U.S. Flag Official website of the Department of Homeland Security
TLP:WHITE

Bulletin (SB15-103)

Vulnerability Summary for the Week of April 6, 2015

Original release date: April 13, 2015

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

High Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
antlabs -- inngateThe ANTlabs InnGate firmware on IG 3100, IG 3101, InnGate 3.00 E, InnGate 3.01 E, InnGate 3.02 E, InnGate 3.10 E, InnGate 3.01 G, and InnGate 3.10 G devices does not require authentication for rsync sessions, which allows remote attackers to read or write to arbitrary files via TCP traffic on port 873.2015-04-0410.0CVE-2015-0932
CERT-VN
CONFIRM
MISC
MISC
apache -- subversionThe mod_dav_svn server in Subversion 1.8.0 through 1.8.11 allows remote attackers to cause a denial of service (memory consumption) via a large number of REPORT requests, which trigger the traversal of FSFS repository nodes.2015-04-087.8CVE-2015-0202
MANDRIVA
CONFIRM
apache -- cassandraThe default configuration in Apache Cassandra 1.2.0 through 1.2.19, 2.0.0 through 2.0.13, and 2.1.0 through 2.1.3 binds an unauthenticated JMX/RMI interface to all network interfaces, which allows remote attackers to execute arbitrary Java code via an RMI request.2015-04-037.5CVE-2015-0225
BUGTRAQ
MLIST
MISC
apple -- apple_tvIOHIDFamily in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted HID device.2015-04-107.2CVE-2015-1095
CONFIRM
CONFIRM
CONFIRM
APPLE
APPLE
APPLE
apple -- apple_tvThe kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 does not properly handle TCP headers, which allows man-in-the-middle attackers to cause a denial of service via unspecified vectors.2015-04-107.1CVE-2015-1102
CONFIRM
CONFIRM
CONFIRM
APPLE
APPLE
APPLE
apple -- apple_tvThe kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 makes routing changes in response to ICMP_REDIRECT messages, which allows remote attackers to cause a denial of service (network outage) or obtain sensitive packet-content information via a crafted ICMP packet.2015-04-107.5CVE-2015-1103
CONFIRM
CONFIRM
CONFIRM
APPLE
APPLE
APPLE
apple -- mac_os_xThe XPC implementation in Admin Framework in Apple OS X before 10.10.3 allows local users to bypass authentication and obtain admin privileges via unspecified vectors.2015-04-107.2CVE-2015-1130
CONFIRM
APPLE
apple -- mac_os_xfontd in Apple Type Services (ATS) in Apple OS X before 10.10.3 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-1132, CVE-2015-1133, CVE-2015-1134, and CVE-2015-1135.2015-04-107.2CVE-2015-1131
CONFIRM
APPLE
apple -- mac_os_xfontd in Apple Type Services (ATS) in Apple OS X before 10.10.3 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-1131, CVE-2015-1133, CVE-2015-1134, and CVE-2015-1135.2015-04-1010.0CVE-2015-1132
CONFIRM
APPLE
apple -- mac_os_xfontd in Apple Type Services (ATS) in Apple OS X before 10.10.3 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-1131, CVE-2015-1132, CVE-2015-1134, and CVE-2015-1135.2015-04-107.2CVE-2015-1133
CONFIRM
APPLE
apple -- mac_os_xfontd in Apple Type Services (ATS) in Apple OS X before 10.10.3 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-1131, CVE-2015-1132, CVE-2015-1133, and CVE-2015-1135.2015-04-107.2CVE-2015-1134
CONFIRM
APPLE
apple -- mac_os_xfontd in Apple Type Services (ATS) in Apple OS X before 10.10.3 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-1131, CVE-2015-1132, CVE-2015-1133, and CVE-2015-1134.2015-04-107.2CVE-2015-1135
CONFIRM
APPLE
apple -- mac_os_xThe NVIDIA graphics driver in Apple OS X before 10.10.3 allows local users to gain privileges or cause a denial of service (NULL pointer dereference) via an unspecified IOService userclient type.2015-04-107.2CVE-2015-1137
CONFIRM
APPLE
apple -- mac_os_xBuffer overflow in IOHIDFamily in Apple OS X before 10.10.3 allows local users to gain privileges via unspecified vectors.2015-04-107.2CVE-2015-1140
CONFIRM
APPLE
apple -- mac_os_xLaunchServices in Apple OS X before 10.10.3 allows local users to gain privileges via a crafted localized string, related to a "type confusion" issue.2015-04-107.2CVE-2015-1143
CONFIRM
APPLE
apple -- mac_os_xBuffer overflow in the UniformTypeIdentifiers component in Apple OS X before 10.10.3 allows local users to gain privileges via a crafted Uniform Type Identifier.2015-04-107.2CVE-2015-1144
CONFIRM
APPLE
apple -- xcodeInteger overflow in the simulator in Swift in Apple Xcode before 6.3 allows context-dependent attackers to cause a denial of service or possibly have unspecified other impact by triggering an incorrect result of a type conversion.2015-04-107.5CVE-2015-1149
CONFIRM
APPLE
