SB15-103: Vulnerability Summary for the Week of April 6, 2015

"US-CERT" <US-CERT@xxxxxxxxxxxxxxxx> · Mon, 13 Apr 2015 11:49:42 -0500

Title:     SB15-103: Vulnerability Summary for the Week of April 6, 2015

  National Cyber Awareness System:

SB15-103: Vulnerability Summary for the Week of April 6, 2015
04/13/2015 11:34 AM EDT

Original release date: April 13, 2015 

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.
The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

High Vulnerabilities

Primary
Vendor -- Product Description Published CVSS Score Source & Patch Info

antlabs -- inngate
The ANTlabs InnGate firmware on IG 3100, IG 3101, InnGate 3.00 E, InnGate 3.01 E, InnGate 3.02 E, InnGate 3.10 E, InnGate 3.01 G, and InnGate 3.10 G devices does not require authentication for rsync sessions, which allows remote attackers to read or write to arbitrary files via TCP traffic on port 873.
2015-04-04
10.0
CVE-2015-0932
CERT-VN
CONFIRM
MISC
MISC

apache -- subversion
The mod_dav_svn server in Subversion 1.8.0 through 1.8.11 allows remote attackers to cause a denial of service (memory consumption) via a large number of REPORT requests, which trigger the traversal of FSFS repository nodes.
2015-04-08
7.8
CVE-2015-0202
MANDRIVA
CONFIRM

apache -- cassandra
The default configuration in Apache Cassandra 1.2.0 through 1.2.19, 2.0.0 through 2.0.13, and 2.1.0 through 2.1.3 binds an unauthenticated JMX/RMI interface to all network interfaces, which allows remote attackers to execute arbitrary Java code via an RMI request.
2015-04-03
7.5
CVE-2015-0225
BUGTRAQ
MLIST
MISC

apple -- apple_tv
IOHIDFamily in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted HID device.
2015-04-10
7.2
CVE-2015-1095
CONFIRM
CONFIRM
CONFIRM
APPLE
APPLE
APPLE

apple -- apple_tv
The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 does not properly handle TCP headers, which allows man-in-the-middle attackers to cause a denial of service via unspecified vectors.
2015-04-10
7.1
CVE-2015-1102
CONFIRM
CONFIRM
CONFIRM
APPLE
APPLE
APPLE

apple -- apple_tv
The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 makes routing changes in response to ICMP_REDIRECT messages, which allows remote attackers to cause a denial of service (network outage) or obtain sensitive packet-content information via a crafted ICMP packet.
2015-04-10
7.5
CVE-2015-1103
CONFIRM
CONFIRM
CONFIRM
APPLE
APPLE
APPLE

apple -- mac_os_x
The XPC implementation in Admin Framework in Apple OS X before 10.10.3 allows local users to bypass authentication and obtain admin privileges via unspecified vectors.
2015-04-10
7.2
CVE-2015-1130
CONFIRM
APPLE

apple -- mac_os_x
fontd in Apple Type Services (ATS) in Apple OS X before 10.10.3 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-1132, CVE-2015-1133, CVE-2015-1134, and CVE-2015-1135.
2015-04-10
7.2
CVE-2015-1131
CONFIRM
APPLE

apple -- mac_os_x
fontd in Apple Type Services (ATS) in Apple OS X before 10.10.3 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-1131, CVE-2015-1133, CVE-2015-1134, and CVE-2015-1135.
2015-04-10
10.0
CVE-2015-1132
CONFIRM
APPLE

apple -- mac_os_x
fontd in Apple Type Services (ATS) in Apple OS X before 10.10.3 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-1131, CVE-2015-1132, CVE-2015-1134, and CVE-2015-1135.
2015-04-10
7.2
CVE-2015-1133
CONFIRM
APPLE

apple -- mac_os_x
fontd in Apple Type Services (ATS) in Apple OS X before 10.10.3 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-1131, CVE-2015-1132, CVE-2015-1133, and CVE-2015-1135.
2015-04-10
7.2
CVE-2015-1134
CONFIRM
APPLE

apple -- mac_os_x
fontd in Apple Type Services (ATS) in Apple OS X before 10.10.3 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-1131, CVE-2015-1132, CVE-2015-1133, and CVE-2015-1134.
2015-04-10
7.2
CVE-2015-1135
CONFIRM
APPLE

apple -- mac_os_x
The NVIDIA graphics driver in Apple OS X before 10.10.3 allows local users to gain privileges or cause a denial of service (NULL pointer dereference) via an unspecified IOService userclient type.
2015-04-10
7.2
CVE-2015-1137
CONFIRM
APPLE

apple -- mac_os_x
Buffer overflow in IOHIDFamily in Apple OS X before 10.10.3 allows local users to gain privileges via unspecified vectors.
2015-04-10
7.2
CVE-2015-1140
CONFIRM
APPLE

apple -- mac_os_x
LaunchServices in Apple OS X before 10.10.3 allows local users to gain privileges via a crafted localized string, related to a "type confusion" issue.
2015-04-10
7.2
CVE-2015-1143
CONFIRM
APPLE

apple -- mac_os_x
Buffer overflow in the UniformTypeIdentifiers component in Apple OS X before 10.10.3 allows local users to gain privileges via a crafted Uniform Type Identifier.
2015-04-10
7.2
CVE-2015-1144
CONFIRM
APPLE

