2015-04-163.5CVE-2015-0472
    CONFIRM
    oracle -- fusion_middlewareUnspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.4.1, 8.5.0, and 8.5.1 allows local users to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2015-0493.2015-04-161.5CVE-2015-0474
    CONFIRM
    oracle -- peoplesoft_productsUnspecified vulnerability in the PeopleSoft Enterprise SCM Strategic Sourcing component in Oracle PeopleSoft Products 9.1 and 9.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Security.2015-04-163.5CVE-2015-0485
    CONFIRM
    oracle -- e-business_suite_ampUnspecified vulnerability in the Application Management Pack for Oracle E-Business Suite component in Oracle E-Business Suite AMP 121030 and 121020 allows local users to affect confidentiality via vectors related to EBS Plugin.2015-04-161.2CVE-2015-0489
    CONFIRM
    oracle -- fusion_middlewareUnspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.4.1, 8.5.0, and 8.5.1 allows local users to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2015-0474.2015-04-161.5CVE-2015-0493
    CONFIRM
    oracle -- mysqlUnspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Replication.2015-04-161.7CVE-2015-0498
    CONFIRM
    oracle -- mysqlUnspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Federated.2015-04-163.5CVE-2015-0499
    CONFIRM
    oracle -- e-business_suiteUnspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 12.0.6 and 12.1.3 allows remote attackers to affect integrity via unknown vectors related to Error Messages.2015-04-162.6CVE-2015-0504
    CONFIRM
    oracle -- mysqlUnspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via vectors related to DDL.2015-04-163.5CVE-2015-0505
    CONFIRM
    oracle -- mysqlUnspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB, a different vulnerability than CVE-2015-0508.2015-04-163.5CVE-2015-0506
    CONFIRM
    oracle -- mysqlUnspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Memcached.2015-04-163.5CVE-2015-0507
    CONFIRM
    oracle -- mysqlUnspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : SP.2015-04-162.8CVE-2015-0511
    CONFIRM
    oracle -- mysqlUnspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via vectors related to DML.2015-04-162.8CVE-2015-2566
    CONFIRM
    oracle -- mysqlUnspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Privileges.2015-04-163.5CVE-2015-2567
    CONFIRM
    oracle -- solarisUnspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect confidentiality via unknown vectors related to Text Utilities.2015-04-162.1CVE-2015-2574
    CONFIRM
    oracle -- mysqlUnspecified vulnerability in the MySQL Utilities component in Oracle MySQL 1.5.1 and earlier, when running on Windows, allows local users to affect integrity via unknown vectors related to Installation.2015-04-162.1CVE-2015-2576
    CONFIRM
    oracle -- health_sciences_applicationsUnspecified vulnerability in the Oracle Health Sciences Argus Safety component in Oracle Health Sciences Applications 8.0 allows local users to affect confidentiality via vectors related to BIP Installer.2015-04-162.1CVE-2015-2579
    CONFIRM
    shareaholic -- shareaholicCross-site scripting (XSS) vulnerability in admin.php in the Shareaholic plugin before 7.6.1.0 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the location[id] parameter in a shareaholic_add_location action to wp-admin/admin-ajax.php.2015-04-143.5CVE-2014-9311
    CONFIRM
    MISC
    MISC
    usaa -- mobile_bankingThe USAA Mobile Banking application before 7.10.1 for Android displays the most recently-used screen before prompting the user for login, which might allow physically proximate users to obtain banking account numbers and balances.2015-04-162.1CVE-2015-1314
    FULLDISC
    MISC
    MISC
    Back to top

     


    This product is provided subject to this Notification and this Privacy & Use policy.


  • SB15-103: Vulnerability Summary for the Week of April 6, 2015
    Original release date: April 13, 2015

    The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

    The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

    • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

    • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

    • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

    Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

    High Vulnerabilities

    Primary
    Vendor -- Product
    DescriptionPublishedCVSS ScoreSource & Patch Info
    antlabs -- inngateThe ANTlabs InnGate firmware on IG 3100, IG 3101, InnGate 3.00 E, InnGate 3.01 E, InnGate 3.02 E, InnGate 3.10 E, InnGate 3.01 G, and InnGate 3.10 G devices does not require authentication for rsync sessions, which allows remote attackers to read or write to arbitrary files via TCP traffic on port 873.2015-04-0410.0CVE-2015-0932
    CERT-VN
    CONFIRM
    MISC
    MISC
    apache -- subversionThe mod_dav_svn server in Subversion 1.8.0 through 1.8.11 allows remote attackers to cause a denial of service (memory consumption) via a large number of REPORT requests, which trigger the traversal of FSFS repository nodes.2015-04-087.8CVE-2015-0202
    MANDRIVA
    CONFIRM
    apache -- cassandraThe default configuration in Apache Cassandra 1.2.0 through 1.2.19, 2.0.0 through 2.0.13, and 2.1.0 through 2.1.3 binds an unauthenticated JMX/RMI interface to all network interfaces, which allows remote attackers to execute arbitrary Java code via an RMI request.2015-04-037.5CVE-2015-0225
    BUGTRAQ
    MLIST
    MISC
    apple -- apple_tvIOHIDFamily in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted HID device.2015-04-107.2CVE-2015-1095
    CONFIRM
    CONFIRM
    CONFIRM
    APPLE
    APPLE
    APPLE
    apple -- apple_tvThe kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 does not properly handle TCP headers, which allows man-in-the-middle attackers to cause a denial of service via unspecified vectors.2015-04-107.1CVE-2015-1102
    CONFIRM
    CONFIRM
    CONFIRM
    APPLE
    APPLE
    APPLE
    apple -- apple_tvThe kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 makes routing changes in response to ICMP_REDIRECT messages, which allows remote attackers to cause a denial of service (network outage) or obtain sensitive packet-content information via a crafted ICMP packet.2015-04-107.5CVE-2015-1103
    CONFIRM
    CONFIRM
    CONFIRM
    APPLE
    APPLE
    APPLE
    apple -- mac_os_xThe XPC implementation in Admin Framework in Apple OS X before 10.10.3 allows local users to bypass authentication and obtain admin privileges via unspecified vectors.2015-04-107.2CVE-2015-1130
    CONFIRM
    APPLE
    apple -- mac_os_xfontd in Apple Type Services (ATS) in Apple OS X before 10.10.3 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-1132, CVE-2015-1133, CVE-2015-1134, and CVE-2015-1135.2015-04-107.2CVE-2015-1131
    CONFIRM
    APPLE
    apple -- mac_os_xfontd in Apple Type Services (ATS) in Apple OS X before 10.10.3 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-1131, CVE-2015-1133, CVE-2015-1134, and CVE-2015-1135.2015-04-1010.0CVE-2015-1132
    CONFIRM
    APPLE
    apple -- mac_os_xfontd in Apple Type Services (ATS) in Apple OS X before 10.10.3 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-1131, CVE-2015-1132, CVE-2015-1134, and CVE-2015-1135.2015-04-107.2CVE-2015-1133
    CONFIRM
    APPLE
    apple -- mac_os_xfontd in Apple Type Services (ATS) in Apple OS X before 10.10.3 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-1131, CVE-2015-1132, CVE-2015-1133, and CVE-2015-1135.2015-04-107.2CVE-2015-1134
    CONFIRM
    APPLE
    apple -- mac_os_xfontd in Apple Type Services (ATS) in Apple OS X before 10.10.3 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-1131, CVE-2015-1132, CVE-2015-1133, and CVE-2015-1134.2015-04-107.2CVE-2015-1135
    CONFIRM
    APPLE
    apple -- mac_os_xThe NVIDIA graphics driver in Apple OS X before 10.10.3 allows local users to gain privileges or cause a denial of service (NULL pointer dereference) via an unspecified IOService userclient type.2015-04-107.2CVE-2015-1137
    CONFIRM
    APPLE
    apple -- mac_os_xBuffer overflow in IOHIDFamily in Apple OS X before 10.10.3 allows local users to gain privileges via unspecified vectors.2015-04-107.2CVE-2015-1140
    CONFIRM
    APPLE
    apple -- mac_os_xLaunchServices in Apple OS X before 10.10.3 allows local users to gain privileges via a crafted localized string, related to a "type confusion" issue.2015-04-107.2CVE-2015-1143
    CONFIRM
    APPLE
    apple -- mac_os_xBuffer overflow in the UniformTypeIdentifiers component in Apple OS X before 10.10.3 allows local users to gain privileges via a crafted Uniform Type Identifier.2015-04-107.2CVE-2015-1144
    CONFIRM
    APPLE
    apple -- xcodeInteger overflow in the simulator in Swift in Apple Xcode before 6.3 allows context-dependent attackers to cause a denial of service or possibly have unspecified other impact by triggering an incorrect result of a type conversion.2015-04-107.5CVE-2015-1149
    CONFIRM
    APPLE
    arj_software -- arj_archiverBuffer overflow in Open-source ARJ archiver 3.10.22 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ARJ archive.2015-04-087.5CVE-2015-2782
    MLIST
    MLIST
    DEBIAN
    c-board_moyuku_project -- c-board_moyukuUnrestricted file upload vulnerability in app/lib/mlf.pl in C-BOARD Moyuku before 1.03b3 allows remote attackers to execute arbitrary code by uploading a file with a \0 character in its name.2015-04-057.5CVE-2015-0877
    CONFIRM
    JVNDB
    JVN
    ca -- spectrumCA Spectrum 9.2.x and 9.3.x before 9.3 H02 does not properly validate serialized Java objects, which allows remote authenticated users to obtain administrative privileges via crafted object data.2015-04-079.0CVE-2015-2828
    CONFIRM
    cisco -- unity_connectionThe Connection Conversation Manager (aka CuCsMgr) process in Cisco Unity Connection 8.5 before 8.5(1)SU6, 8.6 before 8.6(2a)SU4, and 9.x before 9.1(2)SU2, when SIP trunk integration is enabled, allows remote attackers to cause a denial of service (SIP outage) via a crafted UDP packet, aka Bug ID CSCuh25062.2015-04-037.1CVE-2015-0612
    SECTRACK
    CISCO
    cisco -- unity_connectionThe Connection Conversation Manager (aka CuCsMgr) process in Cisco Unity Connection 8.5 before 8.5(1)SU7, 8.6 before 8.6(2a)SU4, 9.x before 9.1(2)SU2, and 10.0 before 10.0(1)SU1, when SIP trunk integration is enabled, allows remote attackers to cause a denial of service (core dump and restart) via crafted SIP INVITE messages, aka Bug ID CSCul20444.2015-04-037.1CVE-2015-0613
    SECTRACK
    CISCO
    cisco -- unity_connectionThe Connection Conversation Manager (aka CuCsMgr) process in Cisco Unity Connection 8.5 before 8.5(1)SU7, 8.6 before 8.6(2a)SU4, 9.x before 9.1(2)SU2, and 10.0 before 10.0(1)SU1, when SIP trunk integration is enabled, allows remote attackers to cause a denial of service (core dump and restart) via crafted SIP INVITE messages, aka Bug ID CSCul26267.2015-04-037.1CVE-2015-0614
    SECTRACK
    CISCO
    cisco -- unity_connectionThe call-handling implementation in Cisco Unity Connection 8.5 before 8.5(1)SU7, 8.6 before 8.6(2a)SU4, 9.x before 9.1(2)SU2, and 10.0 before 10.0(1)SU1, when SIP trunk integration is enabled, allows remote attackers to cause a denial of service (port consumption) by improperly terminating SIP sessions, aka Bug ID CSCul28089.2015-04-037.1CVE-2015-0615
    SECTRACK
    CISCO
    cisco -- unity_connectionThe Connection Conversation Manager (aka CuCsMgr) process in Cisco Unity Connection 8.5 before 8.5(1)SU7, 8.6 before 8.6(2a)SU4, and 9.x before 9.1(2)SU2, when SIP trunk integration is enabled, allows remote attackers to cause a denial of service (core dump and restart) by improperly terminating SIP TCP connections, aka Bug ID CSCul69819.2015-04-037.1CVE-2015-0616
    SECTRACK
    CISCO
    cisco -- prime_data_center_network_managerDirectory traversal vulnerability in the fmserver servlet in Cisco Prime Data Center Network Manager (DCNM) before 7.1(1) allows remote attackers to read arbitrary files via a crafted pathname, aka Bug ID CSCus00241.2015-04-037.8CVE-2015-0666
    SECTRACK
    CISCO
    cisco -- ios_xeCisco IOS XE 3.10.2S on an ASR 1000 device with an Embedded Services Processor (ESP) module, when NAT is enabled, allows remote attackers to cause a denial of service (module crash) via malformed H.323 packets, aka Bug ID CSCup21070.2015-04-037.1CVE-2015-0688
    SECTRACK
    CISCO
    gnu -- glibcThe ADDW macro in stdio-common/vfscanf.c in the GNU C Library (aka glibc or libc6) before 2.21 does not properly consider data-type size during memory allocation, which allows context-dependent attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a long line containing wide characters that are improperly handled in a wscanf call.2015-04-087.5CVE-2015-1472
    MLIST
    CONFIRM
    MLIST
    hidemaru -- editorBuffer overflow in Saitoh Kikaku Maruo Editor 8.51 and earlier allows remote attackers to execute arbitrary code via a crafted .hmbook file.2015-04-037.5CVE-2015-0903
    JVNDB
    JVN
    CONFIRM
    ibm -- rational_clearcaseThe MSCAPI/MSCNG interface implementation in GSKit in IBM Rational ClearCase 7.1.2.x before 7.1.2.17, 8.0.0.x before 8.0.0.14, and 8.0.1.x before 8.0.1.7 does not properly generate random numbers, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors.2015-04-059.4CVE-2014-6221
    CONFIRM
    SECTRACK
    ibm -- dominoThe LDAP Server in IBM Domino 8.5.x before 8.5.3 FP6 IF6 and 9.x before 9.0.1 FP3 IF1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, aka SPR KLYH9SLRGM.2015-04-0510.0CVE-2015-0117
    CONFIRM
    SECTRACK
    ibm -- tivoli_storage_manager_fastbackFastBack Mount in IBM Tivoli Storage Manager FastBack 6.1.x before 6.1.11.1 allows remote attackers to execute arbitrary code by connecting to the Mount port.2015-04-057.5CVE-2015-0119
    CONFIRM
    ibm -- dominoBuffer overflow in the SSLv2 implementation in IBM Domino 8.5.x before 8.5.1 FP5 IF3, 8.5.2 before FP4 IF3, 8.5.3 before FP6 IF6, 9.0 before IF7, and 9.0.1 before FP2 IF3 allows remote attackers to execute arbitrary code via unspecified vectors.2015-04-0510.0CVE-2015-0134
    CONFIRM
    SECTRACK
    ibm -- dominoNotes System Diagnostic (NSD) in IBM Domino 8.5.x before 8.5.3 FP6 IF6 and 9.x before 9.0.1 FP3 IF1 allows local users to obtain the System privilege via unspecified vectors, aka SPR TCHL9SST8V.2015-04-057.2CVE-2015-0179
    CONFIRM
    SECTRACK
    linux -- linux_kernelThe IPv4 implementation in the Linux kernel before 3.18.8 does not properly consider the length of the Read-Copy Update (RCU) grace period for redirecting lookups in the absence of caching, which allows remote attackers to cause a denial of service (memory consumption or system crash) via a flood of packets.2015-04-057.8CVE-2015-1465
    CONFIRM
    CONFIRM
    UBUNTU
    UBUNTU
    MLIST
    CONFIRM
    CONFIRM
    oxide_project -- oxideUse-after-free vulnerability in Oxide before 1.5.6 and 1.6.x before 1.6.1 allows remote attackers to cause a denial of service (crash) or possible execute arbitrary code by deleting all WebContents while a RenderProcessHost instance still exists.2015-04-087.5CVE-2015-1317
    CONFIRM
    UBUNTU
    redhat -- openstackThe puppet manifests in the Red Hat openstack-puppet-modules package before 2014.2.13-2 uses a default password of CHANGEME for the pcsd daemon, which allows remote attackers to execute arbitrary shell commands via unspecified vectors.2015-04-1010.0CVE-2015-1842
    CONFIRM
    REDHAT
    REDHAT
    simple_ads_manager_project -- simple_ads_managerMultiple SQL injection vulnerabilities in sam-ajax-admin.php in the Simple Ads Manager plugin 2.5.94 and 2.5.96 for WordPress allow remote attackers to execute arbitrary SQL commands via a (1) hits[][] parameter in a sam_hits action; the (2) cstr parameter in a load_posts action; the (3) searchTerm parameter in a load_combo_data action; or the (4) subscriber, (5) contributor, (6) author, (7) editor, (8) admin, or (9) sadmin parameter in a load_users action.2015-04-067.5CVE-2015-2824
    BUGTRAQ
    BUGTRAQ
    FULLDISC
    FULLDISC
    MISC
    Back to top