arj_software -- arj_archiverBuffer overflow in Open-source ARJ archiver 3.10.22 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ARJ archive.2015-04-087.5CVE-2015-2782
MLIST
MLIST
DEBIAN
c-board_moyuku_project -- c-board_moyukuUnrestricted file upload vulnerability in app/lib/mlf.pl in C-BOARD Moyuku before 1.03b3 allows remote attackers to execute arbitrary code by uploading a file with a \0 character in its name.2015-04-057.5CVE-2015-0877
CONFIRM
JVNDB
JVN
ca -- spectrumCA Spectrum 9.2.x and 9.3.x before 9.3 H02 does not properly validate serialized Java objects, which allows remote authenticated users to obtain administrative privileges via crafted object data.2015-04-079.0CVE-2015-2828
CONFIRM
cisco -- unity_connectionThe Connection Conversation Manager (aka CuCsMgr) process in Cisco Unity Connection 8.5 before 8.5(1)SU6, 8.6 before 8.6(2a)SU4, and 9.x before 9.1(2)SU2, when SIP trunk integration is enabled, allows remote attackers to cause a denial of service (SIP outage) via a crafted UDP packet, aka Bug ID CSCuh25062.2015-04-037.1CVE-2015-0612
SECTRACK
CISCO
cisco -- unity_connectionThe Connection Conversation Manager (aka CuCsMgr) process in Cisco Unity Connection 8.5 before 8.5(1)SU7, 8.6 before 8.6(2a)SU4, 9.x before 9.1(2)SU2, and 10.0 before 10.0(1)SU1, when SIP trunk integration is enabled, allows remote attackers to cause a denial of service (core dump and restart) via crafted SIP INVITE messages, aka Bug ID CSCul20444.2015-04-037.1CVE-2015-0613
SECTRACK
CISCO
cisco -- unity_connectionThe Connection Conversation Manager (aka CuCsMgr) process in Cisco Unity Connection 8.5 before 8.5(1)SU7, 8.6 before 8.6(2a)SU4, 9.x before 9.1(2)SU2, and 10.0 before 10.0(1)SU1, when SIP trunk integration is enabled, allows remote attackers to cause a denial of service (core dump and restart) via crafted SIP INVITE messages, aka Bug ID CSCul26267.2015-04-037.1CVE-2015-0614
SECTRACK
CISCO
cisco -- unity_connectionThe call-handling implementation in Cisco Unity Connection 8.5 before 8.5(1)SU7, 8.6 before 8.6(2a)SU4, 9.x before 9.1(2)SU2, and 10.0 before 10.0(1)SU1, when SIP trunk integration is enabled, allows remote attackers to cause a denial of service (port consumption) by improperly terminating SIP sessions, aka Bug ID CSCul28089.2015-04-037.1CVE-2015-0615
SECTRACK
CISCO
cisco -- unity_connectionThe Connection Conversation Manager (aka CuCsMgr) process in Cisco Unity Connection 8.5 before 8.5(1)SU7, 8.6 before 8.6(2a)SU4, and 9.x before 9.1(2)SU2, when SIP trunk integration is enabled, allows remote attackers to cause a denial of service (core dump and restart) by improperly terminating SIP TCP connections, aka Bug ID CSCul69819.2015-04-037.1CVE-2015-0616
SECTRACK
CISCO
cisco -- prime_data_center_network_managerDirectory traversal vulnerability in the fmserver servlet in Cisco Prime Data Center Network Manager (DCNM) before 7.1(1) allows remote attackers to read arbitrary files via a crafted pathname, aka Bug ID CSCus00241.2015-04-037.8CVE-2015-0666
SECTRACK
CISCO
cisco -- ios_xeCisco IOS XE 3.10.2S on an ASR 1000 device with an Embedded Services Processor (ESP) module, when NAT is enabled, allows remote attackers to cause a denial of service (module crash) via malformed H.323 packets, aka Bug ID CSCup21070.2015-04-037.1CVE-2015-0688
SECTRACK
CISCO
gnu -- glibcThe ADDW macro in stdio-common/vfscanf.c in the GNU C Library (aka glibc or libc6) before 2.21 does not properly consider data-type size during memory allocation, which allows context-dependent attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a long line containing wide characters that are improperly handled in a wscanf call.2015-04-087.5CVE-2015-1472
MLIST
CONFIRM
MLIST
hidemaru -- editorBuffer overflow in Saitoh Kikaku Maruo Editor 8.51 and earlier allows remote attackers to execute arbitrary code via a crafted .hmbook file.2015-04-037.5CVE-2015-0903
JVNDB
JVN
CONFIRM
ibm -- rational_clearcaseThe MSCAPI/MSCNG interface implementation in GSKit in IBM Rational ClearCase 7.1.2.x before 7.1.2.17, 8.0.0.x before 8.0.0.14, and 8.0.1.x before 8.0.1.7 does not properly generate random numbers, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors.2015-04-059.4CVE-2014-6221
CONFIRM
SECTRACK
ibm -- dominoThe LDAP Server in IBM Domino 8.5.x before 8.5.3 FP6 IF6 and 9.x before 9.0.1 FP3 IF1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, aka SPR KLYH9SLRGM.2015-04-0510.0CVE-2015-0117
CONFIRM
SECTRACK
ibm -- tivoli_storage_manager_fastbackFastBack Mount in IBM Tivoli Storage Manager FastBack 6.1.x before 6.1.11.1 allows remote attackers to execute arbitrary code by connecting to the Mount port.2015-04-057.5CVE-2015-0119