apple -- xcode
Integer overflow in the simulator in Swift in Apple Xcode before 6.3 allows context-dependent attackers to cause a denial of service or possibly have unspecified other impact by triggering an incorrect result of a type conversion.
2015-04-10
7.5
CVE-2015-1149
CONFIRM
APPLE

arj_software -- arj_archiver
Buffer overflow in Open-source ARJ archiver 3.10.22 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ARJ archive.
2015-04-08
7.5
CVE-2015-2782
MLIST
MLIST
DEBIAN

c-board_moyuku_project -- c-board_moyuku
Unrestricted file upload vulnerability in app/lib/mlf.pl in C-BOARD Moyuku before 1.03b3 allows remote attackers to execute arbitrary code by uploading a file with a   character in its name.
2015-04-05
7.5
CVE-2015-0877
CONFIRM
JVNDB
JVN

ca -- spectrum
CA Spectrum 9.2.x and 9.3.x before 9.3 H02 does not properly validate serialized Java objects, which allows remote authenticated users to obtain administrative privileges via crafted object data.
2015-04-07
9.0
CVE-2015-2828
CONFIRM

cisco -- unity_connection
The Connection Conversation Manager (aka CuCsMgr) process in Cisco Unity Connection 8.5 before 8.5(1)SU6, 8.6 before 8.6(2a)SU4, and 9.x before 9.1(2)SU2, when SIP trunk integration is enabled, allows remote attackers to cause a denial of service (SIP outage) via a crafted UDP packet, aka Bug ID CSCuh25062.
2015-04-03
7.1
CVE-2015-0612
SECTRACK
CISCO

cisco -- unity_connection
The Connection Conversation Manager (aka CuCsMgr) process in Cisco Unity Connection 8.5 before 8.5(1)SU7, 8.6 before 8.6(2a)SU4, 9.x before 9.1(2)SU2, and 10.0 before 10.0(1)SU1, when SIP trunk integration is enabled, allows remote attackers to cause a denial of service (core dump and restart) via crafted SIP INVITE messages, aka Bug ID CSCul20444.
2015-04-03
7.1
CVE-2015-0613
SECTRACK
CISCO

cisco -- unity_connection
The Connection Conversation Manager (aka CuCsMgr) process in Cisco Unity Connection 8.5 before 8.5(1)SU7, 8.6 before 8.6(2a)SU4, 9.x before 9.1(2)SU2, and 10.0 before 10.0(1)SU1, when SIP trunk integration is enabled, allows remote attackers to cause a denial of service (core dump and restart) via crafted SIP INVITE messages, aka Bug ID CSCul26267.
2015-04-03
7.1
CVE-2015-0614
SECTRACK
CISCO

cisco -- unity_connection
The call-handling implementation in Cisco Unity Connection 8.5 before 8.5(1)SU7, 8.6 before 8.6(2a)SU4, 9.x before 9.1(2)SU2, and 10.0 before 10.0(1)SU1, when SIP trunk integration is enabled, allows remote attackers to cause a denial of service (port consumption) by improperly terminating SIP sessions, aka Bug ID CSCul28089.
2015-04-03
7.1
CVE-2015-0615
SECTRACK
CISCO

cisco -- unity_connection
The Connection Conversation Manager (aka CuCsMgr) process in Cisco Unity Connection 8.5 before 8.5(1)SU7, 8.6 before 8.6(2a)SU4, and 9.x before 9.1(2)SU2, when SIP trunk integration is enabled, allows remote attackers to cause a denial of service (core dump and restart) by improperly terminating SIP TCP connections, aka Bug ID CSCul69819.
2015-04-03
7.1
CVE-2015-0616
SECTRACK
CISCO

cisco -- prime_data_center_network_manager
Directory traversal vulnerability in the fmserver servlet in Cisco Prime Data Center Network Manager (DCNM) before 7.1(1) allows remote attackers to read arbitrary files via a crafted pathname, aka Bug ID CSCus00241.
2015-04-03
7.8
CVE-2015-0666
SECTRACK
CISCO

cisco -- ios_xe
Cisco IOS XE 3.10.2S on an ASR 1000 device with an Embedded Services Processor (ESP) module, when NAT is enabled, allows remote attackers to cause a denial of service (module crash) via malformed H.323 packets, aka Bug ID CSCup21070.
2015-04-03
7.1
CVE-2015-0688
SECTRACK
CISCO

gnu -- glibc
The ADDW macro in stdio-common/vfscanf.c in the GNU C Library (aka glibc or libc6) before 2.21 does not properly consider data-type size during memory allocation, which allows context-dependent attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a long line containing wide characters that are improperly handled in a wscanf call.
2015-04-08
7.5
CVE-2015-1472
MLIST
CONFIRM
MLIST

hidemaru -- editor
Buffer overflow in Saitoh Kikaku Maruo Editor 8.51 and earlier allows remote attackers to execute arbitrary code via a crafted .hmbook file.
2015-04-03
7.5
CVE-2015-0903
JVNDB
JVN
CONFIRM

ibm -- rational_clearcase
The MSCAPI/MSCNG interface implementation in GSKit in IBM Rational ClearCase 7.1.2.x before 7.1.2.17, 8.0.0.x before 8.0.0.14, and 8.0.1.x before 8.0.1.7 does not properly generate random numbers, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors.
2015-04-05
9.4
CVE-2014-6221
CONFIRM
SECTRACK