    Medium Vulnerabilities

    Primary
    Vendor -- Product
    DescriptionPublishedCVSS ScoreSource & Patch Info
    apache -- subversionThe (1) mod_dav_svn and (2) svnserve servers in Subversion 1.6.0 through 1.7.19 and 1.8.0 through 1.8.11 allow remote attackers to cause a denial of service (assertion failure and abort) via crafted parameter combinations related to dynamically evaluated revision numbers.2015-04-085.0CVE-2015-0248
    MANDRIVA
    CONFIRM
    apache -- subversionThe mod_dav_svn server in Subversion 1.5.0 through 1.7.19 and 1.8.0 through 1.8.11 allows remote authenticated users to spoof the svn:author property via a crafted v1 HTTP protocol request sequences.2015-04-084.0CVE-2015-0251
    MANDRIVA
    CONFIRM
    apache -- flexCross-site scripting (XSS) vulnerability in asdoc/templates/index.html in Apache Flex before 4.14.1 allows remote attackers to inject arbitrary web script or HTML by providing a crafted URI to JavaScript code generated by the asdoc component.2015-04-074.3CVE-2015-1773
    BUGTRAQ
    apple -- iphone_osCFURL in Apple iOS before 8.3 and Apple OS X before 10.10.3 does not properly validate URLs, which allows remote attackers to execute arbitrary code via a crafted web site.2015-04-106.8CVE-2015-1088
    CONFIRM
    CONFIRM
    APPLE
    APPLE
    apple -- iphone_osCFNetwork in Apple iOS before 8.3 and Apple OS X before 10.10.3 does not properly handle cookies during processing of redirects in HTTP responses, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.2015-04-105.0CVE-2015-1089
    CONFIRM
    CONFIRM
    APPLE
    APPLE
    apple -- iphone_osCFNetwork in Apple iOS before 8.3 does not delete HTTP Strict Transport Security (HSTS) state information in response to a Safari history-clearing action, which allows attackers to obtain sensitive information by reading a history file.2015-04-105.0CVE-2015-1090
    CONFIRM
    APPLE
    apple -- iphone_osThe CFNetwork Session component in Apple iOS before 8.3 and Apple OS X before 10.10.3 does not properly handle request headers during processing of redirects in HTTP responses, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.2015-04-104.3CVE-2015-1091
    CONFIRM
    CONFIRM
    APPLE
    APPLE
    apple -- apple_tvNSXMLParser in Foundation in Apple iOS before 8.3 and Apple TV before 7.2 allows remote attackers to read arbitrary files via an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.2015-04-105.0CVE-2015-1092
    CONFIRM
    CONFIRM
    APPLE
    APPLE
    apple -- iphone_osFontParser in Apple iOS before 8.3 and Apple OS X before 10.10.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file.2015-04-106.8CVE-2015-1093
    CONFIRM
    CONFIRM
    APPLE
    APPLE
    apple -- iphone_osiWork in Apple iOS before 8.3 and Apple OS X before 10.10.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted iWork file.2015-04-106.8CVE-2015-1098
    CONFIRM
    CONFIRM
    APPLE
    APPLE
    apple -- apple_tvThe kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 does not properly determine whether an IPv6 packet had a local origin, which allows remote attackers to bypass an intended network-filtering protection mechanism via a crafted packet.2015-04-105.0CVE-2015-1104
    CONFIRM
    CONFIRM
    CONFIRM
    APPLE
    APPLE
    APPLE
    apple -- apple_tvThe TCP implementation in the kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 does not properly implement the Urgent (aka out-of-band data) mechanism, which allows remote attackers to cause a denial of service via crafted packets.2015-04-105.0CVE-2015-1105
    CONFIRM
    CONFIRM
    CONFIRM
    APPLE
    APPLE
    APPLE
    apple -- apple_tvThe Podcasts component in Apple iOS before 8.3 and Apple TV before 7.2 allows remote attackers to discover unique identifiers by reading asset-download request data.2015-04-105.0CVE-2015-1110
    CONFIRM
    CONFIRM
    APPLE
    APPLE
    apple -- iphone_osSafari in Apple iOS before 8.3 does not delete Recently Closed Tabs data in response to a history-clearing action, which allows attackers to obtain sensitive information by reading a history file.2015-04-105.0CVE-2015-1111
    CONFIRM
    APPLE
    apple -- safariApple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, as used on iOS before 8.3 and other platforms, does not properly delete browsing-history data from the history.plist file, which allows attackers to obtain sensitive information by reading this file.2015-04-105.0CVE-2015-1112
    CONFIRM
    CONFIRM
    APPLE
    APPLE
    apple -- apple_tvlibnetcore in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to cause a denial of service (memory corruption and application crash) via a crafted configuration profile.2015-04-105.0CVE-2015-1118
    CONFIRM
    CONFIRM
    CONFIRM
    APPLE
    APPLE
    APPLE
    apple -- apple_tvWebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-04-08-1, APPLE-SA-2015-04-08-3, and APPLE-SA-2015-04-08-4.2015-04-106.8CVE-2015-1119
    CONFIRM
    CONFIRM
    CONFIRM
    APPLE
    APPLE
    APPLE
    apple -- apple_tvWebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-04-08-1, APPLE-SA-2015-04-08-3, and APPLE-SA-2015-04-08-4.2015-04-106.8CVE-2015-1120
    CONFIRM
    CONFIRM
    CONFIRM
    APPLE
    APPLE
    APPLE
    apple -- apple_tvWebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-04-08-1, APPLE-SA-2015-04-08-3, and APPLE-SA-2015-04-08-4.2015-04-106.8CVE-2015-1121
    CONFIRM
    CONFIRM
    CONFIRM
    APPLE
    APPLE
    APPLE
    apple -- apple_tvWebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-04-08-1, APPLE-SA-2015-04-08-3, and APPLE-SA-2015-04-08-4.2015-04-106.8CVE-2015-1122
    CONFIRM
    CONFIRM
    CONFIRM
    APPLE
    APPLE
    APPLE
    apple -- apple_tvWebKit, as used in Apple iOS before 8.3 and Apple TV before 7.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-04-08-3 and APPLE-SA-2015-04-08-4.2015-04-106.8CVE-2015-1123
    CONFIRM
    CONFIRM
    APPLE
    APPLE
    apple -- apple_tvWebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-04-08-1, APPLE-SA-2015-04-08-3, and APPLE-SA-2015-04-08-4.2015-04-106.8CVE-2015-1124
    CONFIRM
    CONFIRM
    CONFIRM
    APPLE
    APPLE
    APPLE
    apple -- iphone_osThe touch-events implementation in WebKit in Apple iOS before 8.3 allows remote attackers to trigger an association between a tap and an unintended web resource via a crafted web site.2015-04-104.3CVE-2015-1125
    CONFIRM
    APPLE
    apple -- safariWebKit, as used in Apple iOS before 8.3 and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, does not properly handle the userinfo field in FTP URLs, which allows remote attackers to trigger incorrect resource access via unspecified vectors.2015-04-104.3CVE-2015-1126
    CONFIRM
    CONFIRM
    APPLE
    APPLE
    apple -- safariThe private-browsing implementation in Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5 allows attackers to obtain sensitive browsing-history information via vectors involving push-notification requests.2015-04-105.0CVE-2015-1128
    CONFIRM
    APPLE
    apple -- safariApple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5 does not properly select X.509 client certificates, which makes it easier for remote attackers to track users via a crafted web site.2015-04-104.3CVE-2015-1129
    CONFIRM
    APPLE
    apple -- mac_os_xUse-after-free vulnerability in CoreAnimation in Apple OS X before 10.10.3 allows remote attackers to execute arbitrary code by leveraging improper use of a mutex.2015-04-106.8CVE-2015-1136
    CONFIRM
    APPLE
    apple -- mac_os_xHypervisor in Apple OS X before 10.10.3 allows local users to cause a denial of service via unspecified vectors.2015-04-104.9CVE-2015-1138
    CONFIRM
    APPLE
    apple -- mac_os_xImageIO in Apple OS X before 10.10.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted .sgi file.2015-04-106.8CVE-2015-1139
    CONFIRM
    APPLE
    apple -- mac_os_xThe mach_vm_read functionality in the kernel in Apple OS X before 10.10.3 allows local users to cause a denial of service (system crash) via unspecified vectors.2015-04-104.9CVE-2015-1141
    CONFIRM
    APPLE
    apple -- mac_os_xOpen Directory Client in Apple OS X before 10.10.3 sends unencrypted password-change requests in certain circumstances involving missing certificates, which allows remote attackers to obtain sensitive information by sniffing the network.2015-04-105.0CVE-2015-1147
    CONFIRM
    APPLE
    apple -- mac_os_xScreen Sharing in Apple OS X before 10.10.3 stores the password of a user in a log file, which might allow context-dependent attackers to obtain sensitive information by reading this file.2015-04-105.0CVE-2015-1148
    CONFIRM
    APPLE
    arj_software -- arj_archiverOpen-source ARJ archiver 3.10.22 allows remote attackers to conduct directory traversal attacks via a symlink attack in an ARJ archive.2015-04-085.8CVE-2015-0556
    CONFIRM
    MLIST
    MLIST
    DEBIAN
    arj_software -- arj_archiverOpen-source ARJ archiver 3.10.22 does not properly remove leading slashes from paths, which allows remote attackers to conduct absolute path traversal attacks and write to arbitrary files via multiple leading slashes in a path in an ARJ archive.2015-04-085.8CVE-2015-0557
    CONFIRM
    MLIST
    MLIST
    DEBIAN
    bblog_project -- bblogCross-site request forgery (CSRF) vulnerability in bBlog allows remote attackers to hijack the authentication of arbitrary users.2015-04-076.8CVE-2015-0905
    MISC
    JVNDB
    JVN
    cisco -- unified_communications_domain_managerCisco Unified Communications Domain Manager 8.1(4) allows remote authenticated users to execute arbitrary code by visiting a "deprecated page," aka Bug ID CSCup90168.2015-04-036.5CVE-2015-0682
    SECTRACK
    CISCO
    cisco -- unified_communications_domain_managerCisco Unified Communications Domain Manager 8.1(4) allows remote authenticated users to obtain sensitive information via a file-inclusion attack, aka Bug ID CSCup94744.2015-04-034.0CVE-2015-0683
    SECTRACK
    CISCO
    cisco -- unified_communications_domain_managerSQL injection vulnerability in the Image Management component in Cisco Unified Communications Domain Manager 8.1(4) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuq52515.2015-04-036.5CVE-2015-0684
    SECTRACK
    CISCO
    cisco -- wireless_lan_controller_softwareCross-site scripting (XSS) vulnerability in the HTML help system on Cisco Wireless LAN Controller (WLC) devices before 8.0 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCun95178.2015-04-064.3CVE-2015-0690
    SECTRACK
    CISCO