CONFIRM
ibm -- dominoBuffer overflow in the SSLv2 implementation in IBM Domino 8.5.x before 8.5.1 FP5 IF3, 8.5.2 before FP4 IF3, 8.5.3 before FP6 IF6, 9.0 before IF7, and 9.0.1 before FP2 IF3 allows remote attackers to execute arbitrary code via unspecified vectors.2015-04-0510.0CVE-2015-0134
CONFIRM
SECTRACK
ibm -- dominoNotes System Diagnostic (NSD) in IBM Domino 8.5.x before 8.5.3 FP6 IF6 and 9.x before 9.0.1 FP3 IF1 allows local users to obtain the System privilege via unspecified vectors, aka SPR TCHL9SST8V.2015-04-057.2CVE-2015-0179
CONFIRM
SECTRACK
linux -- linux_kernelThe IPv4 implementation in the Linux kernel before 3.18.8 does not properly consider the length of the Read-Copy Update (RCU) grace period for redirecting lookups in the absence of caching, which allows remote attackers to cause a denial of service (memory consumption or system crash) via a flood of packets.2015-04-057.8CVE-2015-1465
CONFIRM
CONFIRM
UBUNTU
UBUNTU
MLIST
CONFIRM
CONFIRM
oxide_project -- oxideUse-after-free vulnerability in Oxide before 1.5.6 and 1.6.x before 1.6.1 allows remote attackers to cause a denial of service (crash) or possible execute arbitrary code by deleting all WebContents while a RenderProcessHost instance still exists.2015-04-087.5CVE-2015-1317
CONFIRM
UBUNTU
redhat -- openstackThe puppet manifests in the Red Hat openstack-puppet-modules package before 2014.2.13-2 uses a default password of CHANGEME for the pcsd daemon, which allows remote attackers to execute arbitrary shell commands via unspecified vectors.2015-04-1010.0CVE-2015-1842
CONFIRM
REDHAT
REDHAT
simple_ads_manager_project -- simple_ads_managerMultiple SQL injection vulnerabilities in sam-ajax-admin.php in the Simple Ads Manager plugin 2.5.94 and 2.5.96 for WordPress allow remote attackers to execute arbitrary SQL commands via a (1) hits[][] parameter in a sam_hits action; the (2) cstr parameter in a load_posts action; the (3) searchTerm parameter in a load_combo_data action; or the (4) subscriber, (5) contributor, (6) author, (7) editor, (8) admin, or (9) sadmin parameter in a load_users action.2015-04-067.5CVE-2015-2824
BUGTRAQ
BUGTRAQ
FULLDISC
FULLDISC
MISC
Back to top

Medium Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
apache -- subversionThe (1) mod_dav_svn and (2) svnserve servers in Subversion 1.6.0 through 1.7.19 and 1.8.0 through 1.8.11 allow remote attackers to cause a denial of service (assertion failure and abort) via crafted parameter combinations related to dynamically evaluated revision numbers.2015-04-085.0CVE-2015-0248
MANDRIVA
CONFIRM
apache -- subversionThe mod_dav_svn server in Subversion 1.5.0 through 1.7.19 and 1.8.0 through 1.8.11 allows remote authenticated users to spoof the svn:author property via a crafted v1 HTTP protocol request sequences.2015-04-084.0CVE-2015-0251
MANDRIVA
CONFIRM
apache -- flexCross-site scripting (XSS) vulnerability in asdoc/templates/index.html in Apache Flex before 4.14.1 allows remote attackers to inject arbitrary web script or HTML by providing a crafted URI to JavaScript code generated by the asdoc component.2015-04-074.3CVE-2015-1773
BUGTRAQ
apple -- iphone_osCFURL in Apple iOS before 8.3 and Apple OS X before 10.10.3 does not properly validate URLs, which allows remote attackers to execute arbitrary code via a crafted web site.2015-04-106.8CVE-2015-1088
CONFIRM
CONFIRM
APPLE
APPLE
apple -- iphone_osCFNetwork in Apple iOS before 8.3 and Apple OS X before 10.10.3 does not properly handle cookies during processing of redirects in HTTP responses, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.2015-04-105.0CVE-2015-1089
CONFIRM
CONFIRM
APPLE
APPLE
apple -- iphone_osCFNetwork in Apple iOS before 8.3 does not delete HTTP Strict Transport Security (HSTS) state information in response to a Safari history-clearing action, which allows attackers to obtain sensitive information by reading a history file.2015-04-105.0CVE-2015-1090
CONFIRM
APPLE
apple -- iphone_osThe CFNetwork Session component in Apple iOS before 8.3 and Apple OS X before 10.10.3 does not properly handle request headers during processing of redirects in HTTP responses, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.2015-04-104.3CVE-2015-1091
CONFIRM
CONFIRM
APPLE
APPLE
apple -- apple_tvNSXMLParser in Foundation in Apple iOS before 8.3 and Apple TV before 7.2 allows remote attackers to read arbitrary files via an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.2015-04-105.0CVE-2015-1092
CONFIRM
CONFIRM
APPLE
APPLE