ibm -- domino
The LDAP Server in IBM Domino 8.5.x before 8.5.3 FP6 IF6 and 9.x before 9.0.1 FP3 IF1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, aka SPR KLYH9SLRGM.
2015-04-05
10.0
CVE-2015-0117
CONFIRM
SECTRACK

ibm -- tivoli_storage_manager_fastback
FastBack Mount in IBM Tivoli Storage Manager FastBack 6.1.x before 6.1.11.1 allows remote attackers to execute arbitrary code by connecting to the Mount port.
2015-04-05
7.5
CVE-2015-0119
CONFIRM

ibm -- domino
Buffer overflow in the SSLv2 implementation in IBM Domino 8.5.x before 8.5.1 FP5 IF3, 8.5.2 before FP4 IF3, 8.5.3 before FP6 IF6, 9.0 before IF7, and 9.0.1 before FP2 IF3 allows remote attackers to execute arbitrary code via unspecified vectors.
2015-04-05
10.0
CVE-2015-0134
CONFIRM
SECTRACK

ibm -- domino
Notes System Diagnostic (NSD) in IBM Domino 8.5.x before 8.5.3 FP6 IF6 and 9.x before 9.0.1 FP3 IF1 allows local users to obtain the System privilege via unspecified vectors, aka SPR TCHL9SST8V.
2015-04-05
7.2
CVE-2015-0179
CONFIRM
SECTRACK

linux -- linux_kernel
The IPv4 implementation in the Linux kernel before 3.18.8 does not properly consider the length of the Read-Copy Update (RCU) grace period for redirecting lookups in the absence of caching, which allows remote attackers to cause a denial of service (memory consumption or system crash) via a flood of packets.
2015-04-05
7.8
CVE-2015-1465
CONFIRM
CONFIRM
UBUNTU
UBUNTU
MLIST
CONFIRM
CONFIRM

oxide_project -- oxide
Use-after-free vulnerability in Oxide before 1.5.6 and 1.6.x before 1.6.1 allows remote attackers to cause a denial of service (crash) or possible execute arbitrary code by deleting all WebContents while a RenderProcessHost instance still exists.
2015-04-08
7.5
CVE-2015-1317
CONFIRM
UBUNTU

redhat -- openstack
The puppet manifests in the Red Hat openstack-puppet-modules package before 2014.2.13-2 uses a default password of CHANGEME for the pcsd daemon, which allows remote attackers to execute arbitrary shell commands via unspecified vectors.
2015-04-10
10.0
CVE-2015-1842
CONFIRM
REDHAT
REDHAT

simple_ads_manager_project -- simple_ads_manager
Multiple SQL injection vulnerabilities in sam-ajax-admin.php in the Simple Ads Manager plugin 2.5.94 and 2.5.96 for WordPress allow remote attackers to execute arbitrary SQL commands via a (1) hits[][] parameter in a sam_hits action; the (2) cstr parameter in a load_posts action; the (3) searchTerm parameter in a load_combo_data action; or the (4) subscriber, (5) contributor, (6) author, (7) editor, (8) admin, or (9) sadmin parameter in a load_users action.
2015-04-06
7.5
CVE-2015-2824
BUGTRAQ
BUGTRAQ
FULLDISC
FULLDISC
MISC

Back to top

Medium Vulnerabilities

Primary
Vendor -- Product Description Published CVSS Score Source & Patch Info

apache -- subversion
The (1) mod_dav_svn and (2) svnserve servers in Subversion 1.6.0 through 1.7.19 and 1.8.0 through 1.8.11 allow remote attackers to cause a denial of service (assertion failure and abort) via crafted parameter combinations related to dynamically evaluated revision numbers.
2015-04-08
5.0
CVE-2015-0248
MANDRIVA
CONFIRM

apache -- subversion
The mod_dav_svn server in Subversion 1.5.0 through 1.7.19 and 1.8.0 through 1.8.11 allows remote authenticated users to spoof the svn:author property via a crafted v1 HTTP protocol request sequences.
2015-04-08
4.0
CVE-2015-0251
MANDRIVA
CONFIRM

apache -- flex
Cross-site scripting (XSS) vulnerability in asdoc/templates/index.html in Apache Flex before 4.14.1 allows remote attackers to inject arbitrary web script or HTML by providing a crafted URI to _javascript_ code generated by the asdoc component.
2015-04-07
4.3
CVE-2015-1773
BUGTRAQ

apple -- iphone_os
CFURL in Apple iOS before 8.3 and Apple OS X before 10.10.3 does not properly validate URLs, which allows remote attackers to execute arbitrary code via a crafted web site.
2015-04-10
6.8
CVE-2015-1088
CONFIRM
CONFIRM
APPLE
APPLE

apple -- iphone_os
CFNetwork in Apple iOS before 8.3 and Apple OS X before 10.10.3 does not properly handle cookies during processing of redirects in HTTP responses, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.
2015-04-10
5.0
CVE-2015-1089
CONFIRM
CONFIRM
APPLE
APPLE

apple -- iphone_os
CFNetwork in Apple iOS before 8.3 does not delete HTTP Strict Transport Security (HSTS) state information in response to a Safari history-clearing action, which allows attackers to obtain sensitive information by reading a history file.
2015-04-10
5.0
CVE-2015-1090
CONFIRM
APPLE