    emc -- powerpath_virtual_applianceEMC PowerPath Virtual Appliance (aka vApp) before 2.0 has default passwords for the (1) emcupdate and (2) svcuser accounts, which makes it easier for remote attackers to obtain potentially sensitive information via a login session.2015-04-045.0CVE-2015-0529
    BUGTRAQ
    MISC
    ericsson -- drutt_mobile_service_delivery_platformMultiple cross-site scripting (XSS) vulnerabilities in the Report Viewer in Ericsson Drutt Mobile Service Delivery Platform (MSDP) 4, 5, and 6 allow remote attackers to inject arbitrary web script or HTML via the (1) portal, (2) fromDate, (3) toDate, (4) fromTime, (5) toTime, (6) kword, (7) uname, (8) pname, (9) sname, (10) atype, or (11) atitle parameter to top-links.jsp; (12) portal or (13) uid parameter to (a) page-summary.jsp or (b) service-summary.jsp; (14) portal, (15) fromDate, (16) toDate, (17) fromTime, (18) toTime, (19) sortDirection, (20) kword, (21) uname, (22) pname, (23) sname, (24) file, (25) atype, or (26) atitle parameter to (a) top-useragent-devices.jsp or (b) top-interest-areas.jsp; (27) fromDate, (28) toDate, (29) fromTime, (30) toTime, (31) sortDirection, (32) kword, (33) uname, (34) pname, (35) sname, (36) file, (37) atype, or (38) atitle parameter to top-message-services.jsp; (39) portal, (40) fromDate, (41) toDate, (42) fromTime, (43) toTime, (44) orderBy, (45) sortDirection, (46) kword, (47) uname, (48) pname, (49) sname, (50) file, (51) atype, or (52) atitle parameter to (a) user-statistics.jsp, (b) top-web-pages.jsp, (c) top-devices.jsp, (d) top-pages.jsp, (e) session-summary.jsp, (f) top-providers.jsp, (g) top-modules.jsp, or (h) top-services.jsp; (53) fromDate, (54) toDate, (55) fromTime, (56) toTime, (57) orderBy, (58) sortDirection, (59) uid, (60) uid2, (61) kword, (62) uname, (63) pname, (64) sname, (65) file, (66) atype, or (67) atitle parameter to message-shortcode-summary.jsp; (68) fromDate, (69) toDate, (70) fromTime, (71) toTime, (72) orderBy, (73) sortDirection, (74) uid, (75) kword, (76) uname, (77) pname, (78) sname, (79) file, (80) atype, or (81) atitle parameter to (a) message-providers-summary.jsp or (b) message-services-summary.jsp; (82) kword, (83) uname, (84) pname, (85) sname, (86) file, (87) atype, or (88) atitle parameter to license-summary.jsp; (89) portal, (90) fromDate, (91) toDate, (92) fromTime, (93) toTime, (94) orderBy, (95) sortDirection, (96) uid, (97) uid2, (98) kword, (99) uname, (100) pname, (101) sname, (102) file, (103) atype, or (104) atitle parameter to useragent-device-summary.jsp; (105) fromDate, (106) toDate, (107) fromTime, (108) toTime, (109) orderBy, (110) sortDirection, (111) kword, (112) uname, (113) pname, (114) sname, (115) file, (116) atype, or (117) atitle parameter to (a) top-message-providers.jsp, (b) top-message-devices.jsp, (c) top-message-assets.jsp, (d) top-message-downloads.jsp, or (e) top-message-shortcode.jsp; (118) fromDate, (119) toDate, (120) fromTime, (121) toTime, (122) kword, (123) uname, (124) pname, (125) sname, (126) file, (127) atype, or (128) atitle parameter to request-summary.jsp; (129) portal parameter to link-summary-select.jsp, (130) provider-summary-select.jsp, or (131) module-summary-select.jsp; (132) portal, (133) uid, (134) kword, (135) uname, (136) pname, (137) sname, (138) file, (139) atype, or (140) atitle parameter to link-summary.jsp; (141) portal, (142) fromDate, (143) toDate, (144) fromTime, (145) toTime, (146) orderBy, (147) sortDirection, (148) uid, (149) kword, (150) uname, (151) pname, (152) sname, (153) file, (154) atype, or (155) atitle parameter to (a) provider-summary.jsp or (b) module-summary.jsp in reports/pages/.2015-04-064.3CVE-2015-2165
    MISC
    ericsson -- drutt_mobile_service_delivery_platformDirectory traversal vulnerability in the Instance Monitor in Ericsson Drutt Mobile Service Delivery Platform (MSDP) 4, 5, and 6 allows remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the default URI.2015-04-065.0CVE-2015-2166
    MISC
    ericsson -- drutt_mobile_service_delivery_platformOpen redirect vulnerability in the 3PI Manager in Ericsson Drutt Mobile Service Delivery Platform (MSDP) 4, 5, and 6 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter to jsp/start-3pi-manager.jsp.2015-04-065.8CVE-2015-2167
    MISC
    gnu -- glibcThe ADDW macro in stdio-common/vfscanf.c in the GNU C Library (aka glibc or libc6) before 2.21 does not properly consider data-type size during a risk-management decision for use of the alloca function, which might allow context-dependent attackers to cause a denial of service (segmentation violation) or overwrite memory locations beyond the stack boundary via a long line containing wide characters that are improperly handled in a wscanf call.2015-04-086.4CVE-2015-1473
    CONFIRM
    MLIST
    ibm -- websphere_datapower_xc10_appliance_firmwareThe IBM WebSphere DataPower XC10 appliance 2.1 before 2.1.0.3 allows remote attackers to hijack the sessions of arbitrary users, and consequently obtain sensitive information or modify data, via unspecified vectors.2015-04-056.8CVE-2015-1893
    CONFIRM
    SECTRACK
    AIXAPAR
    mcafee -- advanced_threat_defenseMcAfee Advanced Threat Defense (MATD) before 3.4.4.63 allows remote authenticated users to bypass intended restrictions and change or update configuration settings via crafted parameters.2015-04-085.5CVE-2015-3028
    CONFIRM
    mcafee -- advanced_threat_defenseThe web interface in McAfee Advanced Threat Defense (MATD) before 3.4.4.63 does not properly restrict access, which allows remote authenticated users to obtain sensitive information via unspecified vectors.2015-04-084.0CVE-2015-3029
    CONFIRM
    mcafee -- advanced_threat_defenseThe web interface in McAfee Advanced Threat Defense (MATD) before 3.4.4.63 allows remote authenticated users to obtain sensitive configuration information via unspecified vectors.2015-04-084.0CVE-2015-3030
    CONFIRM
    mozilla -- firefoxThe Reader mode feature in Mozilla Firefox before 37.0.1 on Android, and Desktop Firefox pre-release, does not properly handle privileged URLs, which makes it easier for remote attackers to execute arbitrary JavaScript code with chrome privileges by leveraging the ability to bypass the Same Origin Policy.2015-04-085.0CVE-2015-0798
    CONFIRM
    CONFIRM
    mozilla -- firefoxThe HTTP Alternative Services feature in Mozilla Firefox before 37.0.1 allows man-in-the-middle attackers to bypass an intended X.509 certificate-verification step for an SSL server by specifying that server in the uri-host field of an Alt-Svc HTTP/2 response header.2015-04-084.3CVE-2015-0799
    CONFIRM
    CONFIRM
    ntp -- ntpThe symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP 3.x and 4.x before 4.2.8p2 performs state-variable updates upon receiving certain invalid packets, which makes it easier for man-in-the-middle attackers to cause a denial of service (synchronization loss) by spoofing the source IP address of a peer.2015-04-084.3CVE-2015-1799
    CERT-VN
    CONFIRM
    CONFIRM
    pfsense -- pfsenseCross-site request forgery (CSRF) vulnerability in system_firmware_restorefullbackup.php in the WebGUI in pfSense before 2.2.1 allows remote attackers to hijack the authentication of administrators for requests that delete arbitrary files via the deletefile parameter.2015-04-106.8CVE-2015-2295
    CONFIRM
    MISC
    BUGTRAQ
    MISC
    qualiteam -- x-cartCross-site scripting (XSS) vulnerability in admin.php in X-Cart 5.1.6 through 5.1.10 allows remote attackers to inject arbitrary web script or HTML via the substring parameter.2015-04-044.3CVE-2015-0950
    CERT-VN
    CONFIRM
    qualiteam -- x-cartX-Cart before 5.1.11 allows remote authenticated users to read or delete address data of arbitrary accounts via a modified (1) update or (2) remove request.2015-04-046.5CVE-2015-0951
    CERT-VN
    CONFIRM
    quassel-irc -- quasselQuassel before 0.12-rc1 uses an incorrect data-type size when splitting a message, which allows remote attackers to cause a denial of service (crash) via a long CTCP query containing only multibyte characters.2015-04-105.0CVE-2015-2778
    CONFIRM
    MLIST
    MLIST
    MLIST
    SUSE
    redhat -- dockerThe Red Hat docker package before 1.5.0-28, when using the --add-registry option, falls back to HTTP when the HTTPS connection to the registry fails, which allows man-in-the-middle attackers to conduct downgrade attacks and obtain authentication and image data by leveraging a network position between the client and the registry to block HTTPS traffic. NOTE: this vulnerability exists because of a CVE-2014-5277 regression.2015-04-064.3CVE-2015-1843
    CONFIRM
    REDHAT
    saurus -- saurus_cmsMultiple cross-site scripting (XSS) vulnerabilities in the print_language_selectbox function in classes/adminpage.inc.php in Saurus CMS Community Edition before 4.7 2015-02-04 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.2015-04-064.3CVE-2015-0876
    CONFIRM
    JVNDB
    JVN
    schneider-electric -- vampsetMultiple buffer overflows in Schneider Electric VAMPSET before 2.2.168 allow local users to gain privileges via malformed disturbance-recording data in a (1) CFG or (2) DAT file.2015-04-034.4CVE-2014-8390
    MISC
    CONFIRM
    BUGTRAQ
    MISC
    siemens -- simatic_step_7Siemens SIMATIC STEP 7 (TIA Portal) 12 and 13 before 13 SP1 Upd1 allows man-in-the-middle attackers to obtain sensitive information or modify transmitted data via unspecified vectors.2015-04-056.8CVE-2015-1601
    CONFIRM
    siemens -- winccSiemens SIMATIC HMI Comfort Panels before WinCC (TIA Portal) 13 SP1 Upd2 and SIMATIC WinCC Runtime Advanced before WinCC (TIA Portal) 13 SP1 Upd2 allow man-in-the-middle attackers to cause a denial of service via crafted packets on TCP port 102.2015-04-084.3CVE-2015-2822
    CONFIRM
    siemens -- winccSiemens SIMATIC HMI Basic Panels 2nd Generation before WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC HMI Comfort Panels before WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC WinCC Runtime Advanced before WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC WinCC Runtime Professional before WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC HMI Basic Panels 1st Generation (WinCC TIA Portal), SIMATIC HMI Mobile Panel 277 (WinCC TIA Portal), SIMATIC HMI Multi Panels (WinCC TIA Portal), and SIMATIC WinCC 7.x before 7.3 Upd4 allow remote attackers to complete authentication by leveraging knowledge of a password hash without knowledge of the associated password.2015-04-086.8CVE-2015-2823
    CONFIRM
    Back to top