apple -- iphone_osFontParser in Apple iOS before 8.3 and Apple OS X before 10.10.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file.2015-04-106.8CVE-2015-1093
CONFIRM
CONFIRM
APPLE
APPLE
apple -- iphone_osiWork in Apple iOS before 8.3 and Apple OS X before 10.10.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted iWork file.2015-04-106.8CVE-2015-1098
CONFIRM
CONFIRM
APPLE
APPLE
apple -- apple_tvThe kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 does not properly determine whether an IPv6 packet had a local origin, which allows remote attackers to bypass an intended network-filtering protection mechanism via a crafted packet.2015-04-105.0CVE-2015-1104
CONFIRM
CONFIRM
CONFIRM
APPLE
APPLE
APPLE
apple -- apple_tvThe TCP implementation in the kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 does not properly implement the Urgent (aka out-of-band data) mechanism, which allows remote attackers to cause a denial of service via crafted packets.2015-04-105.0CVE-2015-1105
CONFIRM
CONFIRM
CONFIRM
APPLE
APPLE
APPLE
apple -- apple_tvThe Podcasts component in Apple iOS before 8.3 and Apple TV before 7.2 allows remote attackers to discover unique identifiers by reading asset-download request data.2015-04-105.0CVE-2015-1110
CONFIRM
CONFIRM
APPLE
APPLE
apple -- iphone_osSafari in Apple iOS before 8.3 does not delete Recently Closed Tabs data in response to a history-clearing action, which allows attackers to obtain sensitive information by reading a history file.2015-04-105.0CVE-2015-1111
CONFIRM
APPLE
apple -- safariApple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, as used on iOS before 8.3 and other platforms, does not properly delete browsing-history data from the history.plist file, which allows attackers to obtain sensitive information by reading this file.2015-04-105.0CVE-2015-1112
CONFIRM
CONFIRM
APPLE
APPLE
apple -- apple_tvlibnetcore in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to cause a denial of service (memory corruption and application crash) via a crafted configuration profile.2015-04-105.0CVE-2015-1118
CONFIRM
CONFIRM
CONFIRM
APPLE
APPLE
APPLE
apple -- apple_tvWebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-04-08-1, APPLE-SA-2015-04-08-3, and APPLE-SA-2015-04-08-4.2015-04-106.8CVE-2015-1119
CONFIRM
CONFIRM
CONFIRM
APPLE
APPLE
APPLE
apple -- apple_tvWebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-04-08-1, APPLE-SA-2015-04-08-3, and APPLE-SA-2015-04-08-4.2015-04-106.8CVE-2015-1120
CONFIRM
CONFIRM
CONFIRM
APPLE
APPLE
APPLE
apple -- apple_tvWebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-04-08-1, APPLE-SA-2015-04-08-3, and APPLE-SA-2015-04-08-4.2015-04-106.8CVE-2015-1121
CONFIRM
CONFIRM
CONFIRM
APPLE
APPLE
APPLE
apple -- apple_tvWebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-04-08-1, APPLE-SA-2015-04-08-3, and APPLE-SA-2015-04-08-4.2015-04-106.8CVE-2015-1122
CONFIRM
CONFIRM
CONFIRM
APPLE
APPLE
APPLE
apple -- apple_tvWebKit, as used in Apple iOS before 8.3 and Apple TV before 7.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-04-08-3 and APPLE-SA-2015-04-08-4.2015-04-106.8CVE-2015-1123
CONFIRM
CONFIRM
APPLE
APPLE
apple -- apple_tvWebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-04-08-1, APPLE-SA-2015-04-08-3, and APPLE-SA-2015-04-08-4.2015-04-106.8CVE-2015-1124
CONFIRM
CONFIRM
CONFIRM
APPLE
APPLE
APPLE
apple -- iphone_osThe touch-events implementation in WebKit in Apple iOS before 8.3 allows remote attackers to trigger an association between a tap and an unintended web resource via a crafted web site.2015-04-104.3CVE-2015-1125
CONFIRM
APPLE
apple -- safariWebKit, as used in Apple iOS before 8.3 and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, does not properly handle the userinfo field in FTP URLs, which allows remote attackers to trigger incorrect resource access via unspecified vectors.2015-04-104.3CVE-2015-1126
CONFIRM
CONFIRM
APPLE
APPLE
apple -- safariThe private-browsing implementation in Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5 allows attackers to obtain sensitive browsing-history information via vectors involving push-notification requests.2015-04-105.0CVE-2015-1128
CONFIRM
APPLE
apple -- safariApple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5 does not properly select X.509 client certificates, which makes it easier for remote attackers to track users via a crafted web site.2015-04-104.3CVE-2015-1129
CONFIRM
APPLE
apple -- mac_os_xUse-after-free vulnerability in CoreAnimation in Apple OS X before 10.10.3 allows remote attackers to execute arbitrary code by leveraging improper use of a mutex.2015-04-106.8CVE-2015-1136
CONFIRM
APPLE