apple -- iphone_os
The CFNetwork Session component in Apple iOS before 8.3 and Apple OS X before 10.10.3 does not properly handle request headers during processing of redirects in HTTP responses, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.
2015-04-10
4.3
CVE-2015-1091
CONFIRM
CONFIRM
APPLE
APPLE

apple -- apple_tv
NSXMLParser in Foundation in Apple iOS before 8.3 and Apple TV before 7.2 allows remote attackers to read arbitrary files via an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
2015-04-10
5.0
CVE-2015-1092
CONFIRM
CONFIRM
APPLE
APPLE

apple -- iphone_os
FontParser in Apple iOS before 8.3 and Apple OS X before 10.10.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file.
2015-04-10
6.8
CVE-2015-1093
CONFIRM
CONFIRM
APPLE
APPLE

apple -- iphone_os
iWork in Apple iOS before 8.3 and Apple OS X before 10.10.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted iWork file.
2015-04-10
6.8
CVE-2015-1098
CONFIRM
CONFIRM
APPLE
APPLE

apple -- apple_tv
The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 does not properly determine whether an IPv6 packet had a local origin, which allows remote attackers to bypass an intended network-filtering protection mechanism via a crafted packet.
2015-04-10
5.0
CVE-2015-1104
CONFIRM
CONFIRM
CONFIRM
APPLE
APPLE
APPLE

apple -- apple_tv
The TCP implementation in the kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 does not properly implement the Urgent (aka out-of-band data) mechanism, which allows remote attackers to cause a denial of service via crafted packets.
2015-04-10
5.0
CVE-2015-1105
CONFIRM
CONFIRM
CONFIRM
APPLE
APPLE
APPLE

apple -- apple_tv
The Podcasts component in Apple iOS before 8.3 and Apple TV before 7.2 allows remote attackers to discover unique identifiers by reading asset-download request data.
2015-04-10
5.0
CVE-2015-1110
CONFIRM
CONFIRM
APPLE
APPLE

apple -- iphone_os
Safari in Apple iOS before 8.3 does not delete Recently Closed Tabs data in response to a history-clearing action, which allows attackers to obtain sensitive information by reading a history file.
2015-04-10
5.0
CVE-2015-1111
CONFIRM
APPLE

apple -- safari
Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, as used on iOS before 8.3 and other platforms, does not properly delete browsing-history data from the history.plist file, which allows attackers to obtain sensitive information by reading this file.
2015-04-10
5.0
CVE-2015-1112
CONFIRM
CONFIRM
APPLE
APPLE

apple -- apple_tv
libnetcore in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to cause a denial of service (memory corruption and application crash) via a crafted configuration profile.
2015-04-10
5.0
CVE-2015-1118
CONFIRM
CONFIRM
CONFIRM
APPLE
APPLE
APPLE

apple -- apple_tv
WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-04-08-1, APPLE-SA-2015-04-08-3, and APPLE-SA-2015-04-08-4.
2015-04-10
6.8
CVE-2015-1119
CONFIRM
CONFIRM
CONFIRM
APPLE
APPLE
APPLE

apple -- apple_tv
WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-04-08-1, APPLE-SA-2015-04-08-3, and APPLE-SA-2015-04-08-4.
2015-04-10
6.8
CVE-2015-1120
CONFIRM
CONFIRM
CONFIRM
APPLE
APPLE
APPLE

apple -- apple_tv
WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-04-08-1, APPLE-SA-2015-04-08-3, and APPLE-SA-2015-04-08-4.
2015-04-10
6.8
CVE-2015-1121
CONFIRM
CONFIRM
CONFIRM
APPLE
APPLE
APPLE

apple -- apple_tv
WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-04-08-1, APPLE-SA-2015-04-08-3, and APPLE-SA-2015-04-08-4.
2015-04-10
6.8
CVE-2015-1122
CONFIRM
CONFIRM
CONFIRM
APPLE
APPLE
APPLE

apple -- apple_tv
WebKit, as used in Apple iOS before 8.3 and Apple TV before 7.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-04-08-3 and APPLE-SA-2015-04-08-4.
2015-04-10
6.8
CVE-2015-1123
CONFIRM
CONFIRM
APPLE
APPLE

apple -- apple_tv
WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-04-08-1, APPLE-SA-2015-04-08-3, and APPLE-SA-2015-04-08-4.
2015-04-10
6.8
CVE-2015-1124
CONFIRM
CONFIRM
CONFIRM
APPLE
APPLE
APPLE

apple -- iphone_os
The touch-events implementation in WebKit in Apple iOS before 8.3 allows remote attackers to trigger an association between a tap and an unintended web resource via a crafted web site.
2015-04-10
4.3
CVE-2015-1125
CONFIRM
APPLE

apple -- safari
WebKit, as used in Apple iOS before 8.3 and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, does not properly handle the userinfo field in FTP URLs, which allows remote attackers to trigger incorrect resource access via unspecified vectors.
2015-04-10
4.3
CVE-2015-1126
CONFIRM
CONFIRM
APPLE
APPLE

apple -- safari
The private-browsing implementation in Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5 allows attackers to obtain sensitive browsing-history information via vectors involving push-notification requests.
2015-04-10
5.0
CVE-2015-1128
CONFIRM
APPLE