    Low Vulnerabilities

    Primary
    Vendor -- Product
    DescriptionPublishedCVSS ScoreSource & Patch Info
    apple -- iphone_osAppleKeyStore in Apple iOS before 8.3 does not properly restrict a certain passcode-confirmation interface, which makes it easier for attackers to verify correct passcode guesses via a crafted app.2015-04-101.9CVE-2015-1085
    CONFIRM
    APPLE
    apple -- iphone_osDirectory traversal vulnerability in Backup in Apple iOS before 8.3 allows attackers to read arbitrary files via a crafted relative path.2015-04-102.1CVE-2015-1087
    CONFIRM
    APPLE
    apple -- iphone_osThe QuickType feature in the Keyboards subsystem in Apple iOS before 8.3 allows physically proximate attackers to discover passcodes by reading the lock screen during use of a Bluetooth keyboard.2015-04-102.1CVE-2015-1106
    CONFIRM
    APPLE
    apple -- iphone_osThe Lock Screen component in Apple iOS before 8.3 does not properly implement the erasure feature for incorrect passcode-authentication attempts, which makes it easier for physically proximate attackers to obtain access by making many passcode guesses.2015-04-101.9CVE-2015-1107
    CONFIRM
    APPLE
    apple -- iphone_osThe Lock Screen component in Apple iOS before 8.3 does not properly enforce the limit on incorrect passcode-authentication attempts, which makes it easier for physically proximate attackers to obtain access by making many passcode guesses.2015-04-102.1CVE-2015-1108
    CONFIRM
    APPLE
    apple -- iphone_osNetworkExtension in Apple iOS before 8.3 stores credentials in VPN configuration logs, which makes it easier for physically proximate attackers to obtain sensitive information by reading a log file.2015-04-102.1CVE-2015-1109
    CONFIRM
    APPLE
    apple -- iphone_osThe UIKit View component in Apple iOS before 8.3 displays unblurred application snapshots in the Task Switcher, which makes it easier for physically proximate attackers to obtain sensitive information by reading the device screen.2015-04-102.1CVE-2015-1116
    CONFIRM
    APPLE
    apple -- safariThe private-browsing implementation in WebKit in Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5 places browsing history into an index, which might allow local users to obtain sensitive information by reading index entries.2015-04-102.1CVE-2015-1127
    CONFIRM
    APPLE
    apple -- mac_os_xLaunchServices in Apple OS X before 10.10.3 allows local users to cause a denial of service (Finder crash) via crafted localization data.2015-04-102.1CVE-2015-1142
    CONFIRM
    APPLE
    apple -- mac_os_xThe Code Signing implementation in Apple OS X before 10.10.3 does not properly validate signatures, which allows local users to bypass intended access restrictions via a crafted bundle, a different vulnerability than CVE-2015-1146.2015-04-101.9CVE-2015-1145
    CONFIRM
    APPLE
    apple -- mac_os_xThe Code Signing implementation in Apple OS X before 10.10.3 does not properly validate signatures, which allows local users to bypass intended access restrictions via a crafted bundle, a different vulnerability than CVE-2015-1145.2015-04-101.9CVE-2015-1146
    CONFIRM
    APPLE
    ca -- spectrumCross-site scripting (XSS) vulnerability in CA Spectrum 9.2.x and 9.3.x before 9.3 H02 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.2015-04-073.5CVE-2015-2827
    CONFIRM
    freebsd -- freebsdThe bsdinstall installer in FreeBSD 10.x before 10.1 p9, when configuring full disk encrypted ZFS, uses world-readable permissions for the GELI keyfile (/boot/encryption.key), which allows local users to obtain sensitive key information by reading the file.2015-04-102.1CVE-2015-1415
    FREEBSD
    SECTRACK
    BUGTRAQ
    MISC
    hp -- intelligent_provisioningUnspecified vulnerability in HP Intelligent Provisioning 1.40 through 1.60 on Windows Server 2008 R2 and 2012 allows local users to obtain sensitive information via unknown vectors.2015-04-032.1CVE-2015-2111
    HP
    ibm -- general_parallel_file_system/usr/lpp/mmfs/bin/gpfs.snap in IBM General Parallel File System (GPFS) 4.1 before 4.1.0.7 produces an archive potentially containing cleartext keys, and lacks a warning about reviewing this archive to detect included keys, which might allow remote attackers to obtain sensitive information by leveraging access to a technical-support data stream.2015-04-053.5CVE-2015-1890
    CONFIRM
    ntp -- ntpThe symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p2 requires a correct MAC only if the MAC field has a nonzero length, which makes it easier for man-in-the-middle attackers to spoof packets by omitting the MAC.2015-04-081.8CVE-2015-1798
    CERT-VN
    CONFIRM
    CONFIRM
    siemens -- simatic_step_7Siemens SIMATIC STEP 7 (TIA Portal) 12 and 13 before 13 SP1 Upd1 improperly stores password data within project files, which makes it easier for local users to determine cleartext (1) protection-level passwords or (2) web-server passwords by leveraging the ability to read these files.2015-04-052.1CVE-2015-1602
    CONFIRM
    xen -- xendrivers/xen/usbback/usbback.c in linux-2.6.18-xen-3.4.0 (aka the Xen 3.4.x support patches for the Linux kernel 2.6.18), as used in the Linux kernel 2.6.x and 3.x in SUSE Linux distributions, allows guest OS users to obtain sensitive information from uninitialized locations in host OS kernel memory via unspecified vectors.2015-04-052.1CVE-2015-0777
    CONFIRM
    SUSE
    Back to top

    This product is provided subject to this Notification and this Privacy & Use policy.


  • SB15-096: Vulnerability Summary for the Week of March 30, 2015
    Original release date: April 06, 2015