apple -- mac_os_xHypervisor in Apple OS X before 10.10.3 allows local users to cause a denial of service via unspecified vectors.2015-04-104.9CVE-2015-1138
CONFIRM
APPLE
apple -- mac_os_xImageIO in Apple OS X before 10.10.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted .sgi file.2015-04-106.8CVE-2015-1139
CONFIRM
APPLE
apple -- mac_os_xThe mach_vm_read functionality in the kernel in Apple OS X before 10.10.3 allows local users to cause a denial of service (system crash) via unspecified vectors.2015-04-104.9CVE-2015-1141
CONFIRM
APPLE
apple -- mac_os_xOpen Directory Client in Apple OS X before 10.10.3 sends unencrypted password-change requests in certain circumstances involving missing certificates, which allows remote attackers to obtain sensitive information by sniffing the network.2015-04-105.0CVE-2015-1147
CONFIRM
APPLE
apple -- mac_os_xScreen Sharing in Apple OS X before 10.10.3 stores the password of a user in a log file, which might allow context-dependent attackers to obtain sensitive information by reading this file.2015-04-105.0CVE-2015-1148
CONFIRM
APPLE
arj_software -- arj_archiverOpen-source ARJ archiver 3.10.22 allows remote attackers to conduct directory traversal attacks via a symlink attack in an ARJ archive.2015-04-085.8CVE-2015-0556
CONFIRM
MLIST
MLIST
DEBIAN
arj_software -- arj_archiverOpen-source ARJ archiver 3.10.22 does not properly remove leading slashes from paths, which allows remote attackers to conduct absolute path traversal attacks and write to arbitrary files via multiple leading slashes in a path in an ARJ archive.2015-04-085.8CVE-2015-0557
CONFIRM
MLIST
MLIST
DEBIAN
bblog_project -- bblogCross-site request forgery (CSRF) vulnerability in bBlog allows remote attackers to hijack the authentication of arbitrary users.2015-04-076.8CVE-2015-0905
MISC
JVNDB
JVN
cisco -- unified_communications_domain_managerCisco Unified Communications Domain Manager 8.1(4) allows remote authenticated users to execute arbitrary code by visiting a "deprecated page," aka Bug ID CSCup90168.2015-04-036.5CVE-2015-0682
SECTRACK
CISCO
cisco -- unified_communications_domain_managerCisco Unified Communications Domain Manager 8.1(4) allows remote authenticated users to obtain sensitive information via a file-inclusion attack, aka Bug ID CSCup94744.2015-04-034.0CVE-2015-0683
SECTRACK
CISCO
cisco -- unified_communications_domain_managerSQL injection vulnerability in the Image Management component in Cisco Unified Communications Domain Manager 8.1(4) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuq52515.2015-04-036.5CVE-2015-0684
SECTRACK
CISCO
cisco -- wireless_lan_controller_softwareCross-site scripting (XSS) vulnerability in the HTML help system on Cisco Wireless LAN Controller (WLC) devices before 8.0 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCun95178.2015-04-064.3CVE-2015-0690
SECTRACK
CISCO
emc -- powerpath_virtual_applianceEMC PowerPath Virtual Appliance (aka vApp) before 2.0 has default passwords for the (1) emcupdate and (2) svcuser accounts, which makes it easier for remote attackers to obtain potentially sensitive information via a login session.2015-04-045.0CVE-2015-0529
BUGTRAQ
MISC
ericsson -- drutt_mobile_service_delivery_platformMultiple cross-site scripting (XSS) vulnerabilities in the Report Viewer in Ericsson Drutt Mobile Service Delivery Platform (MSDP) 4, 5, and 6 allow remote attackers to inject arbitrary web script or HTML via the (1) portal, (2) fromDate, (3) toDate, (4) fromTime, (5) toTime, (6) kword, (7) uname, (8) pname, (9) sname, (10) atype, or (11) atitle parameter to top-links.jsp; (12) portal or (13) uid parameter to (a) page-summary.jsp or (b) service-summary.jsp; (14) portal, (15) fromDate, (16) toDate, (17) fromTime, (18) toTime, (19) sortDirection, (20) kword, (21) uname, (22) pname, (23) sname, (24) file, (25) atype, or (26) atitle parameter to (a) top-useragent-devices.jsp or (b) top-interest-areas.jsp; (27) fromDate, (28) toDate, (29) fromTime, (30) toTime, (31) sortDirection, (32) kword, (33) uname, (34) pname, (35) sname, (36) file, (37) atype, or (38) atitle parameter to top-message-services.jsp; (39) portal, (40) fromDate, (41) toDate, (42) fromTime, (43) toTime, (44) orderBy, (45) sortDirection, (46) kword, (47) uname, (48) pname, (49) sname, (50) file, (51) atype, or (52) atitle parameter to (a) user-statistics.jsp, (b) top-web-pages.jsp, (c) top-devices.jsp, (d) top-pages.jsp, (e) session-summary.jsp, (f) top-providers.jsp, (g) top-modules.jsp, or (h) top-services.jsp; (53) fromDate, (54) toDate, (55) fromTime, (56) toTime, (57) orderBy, (58) sortDirection, (59) uid, (60) uid2, (61) kword, (62) uname, (63) pname, (64) sname, (65) file, (66) atype, or (67) atitle parameter to message-shortcode-summary.jsp; (68) fromDate, (69) toDate, (70) fromTime, (71) toTime, (72) orderBy, (73) sortDirection, (74) uid, (75) kword, (76) uname, (77) pname, (78) sname, (79) file, (80) atype, or (81) atitle parameter to (a) message-providers-summary.jsp or (b) message-services-summary.jsp; (82) kword, (83) uname, (84) pname, (85) sname, (86) file, (87) atype, or (88) atitle parameter to license-summary.jsp; (89) portal, (90) fromDate, (91) toDate, (92) fromTime, (93) toTime, (94) orderBy, (95) sortDirection, (96) uid, (97) uid2, (98) kword, (99) uname, (100) pname, (101) sname, (102) file, (103) atype, or (104) atitle parameter to useragent-device-summary.jsp; (105) fromDate, (106) toDate, (107) fromTime, (108) toTime, (109) orderBy, (110) sortDirection, (111) kword, (112) uname, (113) pname, (114) sname, (115) file, (116) atype, or (117) atitle parameter to (a) top-message-providers.jsp, (b) top-message-devices.jsp, (c) top-message-assets.jsp, (d) top-message-downloads.jsp, or (e) top-message-shortcode.jsp; (118) fromDate, (119) toDate, (120) fromTime, (121) toTime, (122) kword, (123) uname, (124) pname, (125) sname, (126) file, (127) atype, or (128) atitle parameter to request-summary.jsp; (129) portal parameter to link-summary-select.jsp, (130) provider-summary-select.jsp, or (131) module-summary-select.jsp; (132) portal, (133) uid, (134) kword, (135) uname, (136) pname, (137) sname, (138) file, (139) atype, or (140) atitle parameter to link-summary.jsp; (141) portal, (142) fromDate, (143) toDate, (144) fromTime, (145) toTime, (146) orderBy, (147) sortDirection, (148) uid, (149) kword, (150) uname, (151) pname, (152) sname, (153) file, (154) atype, or (155) atitle parameter to (a) provider-summary.jsp or (b) module-summary.jsp in reports/pages/.2015-04-064.3CVE-2015-2165
MISC
ericsson -- drutt_mobile_service_delivery_platformDirectory traversal vulnerability in the Instance Monitor in Ericsson Drutt Mobile Service Delivery Platform (MSDP) 4, 5, and 6 allows remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the default URI.2015-04-065.0CVE-2015-2166
MISC
ericsson -- drutt_mobile_service_delivery_platformOpen redirect vulnerability in the 3PI Manager in Ericsson Drutt Mobile Service Delivery Platform (MSDP) 4, 5, and 6 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter to jsp/start-3pi-manager.jsp.2015-04-065.8CVE-2015-2167
MISC
gnu -- glibcThe ADDW macro in stdio-common/vfscanf.c in the GNU C Library (aka glibc or libc6) before 2.21 does not properly consider data-type size during a risk-management decision for use of the alloca function, which might allow context-dependent attackers to cause a denial of service (segmentation violation) or overwrite memory locations beyond the stack boundary via a long line containing wide characters that are improperly handled in a wscanf call.2015-04-086.4CVE-2015-1473
CONFIRM
MLIST
ibm -- websphere_datapower_xc10_appliance_firmwareThe IBM WebSphere DataPower XC10 appliance 2.1 before 2.1.0.3 allows remote attackers to hijack the sessions of arbitrary users, and consequently obtain sensitive information or modify data, via unspecified vectors.2015-04-056.8CVE-2015-1893
CONFIRM
SECTRACK
AIXAPAR
mcafee -- advanced_threat_defenseMcAfee Advanced Threat Defense (MATD) before 3.4.4.63 allows remote authenticated users to bypass intended restrictions and change or update configuration settings via crafted parameters.2015-04-085.5CVE-2015-3028
CONFIRM
mcafee -- advanced_threat_defenseThe web interface in McAfee Advanced Threat Defense (MATD) before 3.4.4.63 does not properly restrict access, which allows remote authenticated users to obtain sensitive information via unspecified vectors.2015-04-084.0CVE-2015-3029
CONFIRM
mcafee -- advanced_threat_defenseThe web interface in McAfee Advanced Threat Defense (MATD) before 3.4.4.63 allows remote authenticated users to obtain sensitive configuration information via unspecified vectors.2015-04-084.0CVE-2015-3030
CONFIRM
mozilla -- firefoxThe Reader mode feature in Mozilla Firefox before 37.0.1 on Android, and Desktop Firefox pre-release, does not properly handle privileged URLs, which makes it easier for remote attackers to execute arbitrary JavaScript code with chrome privileges by leveraging the ability to bypass the Same Origin Policy.2015-04-085.0CVE-2015-0798
CONFIRM
CONFIRM
mozilla -- firefoxThe HTTP Alternative Services feature in Mozilla Firefox before 37.0.1 allows man-in-the-middle attackers to bypass an intended X.509 certificate-verification step for an SSL server by specifying that server in the uri-host field of an Alt-Svc HTTP/2 response header.2015-04-084.3CVE-2015-0799