apple -- safari
Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5 does not properly select X.509 client certificates, which makes it easier for remote attackers to track users via a crafted web site.
2015-04-10
4.3
CVE-2015-1129
CONFIRM
APPLE

apple -- mac_os_x
Use-after-free vulnerability in CoreAnimation in Apple OS X before 10.10.3 allows remote attackers to execute arbitrary code by leveraging improper use of a mutex.
2015-04-10
6.8
CVE-2015-1136
CONFIRM
APPLE

apple -- mac_os_x
Hypervisor in Apple OS X before 10.10.3 allows local users to cause a denial of service via unspecified vectors.
2015-04-10
4.9
CVE-2015-1138
CONFIRM
APPLE

apple -- mac_os_x
ImageIO in Apple OS X before 10.10.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted .sgi file.
2015-04-10
6.8
CVE-2015-1139
CONFIRM
APPLE

apple -- mac_os_x
The mach_vm_read functionality in the kernel in Apple OS X before 10.10.3 allows local users to cause a denial of service (system crash) via unspecified vectors.
2015-04-10
4.9
CVE-2015-1141
CONFIRM
APPLE

apple -- mac_os_x
Open Directory Client in Apple OS X before 10.10.3 sends unencrypted password-change requests in certain circumstances involving missing certificates, which allows remote attackers to obtain sensitive information by sniffing the network.
2015-04-10
5.0
CVE-2015-1147
CONFIRM
APPLE

apple -- mac_os_x
Screen Sharing in Apple OS X before 10.10.3 stores the password of a user in a log file, which might allow context-dependent attackers to obtain sensitive information by reading this file.
2015-04-10
5.0
CVE-2015-1148
CONFIRM
APPLE

arj_software -- arj_archiver
Open-source ARJ archiver 3.10.22 allows remote attackers to conduct directory traversal attacks via a symlink attack in an ARJ archive.
2015-04-08
5.8
CVE-2015-0556
CONFIRM
MLIST
MLIST
DEBIAN

arj_software -- arj_archiver
Open-source ARJ archiver 3.10.22 does not properly remove leading slashes from paths, which allows remote attackers to conduct absolute path traversal attacks and write to arbitrary files via multiple leading slashes in a path in an ARJ archive.
2015-04-08
5.8
CVE-2015-0557
CONFIRM
MLIST
MLIST
DEBIAN

bblog_project -- bblog
Cross-site request forgery (CSRF) vulnerability in bBlog allows remote attackers to hijack the authentication of arbitrary users.
2015-04-07
6.8
CVE-2015-0905
MISC
JVNDB
JVN

cisco -- unified_communications_domain_manager
Cisco Unified Communications Domain Manager 8.1(4) allows remote authenticated users to execute arbitrary code by visiting a "deprecated page," aka Bug ID CSCup90168.
2015-04-03
6.5
CVE-2015-0682
SECTRACK
CISCO

cisco -- unified_communications_domain_manager
Cisco Unified Communications Domain Manager 8.1(4) allows remote authenticated users to obtain sensitive information via a file-inclusion attack, aka Bug ID CSCup94744.
2015-04-03
4.0
CVE-2015-0683
SECTRACK
CISCO

cisco -- unified_communications_domain_manager
SQL injection vulnerability in the Image Management component in Cisco Unified Communications Domain Manager 8.1(4) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuq52515.
2015-04-03
6.5
CVE-2015-0684
SECTRACK
CISCO

cisco -- wireless_lan_controller_software
Cross-site scripting (XSS) vulnerability in the HTML help system on Cisco Wireless LAN Controller (WLC) devices before 8.0 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCun95178.
2015-04-06
4.3
CVE-2015-0690
SECTRACK
CISCO

emc -- powerpath_virtual_appliance
EMC PowerPath Virtual Appliance (aka vApp) before 2.0 has default passwords for the (1) emcupdate and (2) svcuser accounts, which makes it easier for remote attackers to obtain potentially sensitive information via a login session.
2015-04-04
5.0
CVE-2015-0529
BUGTRAQ
MISC