    The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

    The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

    • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

    • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

    • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

    Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

    High Vulnerabilities

    Primary
    Vendor -- Product
    DescriptionPublishedCVSS ScoreSource & Patch Info
    apache -- cassandraThe default configuration in Apache Cassandra 1.2.0 through 1.2.19, 2.0.0 through 2.0.13, and 2.1.0 through 2.1.3 binds an unauthenticated JMX/RMI interface to all network interfaces, which allows remote attackers to execute arbitrary Java code via an RMI request.2015-04-037.5CVE-2015-0225
    MLIST
    MISC
    cisco -- nx-osThe DHCP implementation in the PowerOn Auto Provisioning (POAP) feature in Cisco NX-OS does not properly restrict the initialization process, which allows remote attackers to execute arbitrary commands as root by sending crafted response packets on the local network, aka Bug ID CSCur14589.2015-03-277.9CVE-2015-0658
    SECTRACK
    CISCO
    cisco -- prime_data_center_network_managerDirectory traversal vulnerability in the fmserver servlet in Cisco Prime Data Center Network Manager (DCNM) before 7.1(1) allows remote attackers to read arbitrary files via a crafted pathname, aka Bug ID CSCus00241.2015-04-037.8CVE-2015-0666
    CISCO
    cisco -- ios_xeCisco IOS XE before 3.7.5S on ASR 1000 devices does not properly handle route adjacencies, which allows remote attackers to cause a denial of service (device hang) via crafted IP packets, aka Bug ID CSCub31873.2015-04-027.8CVE-2015-0685
    CISCO
    debian -- cifs-utilsStack-based buffer overflow in cifskey.c or cifscreds.c in cifs-utils before 6.4, as used in pam_cifscreds, allows remote attackers to have unspecified impact via unknown vectors.2015-03-3110.0CVE-2014-2830
    MLIST
    CONFIRM
    CONFIRM
    CONFIRM
    MANDRIVA
    MLIST
    CONFIRM
    dulwich_project -- dulwichThe build_index_from_tree function in index.py in Dulwich before 0.9.9 allows remote attackers to execute arbitrary code via a commit with a directory path starting with .git/, which is not properly handled when checking out a working tree.2015-03-317.5CVE-2014-9706
    MLIST
    CONFIRM
    MLIST
    MLIST
    DEBIAN
    dulwich_project -- dulwichBuffer overflow in the C implementation of the apply_delta function in _pack.c in Dulwich before 0.9.9 allows remote attackers to execute arbitrary code via a crafted pack file.2015-03-317.5CVE-2015-0838
    MLIST
    DEBIAN
    egroupware -- egroupwareeGroupware before 1.8.006.20140217 allows remote attackers to conduct PHP object injection attacks, delete arbitrary files, and possibly execute arbitrary code via the (1) addr_fields or (2) trans parameter to addressbook/csv_import.php, (3) cal_fields or (4) trans parameter to calendar/csv_import.php, (5) info_fields or (6) trans parameter to csv_import.php in (a) projectmanager/ or (b) infolog/, or (7) processed parameter to preferences/inc/class.uiaclprefs.inc.php.2015-03-317.5CVE-2014-2027
    MLIST
    MANDRIVA
    CONFIRM
    MLIST
    CONFIRM
    embedthis -- goaheadEmbedThis GoAhead 3.0.0 through 3.4.1 does not properly handle path segments starting with a . (dot), which allows remote attackers to conduct directory traversal attacks, cause a denial of service (heap-based buffer overflow and crash), or possibly execute arbitrary code via a crafted URI.2015-03-317.5CVE-2014-9707
    CONFIRM
    CONFIRM
    BUGTRAQ
    FULLDISC
    MISC
    emc -- isilon_onefsThe RPC daemon in EMC Isilon OneFS 6.5.x and 7.0.x before 7.0.2.13, 7.1.0 before 7.1.0.6, 7.1.1 before 7.1.1.2, and 7.2.0 before 7.2.0.1 allows local users to gain privileges by leveraging an ability to modify system files.2015-03-297.2CVE-2015-0528
    BUGTRAQ
    MISC
    file_project -- filereadelf.c in file before 5.22, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not consider that pread calls sometimes read only a subset of the available data, which allows remote attackers to cause a denial of service (uninitialized memory access) or possibly have unspecified other impact via a crafted ELF file.2015-03-307.5CVE-2014-9653
    CONFIRM
    DEBIAN
    CONFIRM
    MLIST
    MLIST
    CONFIRM
    gnome -- byzanzThe GIF encoder in Byzanz allows remote attackers to cause a denial of service (out-of-bounds heap write and crash) or possibly execute arbitrary code via a crafted Byzanz debug data recording (ByzanzRecording file) to the byzanz-playback command.2015-03-297.5CVE-2015-2785
    CONFIRM
    MISC
    MLIST
    google -- chromeGoogle Chrome before 41.0.2272.118 does not properly handle the interaction of IPC, the Gamepad API, and Google V8, which allows remote attackers to execute arbitrary code via unspecified vectors.2015-04-017.5CVE-2015-1233
    CONFIRM
    CONFIRM
    hidemaru -- editorBuffer overflow in Saitoh Kikaku Maruo Editor 8.51 and earlier allows remote attackers to execute arbitrary code via a crafted .hmbook file.2015-04-037.5CVE-2015-0903
    JVNDB
    JVN
    CONFIRM
    hp -- integrated_lights-out_2_firmwareUnspecified vulnerability in HP Integrated Lights-Out (iLO) firmware 2 before 2.27 and 4 before 2.03 and iLO Chassis Management (CM) firmware before 1.30 allows remote attackers to gain privileges, execute arbitrary code, or cause a denial of service via unknown vectors.2015-03-3110.0CVE-2014-7876
    HP
    SECTRACK
    hp -- operations_orchestrationUnspecified vulnerability in HP Operations Orchestration 10.x allows remote attackers to bypass authentication, and obtain sensitive information or modify data, via unknown vectors.2015-03-317.5CVE-2015-2109
    HP
    johnsoncontrols -- metsysUnrestricted file upload vulnerability in unspecified web services in Johnson Controls Metasys 4.1 through 6.5, as used in Application and Data Server (ADS), Extended Application and Data Server (aka ADX), LonWorks Control Server 85 LCS8520, Network Automation Engine (NAE) 55xx-x, Network Integration Engine (NIE) 5xxx-x, and NxE8500, allows remote attackers to execute arbitrary code by uploading a shell script.2015-03-2910.0CVE-2014-5428
    MISC
    mercurial -- mercurialThe _validaterepo function in sshpeer in Mercurial before 3.2.4 allows remote attackers to execute arbitrary commands via a crafted repository name in a clone command.2015-03-317.5CVE-2014-9462
    OSVDB
    CONFIRM
    SUSE
    MISC
    microsys -- promoticStack-based buffer overflow in the PmBase64Decode function in an unspecified demonstration application in MICROSYS PROMOTIC stable before 8.2.19 and PROMOTIC development before 8.3.2 allows remote attackers to execute arbitrary code by providing a large amount of data.2015-03-297.5CVE-2014-9205
    MISC
    MISC
    CONFIRM
    mozilla -- firefoxMozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 allow remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code with chrome privileges via vectors involving anchor navigation, a similar issue to CVE-2015-0818.2015-04-017.5CVE-2015-0801
    CONFIRM
    CONFIRM
    mozilla -- firefoxThe HTMLSourceElement::AfterSetAttr function in Mozilla Firefox before 37.0 does not properly constrain the original data type of a casted value during the setting of a SOURCE element's attributes, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via a crafted HTML document.2015-04-017.5CVE-2015-0803
    CONFIRM
    CONFIRM
    mozilla -- firefoxThe HTMLSourceElement::BindToTree function in Mozilla Firefox before 37.0 does not properly constrain a data type after omitting namespace validation during certain tree-binding operations, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via a crafted HTML document containing a SOURCE element.2015-04-017.5CVE-2015-0804
    CONFIRM
    CONFIRM
    mozilla -- firefoxThe Off Main Thread Compositing (OMTC) implementation in Mozilla Firefox before 37.0 makes an incorrect memset call during interaction with the mozilla::layers::BufferTextureClient::AllocateForSurface function, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors that trigger rendering of 2D graphics content.2015-04-017.5CVE-2015-0805
    CONFIRM
    CONFIRM
    mozilla -- firefoxThe Off Main Thread Compositing (OMTC) implementation in Mozilla Firefox before 37.0 attempts to use memset for a memory region of negative length during interaction with the mozilla::layers::BufferTextureClient::AllocateForSurface function, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors that trigger rendering of 2D graphics content.2015-04-017.5CVE-2015-0806
    CONFIRM
    CONFIRM
    mozilla -- firefoxMultiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 37.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.2015-04-017.5CVE-2015-0814
    CONFIRM
    CONFIRM
    CONFIRM
    CONFIRM
    CONFIRM
    CONFIRM
    CONFIRM
    CONFIRM
    CONFIRM
    CONFIRM
    CONFIRM
    mozilla -- firefoxMultiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.2015-04-017.5CVE-2015-0815
    CONFIRM
    CONFIRM
    CONFIRM
    CONFIRM
    mybb -- mybbUnspecified vulnerability in MyBB (aka MyBulletinBoard) before 1.8.4 has unknown attack vectors related to "Group join request notifications sent to wrong group leaders."2015-03-2910.0CVE-2015-2786
    CONFIRM
    nih -- libzipInteger overflow in the _zip_cdir_new function in zip_dirent.c in libzip 0.11.2 and earlier, as used in the ZIP extension in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a ZIP archive that contains many entries, leading to a heap-based buffer overflow.2015-03-307.5CVE-2015-2331
    CONFIRM
    SECTRACK
    DEBIAN
    CONFIRM
    SUSE
    CONFIRM
    CONFIRM
    pbm212030_project -- pbm212030Multiple buffer overflows in pbm212030 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted PBM image, related to (1) stream line data, which triggers a heap-based buffer overflow, or (2) vectors related to an "internal intermediate heap-based buffer."2015-03-297.5CVE-2013-7438
    CONFIRM
    CONFIRM
    MLIST
    php -- phpHeap-based buffer overflow in the enchant_broker_request_dict function in ext/enchant/enchant.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 allows remote attackers to execute arbitrary code via vectors that trigger creation of multiple dictionaries.2015-03-307.5CVE-2014-9705
    MISC
    CONFIRM
    UBUNTU
    DEBIAN
    CONFIRM
    MLIST
    php -- phpMultiple use-after-free vulnerabilities in ext/date/php_date.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 allow remote attackers to execute arbitrary code via crafted serialized input containing a (1) R or (2) r type specifier in (a) DateTimeZone data handled by the php_date_timezone_initialize_from_hash function or (b) DateTime data handled by the php_date_initialize_from_hash function.2015-03-307.5CVE-2015-0273
    CONFIRM
    CONFIRM
    UBUNTU
    DEBIAN
    CONFIRM
    SUSE
    SUSE
    SUSE
    CONFIRM
    php -- phpUse-after-free vulnerability in the _zend_shared_memdup function in zend_shared_alloc.c in the OPcache extension in PHP through 5.6.7 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.2015-03-307.5CVE-2015-1351
    CONFIRM
    MLIST
    CONFIRM
    php -- phpMultiple integer overflows in the calendar extension in PHP through 5.6.7 allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted year value to (1) the GregorianToSdn function in gregor.c or (2) the JulianToSdn function in julian.c, as demonstrated by a crafted third argument to the gregoriantojd or juliantojd function.2015-03-307.5CVE-2015-1353
    MISC
    MLIST
    php -- phpUse-after-free vulnerability in the phar_rename_archive function in phar_object.c in PHP before 5.5.22 and 5.6.x before 5.6.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an attempted renaming of a Phar archive to the name of an existing file.2015-03-307.5CVE-2015-2301
    CONFIRM
    CONFIRM
    UBUNTU
    DEBIAN
    CONFIRM
    MLIST
    CONFIRM
    php -- phpUse-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages use of the unset function within an __wakeup function, a related issue to CVE-2015-0231.2015-03-307.5CVE-2015-2787
    CONFIRM
    CONFIRM
    CONFIRM
    redhat -- slapi-nisThe slapi-nis plug-in before 0.54.2 does not properly reallocate memory when processing user accounts, which allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a request for a (1) group with a large number of members or (2) user that belongs to a large number of groups.2015-03-307.8CVE-2015-0283
    CONFIRM
    CONFIRM
    REDHAT
    sap -- afariaThe XcListener in SAP Afaria 7.0.6001.5 does not properly restrict access, which allows remote attackers to have unspecified impact via a crafted request, aka SAP Security Note 2134905.2015-04-017.5CVE-2015-2816
    MISC
    selinux -- setroubleshootThe get_rpm_nvr_by_file_path_temporary function in util.py in setroubleshoot before 3.2.22 allows remote attackers to execute arbitrary commands via shell metacharacters in a file name.2015-03-3010.0CVE-2015-1815
    MISC
    CONFIRM
    CONFIRM
    MLIST
    REDHAT
    slimframework -- slimMiddleware/SessionCookie.php in Slim before 2.6.0 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via crafted session data.2015-03-307.5CVE-2015-2171
    CONFIRM
    CONFIRM
    FULLDISC
    websense -- triton_ap_emailUnspecified vulnerability in Websense TRITON AP-EMAIL before 8.0.0 has unknown impact and attack vectors, related to port 17703.2015-03-2710.0CVE-2015-2763
    CONFIRM
    websense -- triton_ap_emailUnspecified vulnerability in Websense TRITON AP-EMAIL before 8.0.0 has unknown impact and attack vectors, related to "Autocomplete Enabled."2015-03-2710.0CVE-2015-2767
    CONFIRM
    websense -- v-series_appliancesSVM in Websense TRITON V-Series appliances before 8.0.0 allows attackers to upload arbitrary files via unspecified vectors.2015-03-277.5CVE-2015-2772
    CONFIRM
    wpml -- wpmlThe WPML plugin before 3.1.9 for WordPress does not properly handle multiple actions in a request, which allows remote attackers to bypass nonce checks and perform arbitrary actions via a request containing an action POST parameter, an action GET parameter, and a valid nonce for the action GET parameter.2015-03-307.5CVE-2015-2792
    CONFIRM
    FULLDISC
    MISC
    MISC
    xen -- xenXen 4.3.x, 4.4.x, and 4.5.x, when using toolstack disaggregation, allows remote domains with partial management control to cause a denial of service (host lock) via unspecified domctl operations.2015-04-017.1CVE-2015-2751
    CONFIRM
    Back to top