CONFIRM
CONFIRM
ntp -- ntpThe symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP 3.x and 4.x before 4.2.8p2 performs state-variable updates upon receiving certain invalid packets, which makes it easier for man-in-the-middle attackers to cause a denial of service (synchronization loss) by spoofing the source IP address of a peer.2015-04-084.3CVE-2015-1799
CERT-VN
CONFIRM
CONFIRM
pfsense -- pfsenseCross-site request forgery (CSRF) vulnerability in system_firmware_restorefullbackup.php in the WebGUI in pfSense before 2.2.1 allows remote attackers to hijack the authentication of administrators for requests that delete arbitrary files via the deletefile parameter.2015-04-106.8CVE-2015-2295
CONFIRM
MISC
BUGTRAQ
MISC
qualiteam -- x-cartCross-site scripting (XSS) vulnerability in admin.php in X-Cart 5.1.6 through 5.1.10 allows remote attackers to inject arbitrary web script or HTML via the substring parameter.2015-04-044.3CVE-2015-0950
CERT-VN
CONFIRM
qualiteam -- x-cartX-Cart before 5.1.11 allows remote authenticated users to read or delete address data of arbitrary accounts via a modified (1) update or (2) remove request.2015-04-046.5CVE-2015-0951
CERT-VN
CONFIRM
quassel-irc -- quasselQuassel before 0.12-rc1 uses an incorrect data-type size when splitting a message, which allows remote attackers to cause a denial of service (crash) via a long CTCP query containing only multibyte characters.2015-04-105.0CVE-2015-2778
CONFIRM
MLIST
MLIST
MLIST
SUSE
redhat -- dockerThe Red Hat docker package before 1.5.0-28, when using the --add-registry option, falls back to HTTP when the HTTPS connection to the registry fails, which allows man-in-the-middle attackers to conduct downgrade attacks and obtain authentication and image data by leveraging a network position between the client and the registry to block HTTPS traffic. NOTE: this vulnerability exists because of a CVE-2014-5277 regression.2015-04-064.3CVE-2015-1843
CONFIRM
REDHAT
saurus -- saurus_cmsMultiple cross-site scripting (XSS) vulnerabilities in the print_language_selectbox function in classes/adminpage.inc.php in Saurus CMS Community Edition before 4.7 2015-02-04 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.2015-04-064.3CVE-2015-0876
CONFIRM
JVNDB
JVN
schneider-electric -- vampsetMultiple buffer overflows in Schneider Electric VAMPSET before 2.2.168 allow local users to gain privileges via malformed disturbance-recording data in a (1) CFG or (2) DAT file.2015-04-034.4CVE-2014-8390
MISC
CONFIRM
BUGTRAQ
MISC
siemens -- simatic_step_7Siemens SIMATIC STEP 7 (TIA Portal) 12 and 13 before 13 SP1 Upd1 allows man-in-the-middle attackers to obtain sensitive information or modify transmitted data via unspecified vectors.2015-04-056.8CVE-2015-1601
CONFIRM
siemens -- winccSiemens SIMATIC HMI Comfort Panels before WinCC (TIA Portal) 13 SP1 Upd2 and SIMATIC WinCC Runtime Advanced before WinCC (TIA Portal) 13 SP1 Upd2 allow man-in-the-middle attackers to cause a denial of service via crafted packets on TCP port 102.2015-04-084.3CVE-2015-2822
CONFIRM
siemens -- winccSiemens SIMATIC HMI Basic Panels 2nd Generation before WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC HMI Comfort Panels before WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC WinCC Runtime Advanced before WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC WinCC Runtime Professional before WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC HMI Basic Panels 1st Generation (WinCC TIA Portal), SIMATIC HMI Mobile Panel 277 (WinCC TIA Portal), SIMATIC HMI Multi Panels (WinCC TIA Portal), and SIMATIC WinCC 7.x before 7.3 Upd4 allow remote attackers to complete authentication by leveraging knowledge of a password hash without knowledge of the associated password.2015-04-086.8CVE-2015-2823
CONFIRM
Back to top

Low Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
apple -- iphone_osAppleKeyStore in Apple iOS before 8.3 does not properly restrict a certain passcode-confirmation interface, which makes it easier for attackers to verify correct passcode guesses via a crafted app.2015-04-101.9CVE-2015-1085
CONFIRM
APPLE
apple -- iphone_osDirectory traversal vulnerability in Backup in Apple iOS before 8.3 allows attackers to read arbitrary files via a crafted relative path.2015-04-102.1CVE-2015-1087
CONFIRM
APPLE
apple -- iphone_osThe QuickType feature in the Keyboards subsystem in Apple iOS before 8.3 allows physically proximate attackers to discover passcodes by reading the lock screen during use of a Bluetooth keyboard.2015-04-102.1CVE-2015-1106