ericsson -- drutt_mobile_service_delivery_platform
Multiple cross-site scripting (XSS) vulnerabilities in the Report Viewer in Ericsson Drutt Mobile Service Delivery Platform (MSDP) 4, 5, and 6 allow remote attackers to inject arbitrary web script or HTML via the (1) portal, (2) fromDate, (3) toDate, (4) fromTime, (5) toTime, (6) kword, (7) uname, (8) pname, (9) sname, (10) atype, or (11) atitle parameter to top-links.jsp; (12) portal or (13) uid parameter to (a) page-summary.jsp or (b) service-summary.jsp; (14) portal, (15) fromDate, (16) toDate, (17) fromTime, (18) toTime, (19) sortDirection, (20) kword, (21) uname, (22) pname, (23) sname, (24) file, (25) atype, or (26) atitle parameter to (a) top-useragent-devices.jsp or (b) top-interest-areas.jsp; (27) fromDate, (28) toDate, (29) fromTime, (30) toTime, (31) sortDirection, (32) kword, (33) uname, (34) pname, (35) sname, (36) file, (37) atype, or (38) atitle parameter to top-message-services.jsp; (39) portal, (40) fromDate, (41) toDate, (42) fromTime, (43) toTime, (44) orderBy, (45) sortDirection, (46) kword, (47) uname, (48) pname, (49) sname, (50) file, (51) atype, or (52) atitle parameter to (a) user-statistics.jsp, (b) top-web-pages.jsp, (c) top-devices.jsp, (d) top-pages.jsp, (e) session-summary.jsp, (f) top-providers.jsp, (g) top-modules.jsp, or (h) top-services.jsp; (53) fromDate, (54) toDate, (55) fromTime, (56) toTime, (57) orderBy, (58) sortDirection, (59) uid, (60) uid2, (61) kword, (62) uname, (63) pname, (64) sname, (65) file, (66) atype, or (67) atitle parameter to message-shortcode-summary.jsp; (68) fromDate, (69) toDate, (70) fromTime, (71) toTime, (72) orderBy, (73) sortDirection, (74) uid, (75) kword, (76) uname, (77) pname, (78) sname, (79) file, (80) atype, or (81) atitle parameter to (a) message-providers-summary.jsp or (b) message-services-summary.jsp; (82) kword, (83) uname, (84) pname, (85) sname, (86) file, (87) atype, or (88) atitle parameter to license-summary.jsp; (89) portal, (90) fromDate, (91) toDate, (92) fromTime, (93) toTime, (94) orderBy, (95) sortDirection, (96) uid, (97) uid2, (98) kword, (99) uname, (100) pname, (101) sname, (102) file, (103) atype, or (104) atitle parameter to useragent-device-summary.jsp; (105) fromDate, (106) toDate, (107) fromTime, (108) toTime, (109) orderBy, (110) sortDirection, (111) kword, (112) uname, (113) pname, (114) sname, (115) file, (116) atype, or (117) atitle parameter to (a) top-message-providers.jsp, (b) top-message-devices.jsp, (c) top-message-assets.jsp, (d) top-message-downloads.jsp, or (e) top-message-shortcode.jsp; (118) fromDate, (119) toDate, (120) fromTime, (121) toTime, (122) kword, (123) uname, (124) pname, (125) sname, (126) file, (127) atype, or (128) atitle parameter to request-summary.jsp; (129) portal parameter to link-summary-select.jsp, (130) provider-summary-select.jsp, or (131) module-summary-select.jsp; (132) portal, (133) uid, (134) kword, (135) uname, (136) pname, (137) sname, (138) file, (139) atype, or (140) atitle parameter to link-summary.jsp; (141) portal, (142) fromDate, (143) toDate, (144) fromTime, (145) toTime, (146) orderBy, (147) sortDirection, (148) uid, (149) kword, (150) uname, (151) pname, (152) sname, (153) file, (154) atype, or (155) atitle parameter to (a) provider-summary.jsp or (b) module-summary.jsp in reports/pages/.
2015-04-06
4.3
CVE-2015-2165
MISC

ericsson -- drutt_mobile_service_delivery_platform
Directory traversal vulnerability in the Instance Monitor in Ericsson Drutt Mobile Service Delivery Platform (MSDP) 4, 5, and 6 allows remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the default URI.
2015-04-06
5.0
CVE-2015-2166
MISC

ericsson -- drutt_mobile_service_delivery_platform
Open redirect vulnerability in the 3PI Manager in Ericsson Drutt Mobile Service Delivery Platform (MSDP) 4, 5, and 6 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter to jsp/start-3pi-manager.jsp.
2015-04-06
5.8
CVE-2015-2167
MISC

gnu -- glibc
The ADDW macro in stdio-common/vfscanf.c in the GNU C Library (aka glibc or libc6) before 2.21 does not properly consider data-type size during a risk-management decision for use of the alloca function, which might allow context-dependent attackers to cause a denial of service (segmentation violation) or overwrite memory locations beyond the stack boundary via a long line containing wide characters that are improperly handled in a wscanf call.
2015-04-08
6.4
CVE-2015-1473
CONFIRM
MLIST

ibm -- websphere_datapower_xc10_appliance_firmware
The IBM WebSphere DataPower XC10 appliance 2.1 before 2.1.0.3 allows remote attackers to hijack the sessions of arbitrary users, and consequently obtain sensitive information or modify data, via unspecified vectors.
2015-04-05
6.8
CVE-2015-1893
CONFIRM
SECTRACK
AIXAPAR

mcafee -- advanced_threat_defense
McAfee Advanced Threat Defense (MATD) before 3.4.4.63 allows remote authenticated users to bypass intended restrictions and change or update configuration settings via crafted parameters.
2015-04-08
5.5
CVE-2015-3028
CONFIRM

mcafee -- advanced_threat_defense
The web interface in McAfee Advanced Threat Defense (MATD) before 3.4.4.63 does not properly restrict access, which allows remote authenticated users to obtain sensitive information via unspecified vectors.
2015-04-08
4.0
CVE-2015-3029
CONFIRM

mcafee -- advanced_threat_defense
The web interface in McAfee Advanced Threat Defense (MATD) before 3.4.4.63 allows remote authenticated users to obtain sensitive configuration information via unspecified vectors.
2015-04-08
4.0
CVE-2015-3030
CONFIRM

mozilla -- firefox
The Reader mode feature in Mozilla Firefox before 37.0.1 on Android, and Desktop Firefox pre-release, does not properly handle privileged URLs, which makes it easier for remote attackers to execute arbitrary _javascript_ code with chrome privileges by leveraging the ability to bypass the Same Origin Policy.
2015-04-08
5.0
CVE-2015-0798
CONFIRM
CONFIRM