    Medium Vulnerabilities

    Primary
    Vendor -- Product
    DescriptionPublishedCVSS ScoreSource & Patch Info
    ab_google_map_travel_project -- ab_google_map_travelMultiple cross-site request forgery (CSRF) vulnerabilities in the AB Google Map Travel (AB-MAP) plugin before 4.0 for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) lat (Latitude), (2) long (Longitude), (3) map_width, (4) map_height, or (5) zoom (Map Zoom) parameter in the ab_map_options page to wp-admin/admin.php.2015-04-016.8CVE-2015-2755
    CONFIRM
    BUGTRAQ
    BUGTRAQ
    MISC
    MISC
    apple -- safariThe RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the "Bar Mitzvah" issue.2015-03-314.3CVE-2015-2808
    MISC
    cisco -- wireless_lan_controllerThe web-authentication functionality on Cisco Wireless LAN Controller (WLC) devices 7.3(103.8) and 7.4(110.0) allows remote attackers to cause a denial of service (device reload) via a malformed password, aka Bug ID CSCui57980.2015-03-276.1CVE-2015-0679
    SECTRACK
    CISCO
    cisco -- unified_callmanagerCisco Unified Call Manager (CM) 9.1(2.1000.28) does not properly restrict resource requests, which allows remote authenticated users to read arbitrary files via unspecified vectors, aka Bug ID CSCuq44439.2015-03-274.0CVE-2015-0680
    SECTRACK
    CISCO
    cisco -- unified_communications_domain_managerCisco Unified Communications Domain Manager 8.1(4) allows remote authenticated users to execute arbitrary code by visiting a "deprecated page," aka Bug ID CSCup90168.2015-04-036.5CVE-2015-0682
    CISCO
    cisco -- unified_communications_domain_managerCisco Unified Communications Domain Manager 8.1(4) allows remote authenticated users to obtain sensitive information via a file-inclusion attack, aka Bug ID CSCup94744.2015-04-034.0CVE-2015-0683
    CISCO
    cisco -- unified_communications_domain_managerSQL injection vulnerability in the Image Management component in Cisco Unified Communications Domain Manager 8.1(4) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuq52515.2015-04-036.5CVE-2015-0684
    CISCO
    cisco -- nx-osThe SNMP implementation in Cisco NX-OS 6.1(2)I2(3) on Nexus 9000 devices, when a Reset High Availability (HA) policy is configured, allows remote authenticated users to cause a denial of service (device reload) via unspecified vectors, aka Bug ID CSCuq92240.2015-04-026.3CVE-2015-0686
    CISCO
    cisco -- iosThe SNMP implementation in Cisco IOS 15.1(2)SG4 on Catalyst 4500 devices, when single-switch Virtual Switching System (VSS) is configured, allows remote authenticated users to cause a denial of service (device crash) by performing SNMP polling, aka Bug ID CSCuq04574.2015-04-026.3CVE-2015-0687
    CISCO
    citrix -- netscalerCross-site request forgery (CSRF) vulnerability in Nitro API in Citrix NetScaler before 10.5 build 52.3nc allows remote attackers to hijack the authentication of administrators for requests that execute arbitrary commands as nsroot via shell metacharacters in the file_name JSON member in params/xen_hotfix/0 to nitro/v1/config/xen_hotfix.2015-04-036.8CVE-2015-2838
    MISC
    BUGTRAQ
    FULLDISC
    MISC
    citrix -- netscalerThe Nitro API in Citrix NetScaler before 10.5 build 52.3nc uses an incorrect Content-Type when returning an error message, which allows remote attackers to conduct cross-site scripting (XSS) attacks via the file_name JSON member in params/xen_hotfix/0 to nitro/v1/config/xen_hotfix.2015-04-034.3CVE-2015-2839
    MISC
    BUGTRAQ
    FULLDISC
    MISC
    citrix -- netscalerCross-site scripting (XSS) vulnerability in help/rt/large_search.html in Citrix NetScaler before 10.5 build 52.3nc allows remote attackers to inject arbitrary web script or HTML via the searchQuery parameter.2015-04-034.3CVE-2015-2840
    MISC
    BUGTRAQ
    FULLDISC
    MISC
    citrix -- netscalerCitrix NetScaler AppFirewall, as used in NetScaler 10.5, allows remote attackers to bypass intended firewall restrictions via a crafted Content-Type header, as demonstrated by the application/octet-stream and text/xml Content-Types.2015-04-035.0CVE-2015-2841
    SECTRACK
    FULLDISC
    dokuwiki -- dokuwikiDokuWiki before 2014-05-05d and before 2014-09-29c does not properly check permission for the ACL plugins, which allows remote authenticated users to gain privileges and add or delete ACL rules via a request to the XMLRPC API.2015-03-306.5CVE-2015-2172
    CONFIRM
    CONFIRM
    CONFIRM
    MLIST
    FEDORA
    FEDORA
    FEDORA
    CONFIRM
    ecava -- integraxorUntrusted search path vulnerability in Ecava IntegraXor SCADA Server before 4.2.4488 allows local users to gain privileges via a renamed DLL in the default install directory.2015-04-034.4CVE-2015-0990
    MISC
    embedthis -- appwebEmbedthis Appweb before 4.6.6 and 5.x before 5.2.1 allows remote attackers to cause a denial of service (NULL pointer dereference) via a Range header with an empty value, as demonstrated by "Range: x=,".2015-03-315.0CVE-2014-9708
    CONFIRM
    CONFIRM
    BUGTRAQ
    FULLDISC
    MISC
    file_project -- fileThe mconvert function in softmagic.c in file before 5.21, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not properly handle a certain string-length field during a copy of a truncated version of a Pascal string, which might allow remote attackers to cause a denial of service (out-of-bounds memory access and application crash) via a crafted file.2015-03-305.0CVE-2014-9652
    CONFIRM
    CONFIRM
    CONFIRM
    CONFIRM
    MLIST
    SUSE
    SUSE
    SUSE
    CONFIRM
    flashy_project -- flashyCross-site scripting (XSS) vulnerability in the duwasai flashy theme 1.3 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2015-03-314.3CVE-2015-0901
    JVNDB
    JVN
    foxitsoftware -- readerUnquoted Windows search path vulnerability in the Foxit Cloud Safe Update Service in the Cloud plugin in Foxit Reader 6.1 through 7.0.6.1126 allows local users to gain privileges via a Trojan horse program in the %SYSTEMDRIVE% folder.2015-03-304.4CVE-2015-2789
    CONFIRM
    MISC
    SECTRACK
    EXPLOIT-DB
    MISC
    foxitsoftware -- enterprise_readerFoxit Reader, Enterprise Reader, and PhantomPDF before 7.1 allow remote attackers to cause a denial of service (memory corruption and crash) via a crafted (1) Ubyte Size in a DataSubBlock structure or (2) LZWMinimumCodeSize in a GIF image.2015-03-304.3CVE-2015-2790
    CONFIRM
    CONFIRM
    SECTRACK
    SECTRACK
    MISC
    MISC
    freeipa -- freeipaThe get_user_grouplist function in the extdom plug-in in FreeIPA before 4.1.4 does not properly reallocate when processing user accounts, which allows remote attackers to cause a denial of service (crash) via a group list request for a user that belongs to a large number of groups.2015-03-305.0CVE-2015-1827
    CONFIRM
    CONFIRM
    REDHAT
    gaia-gis -- freexlFreeXL before 1.0.0i allows remote attackers to cause a denial of service (stack corruption) or possibly execute arbitrary code via a crafted sector in a workbook.2015-03-316.8CVE-2015-2753
    CONFIRM
    MLIST
    MLIST
    DEBIAN
    gaia-gis -- freexlFreeXL before 1.0.0i allows remote attackers to cause a denial of service (stack corruption) and possibly execute arbitrary code via a crafted workbook, related to a "premature EOF."2015-03-316.8CVE-2015-2754
    CONFIRM
    MLIST
    MLIST
    gaia-gis -- freexlThe parse_SST function in FreeXL before 1.0.0i allows remote attackers to cause a denial of service (memory consumption) via a crafted shared strings table in a workbook.2015-03-314.3CVE-2015-2776
    CONFIRM
    MLIST
    MLIST
    MLIST
    DEBIAN
    gnu -- glibcDB_LOOKUP in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) 2.21 and earlier does not properly check if a file is open, which allows remote attackers to cause a denial of service (infinite loop) by performing a look-up while the database is iterated over the database, which triggers the file pointer to be reset.2015-03-275.0CVE-2014-8121
    MLIST
    CONFIRM
    REDHAT
    google -- bionicThe PRNG implementation in the DNS resolver in Bionic in Android before 4.1.1 incorrectly uses time and PID information during the generation of random numbers for query ID values and UDP source ports, which makes it easier for remote attackers to spoof DNS responses by guessing these numbers, a related issue to CVE-2015-0800.2015-04-015.0CVE-2012-2808
    MISC
    MISC
    google -- chromeRace condition in gpu/command_buffer/service/gles2_cmd_decoder.cc in Google Chrome before 41.0.2272.118 allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact by manipulating OpenGL ES commands.2015-04-016.8CVE-2015-1234
    CONFIRM
    CONFIRM
    CONFIRM
    honeywell -- excel_web_xl_1000c1000_600_i/oDirectory traversal vulnerability in the FTP server on Honeywell Excel Web XL1000C50 52 I/O, XL1000C100 104 I/O, XL1000C500 300 I/O, XL1000C1000 600 I/O, XL1000C50U 52 I/O UUKL, XL1000C100U 104 I/O UUKL, XL1000C500U 300 I/O UUKL, and XL1000C1000U 600 I/O UUKL controllers before 2.04.01 allows remote attackers to read files under the web root, and consequently obtain administrative login access, via a crafted pathname.2015-03-305.0CVE-2015-0984
    MISC
    hospira -- mednetHospira MedNet before 6.1 uses hardcoded cryptographic keys for protection of data transmission from infusion pumps, which allows remote attackers to obtain sensitive information by sniffing the network.2015-04-035.0CVE-2014-5403
    MISC
    hospira -- mednetHospira MedNet before 6.1 uses a hardcoded cleartext password to control SQL database authorization, which allows remote authenticated users to bypass intended access restrictions by leveraging knowledge of this password.2015-04-034.0CVE-2014-5405
    MISC
    hp -- integrated_lights-out_2_firmwareUnspecified vulnerability in HP Integrated Lights-Out (iLO) firmware 2 before 2.27, 3 before 1.82, and 4 before 2.10 allows remote attackers to bypass intended access restrictions or cause a denial of service via unknown vectors.2015-03-316.4CVE-2015-2106
    HP
    SECTRACK
    ibm -- security_access_manager_for_web_7.0_firmwareThe Multicast DNS (mDNS) responder in IBM Security Access Manager for Web 7.x before 7.0.0 FP12 and 8.x before 8.0.1 FP1 inadvertently responds to unicast queries with source addresses that are not link-local, which allows remote attackers to cause a denial of service (traffic amplification) or obtain potentially sensitive information via port-5353 UDP packets.2015-03-315.0CVE-2015-1892
    CERT-VN
    CONFIRM
    AIXAPAR
    AIXAPAR
    icoasoft -- potraceMultiple integer overflows in potrace 1.11 allow remote attackers to cause a denial of service (crash) via large dimensions in a BMP image, which triggers a buffer overflow.2015-03-295.0CVE-2013-7437
    MISC
    MISC
    MLIST
    inductiveautomation -- ignitionCross-site scripting (XSS) vulnerability in Inductive Automation Ignition 7.7.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2015-04-034.3CVE-2015-0976
    MISC
    inductiveautomation -- ignitionInductive Automation Ignition 7.7.2 allows remote attackers to obtain sensitive information by reading an error message about an unhandled exception, as demonstrated by pathname information.2015-04-035.0CVE-2015-0991
    MISC
    inductiveautomation -- ignitionInductive Automation Ignition 7.7.2 does not terminate a session upon a logout action, which allows remote attackers to bypass intended access restrictions by leveraging an unattended workstation.2015-04-036.4CVE-2015-0993
    MISC
    inductiveautomation -- ignitionInductive Automation Ignition 7.7.2 allows remote authenticated users to bypass a brute-force protection mechanism by using different session ID values in a series of HTTP requests.2015-04-034.0CVE-2015-0994
    MISC
    inductiveautomation -- ignitionInductive Automation Ignition 7.7.2 uses MD5 password hashes, which makes it easier for context-dependent attackers to obtain access via a brute-force attack.2015-04-035.0CVE-2015-0995
    MISC
    johnsoncontrols -- metsysJohnson Controls Metasys 4.1 through 6.5, as used in Application and Data Server (ADS), Extended Application and Data Server (aka ADX), LonWorks Control Server 85 LCS8520, Network Automation Engine (NAE) 55xx-x, Network Integration Engine (NIE) 5xxx-x, and NxE8500, allows remote attackers to read password hashes via a POST request.2015-03-295.0CVE-2014-5427
    MISC
    libgd -- libgdThe GetCode_ function in gd_gif_in.c in GD 2.1.1 and earlier, as used in PHP before 5.5.21 and 5.6.x before 5.6.5, allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted GIF image that is improperly handled by the gdImageCreateFromGif function.2015-03-305.0CVE-2014-9709
    CONFIRM
    CONFIRM
    CONFIRM
    CONFIRM
    mcafee -- data_loss_prevention_endpointThe ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) before 9.3 Patch 4 Hotfix 16 (9.3.416.4) allows remote authenticated users to cause a denial of service (database lock or license corruption) via unspecified vectors.2015-03-274.0CVE-2015-2757
    CONFIRM
    mcafee -- data_loss_prevention_endpointThe ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) before 9.3 Patch 4 Hotfix 16 (9.3.416.4) allows remote authenticated users to obtain sensitive information, modify the database, or possibly have other unspecified impact via a crafted URL.2015-03-276.5CVE-2015-2758
    CONFIRM
    mcafee -- data_loss_prevention_endpointMultiple cross-site request forgery (CSRF) vulnerabilities in the ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) before 9.3 Patch 4 Hotfix 16 (9.3.416.4) allow remote attackers to hijack the authentication of users for requests that (1) obtain sensitive information or (2) modify the database via unspecified vectors.2015-03-276.8CVE-2015-2759
    CONFIRM
    mongodb -- mongodbMongoDB before 2.4.13 and 2.6.x before 2.6.8 allows remote attackers to cause a denial of service via a crafted UTF-8 string in a BSON request.2015-03-305.0CVE-2015-1609
    CONFIRM
    FEDORA
    FEDORA
    mozilla -- firefoxThe PRNG implementation in the DNS resolver in Mozilla Firefox (aka Fennec) before 37.0 on Android does not properly generate random numbers for query ID values and UDP source ports, which makes it easier for remote attackers to spoof DNS responses by guessing these numbers, a related issue to CVE-2012-2808.2015-04-015.0CVE-2015-0800
    CONFIRM
    CONFIRM
    mozilla -- firefoxMozilla Firefox before 37.0 relies on docshell type information instead of page principal information for Window.webidl access control, which might allow remote attackers to execute arbitrary JavaScript code with chrome privileges via certain content navigation that leverages the reachability of a privileged window with an unintended persistence of access to restricted internal methods.2015-04-015.0CVE-2015-0802