CONFIRM
APPLE
apple -- iphone_osThe Lock Screen component in Apple iOS before 8.3 does not properly implement the erasure feature for incorrect passcode-authentication attempts, which makes it easier for physically proximate attackers to obtain access by making many passcode guesses.2015-04-101.9CVE-2015-1107
CONFIRM
APPLE
apple -- iphone_osThe Lock Screen component in Apple iOS before 8.3 does not properly enforce the limit on incorrect passcode-authentication attempts, which makes it easier for physically proximate attackers to obtain access by making many passcode guesses.2015-04-102.1CVE-2015-1108
CONFIRM
APPLE
apple -- iphone_osNetworkExtension in Apple iOS before 8.3 stores credentials in VPN configuration logs, which makes it easier for physically proximate attackers to obtain sensitive information by reading a log file.2015-04-102.1CVE-2015-1109
CONFIRM
APPLE
apple -- iphone_osThe UIKit View component in Apple iOS before 8.3 displays unblurred application snapshots in the Task Switcher, which makes it easier for physically proximate attackers to obtain sensitive information by reading the device screen.2015-04-102.1CVE-2015-1116
CONFIRM
APPLE
apple -- safariThe private-browsing implementation in WebKit in Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5 places browsing history into an index, which might allow local users to obtain sensitive information by reading index entries.2015-04-102.1CVE-2015-1127
CONFIRM
APPLE
apple -- mac_os_xLaunchServices in Apple OS X before 10.10.3 allows local users to cause a denial of service (Finder crash) via crafted localization data.2015-04-102.1CVE-2015-1142
CONFIRM
APPLE
apple -- mac_os_xThe Code Signing implementation in Apple OS X before 10.10.3 does not properly validate signatures, which allows local users to bypass intended access restrictions via a crafted bundle, a different vulnerability than CVE-2015-1146.2015-04-101.9CVE-2015-1145
CONFIRM
APPLE
apple -- mac_os_xThe Code Signing implementation in Apple OS X before 10.10.3 does not properly validate signatures, which allows local users to bypass intended access restrictions via a crafted bundle, a different vulnerability than CVE-2015-1145.2015-04-101.9CVE-2015-1146
CONFIRM
APPLE
ca -- spectrumCross-site scripting (XSS) vulnerability in CA Spectrum 9.2.x and 9.3.x before 9.3 H02 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.2015-04-073.5CVE-2015-2827
CONFIRM
freebsd -- freebsdThe bsdinstall installer in FreeBSD 10.x before 10.1 p9, when configuring full disk encrypted ZFS, uses world-readable permissions for the GELI keyfile (/boot/encryption.key), which allows local users to obtain sensitive key information by reading the file.2015-04-102.1CVE-2015-1415
FREEBSD
SECTRACK
BUGTRAQ
MISC
hp -- intelligent_provisioningUnspecified vulnerability in HP Intelligent Provisioning 1.40 through 1.60 on Windows Server 2008 R2 and 2012 allows local users to obtain sensitive information via unknown vectors.2015-04-032.1CVE-2015-2111
HP
ibm -- general_parallel_file_system/usr/lpp/mmfs/bin/gpfs.snap in IBM General Parallel File System (GPFS) 4.1 before 4.1.0.7 produces an archive potentially containing cleartext keys, and lacks a warning about reviewing this archive to detect included keys, which might allow remote attackers to obtain sensitive information by leveraging access to a technical-support data stream.2015-04-053.5CVE-2015-1890
CONFIRM
ntp -- ntpThe symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p2 requires a correct MAC only if the MAC field has a nonzero length, which makes it easier for man-in-the-middle attackers to spoof packets by omitting the MAC.2015-04-081.8CVE-2015-1798
CERT-VN
CONFIRM
CONFIRM
siemens -- simatic_step_7Siemens SIMATIC STEP 7 (TIA Portal) 12 and 13 before 13 SP1 Upd1 improperly stores password data within project files, which makes it easier for local users to determine cleartext (1) protection-level passwords or (2) web-server passwords by leveraging the ability to read these files.2015-04-052.1CVE-2015-1602
CONFIRM
xen -- xendrivers/xen/usbback/usbback.c in linux-2.6.18-xen-3.4.0 (aka the Xen 3.4.x support patches for the Linux kernel 2.6.18), as used in the Linux kernel 2.6.x and 3.x in SUSE Linux distributions, allows guest OS users to obtain sensitive information from uninitialized locations in host OS kernel memory via unspecified vectors.2015-04-052.1CVE-2015-0777
CONFIRM
SUSE
Back to top

This product is provided subject to this Notification and this Privacy & Use policy.

Was this document helpful?  Yes  |  Somewhat  |  No

Back to Top