mozilla -- firefox
The HTTP Alternative Services feature in Mozilla Firefox before 37.0.1 allows man-in-the-middle attackers to bypass an intended X.509 certificate-verification step for an SSL server by specifying that server in the uri-host field of an Alt-Svc HTTP/2 response header.
2015-04-08
4.3
CVE-2015-0799
CONFIRM
CONFIRM

ntp -- ntp
The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP 3.x and 4.x before 4.2.8p2 performs state-variable updates upon receiving certain invalid packets, which makes it easier for man-in-the-middle attackers to cause a denial of service (synchronization loss) by spoofing the source IP address of a peer.
2015-04-08
4.3
CVE-2015-1799
CERT-VN
CONFIRM
CONFIRM

pfsense -- pfsense
Cross-site request forgery (CSRF) vulnerability in system_firmware_restorefullbackup.php in the WebGUI in pfSense before 2.2.1 allows remote attackers to hijack the authentication of administrators for requests that delete arbitrary files via the deletefile parameter.
2015-04-10
6.8
CVE-2015-2295
CONFIRM
MISC
BUGTRAQ
MISC

qualiteam -- x-cart
Cross-site scripting (XSS) vulnerability in admin.php in X-Cart 5.1.6 through 5.1.10 allows remote attackers to inject arbitrary web script or HTML via the substring parameter.
2015-04-04
4.3
CVE-2015-0950
CERT-VN
CONFIRM

qualiteam -- x-cart
X-Cart before 5.1.11 allows remote authenticated users to read or delete address data of arbitrary accounts via a modified (1) update or (2) remove request.
2015-04-04
6.5
CVE-2015-0951
CERT-VN
CONFIRM

quassel-irc -- quassel
Quassel before 0.12-rc1 uses an incorrect data-type size when splitting a message, which allows remote attackers to cause a denial of service (crash) via a long CTCP query containing only multibyte characters.
2015-04-10
5.0
CVE-2015-2778
CONFIRM
MLIST
MLIST
MLIST
SUSE

redhat -- docker
The Red Hat docker package before 1.5.0-28, when using the --add-registry option, falls back to HTTP when the HTTPS connection to the registry fails, which allows man-in-the-middle attackers to conduct downgrade attacks and obtain authentication and image data by leveraging a network position between the client and the registry to block HTTPS traffic. NOTE: this vulnerability exists because of a CVE-2014-5277 regression.
2015-04-06
4.3
CVE-2015-1843
CONFIRM
REDHAT

saurus -- saurus_cms
Multiple cross-site scripting (XSS) vulnerabilities in the print_language_selectbox function in classes/adminpage.inc.php in Saurus CMS Community Edition before 4.7 2015-02-04 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
2015-04-06
4.3
CVE-2015-0876
CONFIRM
JVNDB
JVN

schneider-electric -- vampset
Multiple buffer overflows in Schneider Electric VAMPSET before 2.2.168 allow local users to gain privileges via malformed disturbance-recording data in a (1) CFG or (2) DAT file.
2015-04-03
4.4
CVE-2014-8390
MISC
CONFIRM
BUGTRAQ
MISC

siemens -- simatic_step_7
Siemens SIMATIC STEP 7 (TIA Portal) 12 and 13 before 13 SP1 Upd1 allows man-in-the-middle attackers to obtain sensitive information or modify transmitted data via unspecified vectors.
2015-04-05
6.8
CVE-2015-1601
CONFIRM

siemens -- wincc
Siemens SIMATIC HMI Comfort Panels before WinCC (TIA Portal) 13 SP1 Upd2 and SIMATIC WinCC Runtime Advanced before WinCC (TIA Portal) 13 SP1 Upd2 allow man-in-the-middle attackers to cause a denial of service via crafted packets on TCP port 102.
2015-04-08
4.3
CVE-2015-2822
CONFIRM

siemens -- wincc
Siemens SIMATIC HMI Basic Panels 2nd Generation before WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC HMI Comfort Panels before WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC WinCC Runtime Advanced before WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC WinCC Runtime Professional before WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC HMI Basic Panels 1st Generation (WinCC TIA Portal), SIMATIC HMI Mobile Panel 277 (WinCC TIA Portal), SIMATIC HMI Multi Panels (WinCC TIA Portal), and SIMATIC WinCC 7.x before 7.3 Upd4 allow remote attackers to complete authentication by leveraging knowledge of a password hash without knowledge of the associated password.
2015-04-08
6.8
CVE-2015-2823
CONFIRM

Back to top

Low Vulnerabilities

Primary
Vendor -- Product Description Published CVSS Score Source & Patch Info

apple -- iphone_os
AppleKeyStore in Apple iOS before 8.3 does not properly restrict a certain passcode-confirmation interface, which makes it easier for attackers to verify correct passcode guesses via a crafted app.
2015-04-10
1.9
CVE-2015-1085
CONFIRM
APPLE

apple -- iphone_os
Directory traversal vulnerability in Backup in Apple iOS before 8.3 allows attackers to read arbitrary files via a crafted relative path.
2015-04-10
2.1
CVE-2015-1087
CONFIRM
APPLE

apple -- iphone_os
The QuickType feature in the Keyboards subsystem in Apple iOS before 8.3 allows physically proximate attackers to discover passcodes by reading the lock screen during use of a Bluetooth keyboard.
2015-04-10
2.1
CVE-2015-1106
CONFIRM
APPLE