    CONFIRM
    CONFIRM
    mozilla -- firefoxThe navigator.sendBeacon implementation in Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 processes HTTP 30x status codes for redirects after a preflight request has occurred, which allows remote attackers to bypass intended CORS access-control checks and conduct cross-site request forgery (CSRF) attacks via a crafted web site, a similar issue to CVE-2014-8638.2015-04-016.8CVE-2015-0807
    CONFIRM
    CONFIRM
    mozilla -- firefoxThe webrtc::VPMContentAnalysis::Release function in the WebRTC implementation in Mozilla Firefox before 37.0 uses incompatible approaches to the deallocation of memory for simple-type arrays, which might allow remote attackers to cause a denial of service (memory corruption) via unspecified vectors.2015-04-015.0CVE-2015-0808
    CONFIRM
    CONFIRM
    mozilla -- firefoxMozilla Firefox before 37.0 on OS X does not ensure that the cursor is visible, which allows remote attackers to conduct clickjacking attacks via a Flash object in conjunction with DIV elements associated with layered presentation, and crafted JavaScript code that interacts with an IMG element.2015-04-014.3CVE-2015-0810
    CONFIRM
    CONFIRM
    mozilla -- firefoxThe QCMS implementation in Mozilla Firefox before 37.0 allows remote attackers to obtain sensitive information from process heap memory or cause a denial of service (out-of-bounds read) via an image that is improperly handled during transformation.2015-04-016.4CVE-2015-0811
    CONFIRM
    CONFIRM
    mozilla -- firefoxMozilla Firefox before 37.0 does not require an HTTPS session for lightweight theme add-on installations, which allows man-in-the-middle attackers to bypass an intended user-confirmation requirement by deploying a crafted web site and conducting a DNS spoofing attack against a mozilla.org subdomain.2015-04-014.3CVE-2015-0812
    CONFIRM
    CONFIRM
    mozilla -- firefoxUse-after-free vulnerability in the AppendElements function in Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 on Linux, when the Fluendo MP3 plugin for GStreamer is used, allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted MP3 file.2015-04-015.1CVE-2015-0813
    CONFIRM
    CONFIRM
    mozilla -- firefoxMozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 do not properly restrict resource: URLs, which makes it easier for remote attackers to execute arbitrary JavaScript code with chrome privileges by leveraging the ability to bypass the Same Origin Policy, as demonstrated by the resource: URL associated with PDF.js.2015-04-015.0CVE-2015-0816
    CONFIRM
    CONFIRM
    nishishi -- fumy_teachers_schedule_boardCross-site scripting (XSS) vulnerability in schedule.cgi in Nishishi Factory Fumy Teacher's Schedule Board 1.10 through 2.21 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.2015-03-314.3CVE-2015-0900
    CONFIRM
    JVNDB
    JVN
    CONFIRM
    openldap -- openldapThe default slapd configuration in the Debian openldap package 2.4.23-3 through 2.4.39-1.1 allows remote authenticated users to modify the user's permissions and other user attributes via unspecified vectors.2015-04-014.0CVE-2014-9713
    CONFIRM
    MLIST
    DEBIAN
    openstack -- computeOpenStack Compute (Nova) before 2014.1.4, 2014.2.x before 2014.2.3, and kilo before kilo-3 does not validate the origin of websocket requests, which allows remote attackers to hijack the authentication of users for access to consoles via a crafted webpage.2015-04-015.1CVE-2015-0259
    CONFIRM
    MLIST
    pfsense -- pfsenseMultiple cross-site scripting (XSS) vulnerabilities in the WebGUI in pfSense before 2.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) zone parameter to status_captiveportal.php; (2) if or (3) dragtable parameter to firewall_rules.php; (4) queue parameter in an add action to firewall_shaper.php; (5) id parameter in an edit action to services_unbound_acls.php; or (6) filterlogentries_time, (7) filterlogentries_sourceipaddress, (8) filterlogentries_sourceport, (9) filterlogentries_destinationipaddress, (10) filterlogentries_interfaces, (11) filterlogentries_destinationport, (12) filterlogentries_protocolflags, or (13) filterlogentries_qty parameter to diag_logs_filter.php.2015-04-014.3CVE-2015-2294
    CONFIRM
    MISC
    BUGTRAQ
    MISC
    php -- phpThe default soap.wsdl_cache_dir setting in (1) php.ini-production and (2) php.ini-development in PHP through 5.6.7 specifies the /tmp directory, which makes it easier for local users to conduct WSDL injection attacks by creating a file under /tmp with a predictable filename that is used by the get_sdl function in ext/soap/php_sdl.c.2015-03-304.6CVE-2013-6501
    CONFIRM
    SUSE
    php -- phpThe build_tablename function in pgsql.c in the PostgreSQL (aka pgsql) extension in PHP through 5.6.7 does not validate token extraction for table names, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted name.2015-03-305.0CVE-2015-1352
    CONFIRM
    MLIST
    CONFIRM
    php -- phpThe move_uploaded_file implementation in ext/standard/basic_functions.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 truncates a pathname upon encountering a \x00 character, which allows remote attackers to bypass intended extension restrictions and create files with unexpected names via a crafted second argument. NOTE: this vulnerability exists because of an incomplete fix for CVE-2006-7243.2015-03-305.0CVE-2015-2348
    CONFIRM
    CONFIRM
    CONFIRM
    rockwellautomation -- factorytalk_services_platformUntrusted search path vulnerability in the Clean Utility application in Rockwell Automation FactoryTalk Services Platform before 2.71.00 and FactoryTalk View Studio 8.00.00 and earlier allows local users to gain privileges via a Trojan horse DLL in an unspecified directory.2015-03-306.9CVE-2014-9209
    MISC
    MISC
    rxspencer_project -- rxspencerInteger overflow in the regcomp implementation in the Henry Spencer BSD regex library (aka rxspencer) alpha3.8.g5 on 32-bit platforms, as used in NetBSD through 6.1.5 and other products, might allow context-dependent attackers to execute arbitrary code via a large regular expression that leads to a heap-based buffer overflow.2015-03-306.8CVE-2015-2305
    CERT-VN
    MISC
    DEBIAN
    MLIST
    MLIST
    sap -- netweaver_enterprise_portalXML external entity (XXE) vulnerability in ReportXmlViewer in SAP NetWeaver Portal 7.31.201109172004 allows remote attackers to send requests to intranet servers via crafted XML, aka SAP Security Note 2111939.2015-04-015.0CVE-2015-2811
    MISC
    sap -- netweaver_enterprise_portalXML external entity (XXE) vulnerability in XMLValidationComponent in SAP NetWeaver Portal 7.31.201109172004 allows remote attackers to send requests to intranet servers via crafted XML, aka SAP Security Note 2093966.2015-04-015.0CVE-2015-2812
    MISC
    sap -- mobile_platformXML external entity (XXE) vulnerability in SAP Mobile Platform allows remote attackers to send requests to intranet servers via crafted XML, aka SAP Security Note 2125358.2015-04-015.0CVE-2015-2813
    MISC
    sap -- clinical_task_trackerSAP EMR Unwired (com.sap.mobile.healthcare.emr.v2) and Clinical Task Tracker (com.sap.mobile.healthcare.ctt) does not properly restrict access, which allows remote attackers to change the backendurl, clientid, ssourl, and infopageurl settings via unspecified vectors, aka SAP Security Note 2117079.2015-04-016.4CVE-2015-2814
    MISC
    sap -- netweaverBuffer overflow in the C_SAPGPARAM function in the NetWeaver Dispatcher in SAP KERNEL 7.00 (7000.52.12.34966) and 7.40 (7400.12.21.30308) allows remote authenticated users to cause a denial of service or possibly execute arbitrary code via unspecified vectors, aka SAP Security Note 2063369.2015-04-016.5CVE-2015-2815
    MISC
    sap -- netweaverThe SAP Management Console in SAP NetWeaver 7.40 allows remote attackers to obtain sensitive information via the ReadProfile parameters, aka SAP Security Note 2091768.2015-04-015.0CVE-2015-2817
    MISC
    sap -- mobile_platformXML external entity (XXE) vulnerability in SAP Mobile Platform 3 allows remote attackers to send requests to intranet servers via crafted XML, aka SAP Security Note 2125513.2015-04-015.0CVE-2015-2818
    MISC
    sap -- sybase_sql_anywhereSAP Sybase SQL Anywhere 11 and 16 allows remote attackers to cause a denial of service (crash) via a crafted request, aka SAP Security Note 2108161.2015-04-015.0CVE-2015-2819
    MISC
    sap -- afariaBuffer overflow in XcListener in SAP Afaria 7.0.6001.5 allows remote attackers to cause a denial of service (process termination) via a crafted request, aka SAP Security Note 2132584.2015-04-015.0CVE-2015-2820
    MISC
    schneider-electric -- vampsetMultiple buffer overflows in Schneider Electric VAMPSET before 2.2.168 allow local users to gain privileges via malformed disturbance-recording data in a (1) CFG or (2) DAT file.2015-04-034.4CVE-2014-8390
    MISC
    CONFIRM
    schneider_electric -- indusoft_web_studioSchneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 before 7.1.3.4 SP3 Patch 4 provide an HMI user interface that lists all valid usernames, which makes it easier for remote attackers to obtain access via a brute-force password-guessing attack.2015-03-295.0CVE-2015-0997
    MISC
    CONFIRM
    CONFIRM
    semperfiwebdesign -- all_in_one_seo_packThe Semper Fi All in One SEO Pack plugin before 2.2.6 for WordPress does not consider the presence of password protection during generation of the Meta Description field, which allows remote attackers to obtain sensitive information by reading HTML source code.2015-04-035.0CVE-2015-0902
    CONFIRM
    JVNDB
    JVN
    shibboleth -- shibboleth-spShibboleth Service Provider (SP) before 2.5.4 allows remote authenticated users to cause a denial of service (crash) via a crafted SAML message.2015-03-314.0CVE-2015-2684
    CONFIRM
    DEBIAN
    synology -- diskstation_managerThe Multicast DNS (mDNS) responder in Synology DiskStation Manager (DSM) before 3.1 inadvertently responds to unicast queries with source addresses that are not link-local, which allows remote attackers to cause a denial of service (traffic amplification) or obtain potentially sensitive information via port-5353 UDP packets to the Avahi component.2015-03-315.0CVE-2015-2809
    CONFIRM
    CERT-VN
    typo3 -- neosTYPO3 Neos 1.1.x before 1.1.3 and 1.2.x before 1.2.3 allows remote editors to access, create, and modify content nodes in the workspace of other editors via unspecified vectors.2015-04-016.5CVE-2015-2821
    CONFIRM
    websense -- v-series_appliancesWebsense TRITON V-Series appliances before 7.8.3 Hotfix 03 and 7.8.4 before Hotfix 01 allows remote administrators to read arbitrary files and obtain passwords via a crafted path.2015-03-274.0CVE-2014-9712
    CONFIRM
    CONFIRM
    websense -- triton_ap_webCross-site scripting (XSS) vulnerability in the Exceptions and Scanning Exceptions Pages in Websense TRITON AP-WEB before 8.0.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2015-03-274.3CVE-2015-2761
    CONFIRM
    websense -- triton_ap_webWebsense TRITON AP-WEB before 8.0.0 allows remote attackers to enumerate Windows domain user accounts via vectors related to HTTP authentication.2015-03-275.0CVE-2015-2762
    CONFIRM
    websense -- triton_ap_dataMultiple cross-site scripting (XSS) vulnerabilities in Websense TRITON AP-DATA before 8.0.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to the DSS (1) Mobile or (2) DLP report catalog.2015-03-274.3CVE-2015-2764
    CONFIRM
    websense -- triton_ap_emailThe Email Security Gateway in Websense TRITON AP-EMAIL before 8.0.0 allows remote attackers to conduct clickjacking attacks via unspecified vectors.2015-03-274.3CVE-2015-2765
    CONFIRM
    websense -- triton_ap_emailThe Personal Email Manager (PEM) in Websense TRITON AP-EMAIL before 8.0.0 allows attackers to have unspecified impact via a brute force attack.2015-03-275.0CVE-2015-2766
    CONFIRM
    websense -- triton_ap_emailCross-site scripting (XSS) vulnerability in Websense TRITON AP-EMAIL before 8.0.0 and V-Series 7.7 appliances allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2015-03-274.3CVE-2015-2768
    CONFIRM
    websense -- triton_ap_emailMultiple cross-site request forgery (CSRF) vulnerabilities in the Personal Email Manager (PEM) in Websense TRITON AP-EMAIL before 8.0.0 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors.2015-03-276.8CVE-2015-2769
    CONFIRM
    websense -- v-series_appliancesCross-site request forgery (CSRF) vulnerability in the command line page in Websense TRITON V-Series appliances before 8.0.0 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.2015-03-276.8CVE-2015-2770
    CONFIRM
    websense -- triton_ap_emailThe Mail Server in Websense TRITON AP-EMAIL and V-Series appliances before 8.0.0 uses plaintext credentials, which allows remote attackers to obtain sensitive information via unspecified vectors.2015-03-275.0CVE-2015-2771
    CONFIRM
    websense -- v-series_appliancesSVM in Websense TRITON V-Series appliances before 8.0.0 allows attackers to read arbitrary files via unspecified vectors.2015-03-275.0CVE-2015-2773
    CONFIRM
    wpml -- wpmlThe "menu sync" function in the WPML plugin before 3.1.9 for WordPress allows remote attackers to delete arbitrary posts, pages, and menus via a crafted request to sitepress-multilingual-cms/menu/menus-sync.php.2015-03-306.4CVE-2015-2791
    CONFIRM
    BUGTRAQ
    FULLDISC
    MISC
    MISC
    xen -- xenThe XEN_DOMCTL_memory_mapping hypercall in Xen 3.2.x through 4.5.x, when using a PCI passthrough device, is not preemptable, which allows local x86 HVM domain users to cause a denial of service (host CPU consumption) via a crafted request to the device model (qemu-dm).2015-04-014.9CVE-2015-2752
    CONFIRM
    xen -- xenQEMU, as used in Xen 3.3.x through 4.5.x, does not properly restrict access to PCI command registers, which might allow local HVM guest users to cause a denial of service (non-maskable interrupt and host crash) by disabling the (1) memory or (2) I/O decoding for a PCI Express device and then accessing the device, which triggers an Unsupported Request (UR) response.2015-04-014.9CVE-2015-2756
    CONFIRM
    MLIST
    xzeres -- 442srCross-site request forgery (CSRF) vulnerability in XZERES 442SR OS on 442SR wind turbines allows remote attackers to hijack the authentication of admins for requests that modify the default user's password via a GET request.2015-03-306.8CVE-2015-0985
    MISC
    Back to top