apple -- iphone_os
The Lock Screen component in Apple iOS before 8.3 does not properly implement the erasure feature for incorrect passcode-authentication attempts, which makes it easier for physically proximate attackers to obtain access by making many passcode guesses.
2015-04-10
1.9
CVE-2015-1107
CONFIRM
APPLE

apple -- iphone_os
The Lock Screen component in Apple iOS before 8.3 does not properly enforce the limit on incorrect passcode-authentication attempts, which makes it easier for physically proximate attackers to obtain access by making many passcode guesses.
2015-04-10
2.1
CVE-2015-1108
CONFIRM
APPLE

apple -- iphone_os
NetworkExtension in Apple iOS before 8.3 stores credentials in VPN configuration logs, which makes it easier for physically proximate attackers to obtain sensitive information by reading a log file.
2015-04-10
2.1
CVE-2015-1109
CONFIRM
APPLE

apple -- iphone_os
The UIKit View component in Apple iOS before 8.3 displays unblurred application snapshots in the Task Switcher, which makes it easier for physically proximate attackers to obtain sensitive information by reading the device screen.
2015-04-10
2.1
CVE-2015-1116
CONFIRM
APPLE

apple -- safari
The private-browsing implementation in WebKit in Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5 places browsing history into an index, which might allow local users to obtain sensitive information by reading index entries.
2015-04-10
2.1
CVE-2015-1127
CONFIRM
APPLE

apple -- mac_os_x
LaunchServices in Apple OS X before 10.10.3 allows local users to cause a denial of service (Finder crash) via crafted localization data.
2015-04-10
2.1
CVE-2015-1142
CONFIRM
APPLE

apple -- mac_os_x
The Code Signing implementation in Apple OS X before 10.10.3 does not properly validate signatures, which allows local users to bypass intended access restrictions via a crafted bundle, a different vulnerability than CVE-2015-1146.
2015-04-10
1.9
CVE-2015-1145
CONFIRM
APPLE

apple -- mac_os_x
The Code Signing implementation in Apple OS X before 10.10.3 does not properly validate signatures, which allows local users to bypass intended access restrictions via a crafted bundle, a different vulnerability than CVE-2015-1145.
2015-04-10
1.9
CVE-2015-1146
CONFIRM
APPLE

ca -- spectrum
Cross-site scripting (XSS) vulnerability in CA Spectrum 9.2.x and 9.3.x before 9.3 H02 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
2015-04-07
3.5
CVE-2015-2827
CONFIRM

freebsd -- freebsd
The bsdinstall installer in FreeBSD 10.x before 10.1 p9, when configuring full disk encrypted ZFS, uses world-readable permissions for the GELI keyfile (/boot/encryption.key), which allows local users to obtain sensitive key information by reading the file.
2015-04-10
2.1
CVE-2015-1415
FREEBSD
SECTRACK
BUGTRAQ
MISC

hp -- intelligent_provisioning
Unspecified vulnerability in HP Intelligent Provisioning 1.40 through 1.60 on Windows Server 2008 R2 and 2012 allows local users to obtain sensitive information via unknown vectors.
2015-04-03
2.1
CVE-2015-2111
HP

ibm -- general_parallel_file_system
/usr/lpp/mmfs/bin/gpfs.snap in IBM General Parallel File System (GPFS) 4.1 before 4.1.0.7 produces an archive potentially containing cleartext keys, and lacks a warning about reviewing this archive to detect included keys, which might allow remote attackers to obtain sensitive information by leveraging access to a technical-support data stream.
2015-04-05
3.5
CVE-2015-1890
CONFIRM

ntp -- ntp
The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p2 requires a correct MAC only if the MAC field has a nonzero length, which makes it easier for man-in-the-middle attackers to spoof packets by omitting the MAC.
2015-04-08
1.8
CVE-2015-1798
CERT-VN
CONFIRM
CONFIRM

siemens -- simatic_step_7
Siemens SIMATIC STEP 7 (TIA Portal) 12 and 13 before 13 SP1 Upd1 improperly stores password data within project files, which makes it easier for local users to determine cleartext (1) protection-level passwords or (2) web-server passwords by leveraging the ability to read these files.
2015-04-05
2.1
CVE-2015-1602
CONFIRM

xen -- xen
drivers/xen/usbback/usbback.c in linux-2.6.18-xen-3.4.0 (aka the Xen 3.4.x support patches for the Linux kernel 2.6.18), as used in the Linux kernel 2.6.x and 3.x in SUSE Linux distributions, allows guest OS users to obtain sensitive information from uninitialized locations in host OS kernel memory via unspecified vectors.
2015-04-05
2.1
CVE-2015-0777
CONFIRM
SUSE

Back to top

This product is provided subject to this Notification and this Privacy & Use policy.

OTHER RESOURCES:

Contact Us | Security Publications | Alerts and Tips | Related Resources

STAY CONNECTED:

SUBSCRIBER SERVICES:
Manage Preferences  |  Unsubscribe  |  Help

This email was sent to linux-security@xxxxxxxxxxx using GovDelivery, on behalf of: United States Computer Emergency Readiness Team (US-CERT) · 245 Murray Lane SW Bldg 410 · Washington, DC 20598 · (888) 282-0870