    Low Vulnerabilities

    Primary
    Vendor -- Product
    DescriptionPublishedCVSS ScoreSource & Patch Info
    greenend -- puttyThe (1) ssh2_load_userkey and (2) ssh2_save_userkey functions in PuTTY 0.51 through 0.63 do not properly wipe SSH-2 private keys from memory, which allows local users to obtain sensitive information by reading the memory.2015-03-272.1CVE-2015-2157
    CONFIRM
    CONFIRM
    MLIST
    MLIST
    DEBIAN
    SUSE
    FEDORA
    FEDORA
    FEDORA
    hospira -- mednetThe installation component in Hospira MedNet before 6.1 places cleartext credentials in configuration files, which allows local users to obtain sensitive information by reading a file.2015-04-032.1CVE-2014-5400
    MISC
    hp -- operations_orchestrationUnspecified vulnerability in Powershell Operations in HP Operations Orchestration 9.x and 10.x allows remote authenticated users to obtain sensitive information via unknown vectors.2015-03-313.5CVE-2015-2108
    HP
    SECTRACK
    inductiveautomation -- ignitionInductive Automation Ignition 7.7.2 stores cleartext OPC Server credentials, which allows local users to obtain sensitive information via unspecified vectors.2015-04-032.1CVE-2015-0992
    MISC
    mcafee -- data_loss_prevention_endpointCross-site scripting (XSS) vulnerability in the ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) before 9.3 Patch 4 Hotfix 16 (9.3.416.4) allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.2015-03-273.5CVE-2015-2760
    CONFIRM
    schneider_electric -- indusoft_web_studioSchneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 before 7.1.3.4 SP3 Patch 4 rely on a hardcoded cleartext password to control read access to Project files and Project Configuration files, which makes it easier for local users to obtain sensitive information by discovering this password.2015-03-292.1CVE-2015-0996
    MISC
    CONFIRM
    CONFIRM
    schneider_electric -- indusoft_web_studioSchneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 before 7.1.3.4 SP3 Patch 4 transmit cleartext credentials, which allows remote attackers to obtain sensitive information by sniffing the network.2015-03-293.3CVE-2015-0998
    MISC
    CONFIRM
    CONFIRM
    schneider_electric -- indusoft_web_studioSchneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 before 7.1.3.4 SP3 Patch 4 store cleartext OPC User credentials in a configuration file, which allows local users to obtain sensitive information by reading this file.2015-03-292.1CVE-2015-0999
    MISC
    CONFIRM
    CONFIRM
    Back to top

    This product is provided subject to this Notification and this Privacy & Use policy.


CERT Technical Feed

US-CERT Alerts
Alerts warn about vulnerabilities, incidents, and other security issues that pose a significant risk.
  • TA15-105A: Simda Botnet
    Original release date: April 15, 2015

    Systems Affected

    Microsoft Windows

    Overview

    The Simda botnet – a network of computers infected with self-propagating malware – has compromised more than 770,000 computers worldwide [1].

    The United States Department of Homeland Security (DHS), in collaboration with Interpol and the Federal Bureau of Investigation (FBI), has released this Technical Alert to provide further information about the Simda botnet, along with prevention and mitigation recommendations.

    Description

    Since 2009, cyber criminals have been targeting computers with unpatched software and compromising them with Simda malware [2]. This malware may re-route a user’s Internet traffic to websites under criminal control or can be used to install additional malware. 

    The malicious actors control the network of compromised systems (botnet) through backdoors, giving them remote access to carry out additional attacks or to “sell” control of the botnet to other criminals [1]. The backdoors also morph their presence every few hours, allowing low anti-virus detection rates and the means for stealthy operation [3].    

    Impact

    A system infected with Simda may allow cyber criminals to harvest user credentials, including banking information; install additional malware; or cause other malicious attacks. The breadth of infected systems allows Simda operators flexibility to load custom features tailored to individual targets.

    Solution

    Users are recommended to take the following actions to remediate Simda infections:

    • Use and maintain anti-virus software - Anti-virus software recognizes and protects your computer against most known viruses. It is important to keep your anti-virus software up-to-date (see Understanding Anti-Virus Software for more information).
    • Change your passwords - Your original passwords may have been compromised during the infection, so you should change them (see Choosing and Protecting Passwords for more information).
    • Keep your operating system and application software up-to-date - Install software patches so that attackers cannot take advantage of known problems or vulnerabilities. Many operating systems offer automatic updates. If this option is available, you should enable it (see Understanding Patches for more information).
    • Use anti-malware tools - Using a legitimate program that identifies and removes malware can help eliminate an infection. Users can consider employing a remediation tool (examples below) that will help with the removal of Simda from your system.

              Kaspersky Lab : http://www.kaspersky.com/security-scan

              Microsoft: http://www.microsoft.com/security/scanner/en-us/default.aspx

              Trend Micro: http://housecall.trendmicro.com/

    • Check to see if your system is infected – The link below offers a simplified check for beginners and a manual check for experts.

              Cyber Defense Institute:  http://www.cyberdefense.jp/simda/

    The above are examples only and do not constitute an exhaustive list. The U.S. government does not endorse or support any particular product or vendor.

    References

    Revision History

    • April 15, 2015: Initial Release

    This product is provided subject to this Notification and this Privacy & Use policy.


  • TA15-103A: DNS Zone Transfer AXFR Requests May Leak Domain Information
    Original release date: April 13, 2015 | Last revised: April 15, 2015

    Systems Affected

    Misconfigured Domain Name System (DNS) servers that respond to global Asynchronous Transfer Full Range (AXFR) requests.

    Overview

    A remote unauthenticated user may request a DNS zone transfer from a public-facing DNS server. If improperly configured, the DNS server may respond with information about the requested zone, revealing internal network structure and potentially sensitive information.

    Description

    AXFR is a protocol for “zone transfers” for replication of DNS data across multiple DNS servers. Unlike normal DNS queries that require the user to know some DNS information ahead of time, AXFR queries reveal resource records including subdomain names [1]. Because a zone transfer is a single query, it could be used by an adversary to efficiently obtain DNS data.  

    A well-known problem with DNS is that zone transfer requests can disclose domain information; for example, see CVE-1999-0532 and a 2002 CERT/CC white paper [2][3]. However, the issue has regained attention due to recent Internet scans still showing a large number of misconfigured DNS servers. Open-source, tested scripts are now available to scan for the possible exposure, increasing the likelihood of exploitation [4].

    Impact

    A remote unauthenticated user may observe internal network structure, learning information useful for other directed attacks.

    Solution

    Configure your DNS server to respond only to zone transfer (AXFR) requests from known IP addresses. Many open-source resources give instructions on reconfiguring your DNS server. For example, see this AXFR article for information on testing and fixing the configuration of a BIND DNS server. US-CERT does not endorse or support any particular product or vendor.

    References

    Revision History

    • April 13, 2015: Initial Release

    This product is provided subject to this Notification and this Privacy & Use policy.


  • TA15-098A: AAEH
    Original release date: April 09, 2015

    Systems Affected

    • Microsoft Windows 95, 98, Me, 2000, XP, Vista, 7, and 8
    • Microsoft Server 2003, Server 2008, Server 2008 R2, and Server 2012

    Overview

    AAEH is a family of polymorphic downloaders created with the primary purpose of downloading other malware, including password stealers, rootkits, fake antivirus, and ransomware.

    The United States Department of Homeland Security (DHS), in collaboration with Europol, the Federal Bureau of Investigation (FBI) and the Department of Justice (DOJ), released this Technical Alert to provide further information about the AAEH botnet, along with prevention and mitigation recommendations.

    Description

    AAEH is often propagated across networks, removable drives (USB/CD/DVD), and through ZIP and RAR archive files. Also known as VObfus, VBObfus, Beebone or Changeup, the polymorphic malware has the ability to change its form with every infection. AAEH is a polymorphic downloader with more than 2 million unique samples. Once installed, it morphs every few hours and rapidly spreads across the network.  AAEH has been used to download other malware families, such as Zeus, Cryptolocker, ZeroAccess, and Cutwail.

    Impact

    A system infected with AAEH may be employed to distribute malicious software, harvest users' credentials for online services, including banking services, and extort money from users by encrypting key files and then demanding payment in order to return the files to a readable state. AAEH is capable of defeating anti-virus products by blocking connections to IP addresses associated with Internet security companies and by preventing anti-virus tools from running on infected machines.  

    Solution

    Users are recommended to take the following actions to remediate AAEH infections:

    References

    Revision History

    • April 9, 2015: Initial Release

    This product is provided subject to this Notification and this Privacy & Use policy.


Valid XHTML 1.0 Transitional CSS ist valide!