Vulnerability Summary for the Week of August 31, 2015
Released
Sep 07, 2015
Document ID
SB15-250
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
High Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| call-cc -- chicken | Buffer overflow in CHICKEN 4.9.0.x before 4.9.0.2, 4.9.x before 4.9.1, and before 5.0 allows attackers to have unspecified impact via a positive START argument to the "substring-index[-ci] procedures." | 2015-08-28 | 7.5 | CVE-2014-9651 MLIST MLIST |
| check_mk_project -- check_mk | Check_MK 1.2.2p2, 1.2.2p3, and 1.2.3i5 allows remote authenticated users to execute arbitrary Python code via a crafted rules.mk file in a snapshot. NOTE: this can be exploited by remote attackers by leveraging CVE-2014-2330. | 2015-08-31 | 8.5 | CVE-2014-2331 BUGTRAQ BUGTRAQ |
| cisco -- integrated_management_controller_supervisor | The JavaServer Pages (JSP) component in Cisco Integrated Management Controller (IMC) Supervisor before 1.0.0.1 and UCS Director (formerly Cloupia Unified Infrastructure Controller) before 5.2.0.1 allows remote attackers to write to arbitrary files via crafted HTTP requests, aka Bug IDs CSCus36435 and CSCus62625. | 2015-09-03 | 9.4 | CVE-2015-6259 CISCO |
| cisco -- ios_xe | Cisco IOS XE before 2.2.3 on ASR 1000 devices allows remote attackers to cause a denial of service (Embedded Services Processor crash) via a crafted L2TP packet, aka Bug IDs CSCsw95722 and CSCsw95496. | 2015-08-28 | 7.8 | CVE-2015-6267 CISCO |
| cisco -- ios_xe | Cisco IOS XE before 2.2.3 on ASR 1000 devices allows remote attackers to cause a denial of service (Embedded Services Processor crash) via a crafted IPv4 UDP packet, aka Bug ID CSCsw95482. | 2015-08-28 | 7.8 | CVE-2015-6268 CISCO |
| cisco -- ios_xe | Cisco IOS XE before 2.2.3 on ASR 1000 devices allows remote attackers to cause a denial of service (Embedded Services Processor crash) via a crafted (1) IPv4 or (2) IPv6 packet, aka Bug ID CSCsw69990. | 2015-08-31 | 7.8 | CVE-2015-6269 CISCO |
| cisco -- ios_xe | Cisco IOS XE before 2.2.3 on ASR 1000 devices allows remote attackers to cause a denial of service (Embedded Services Processor crash) via a crafted IPv6 packet, aka Bug ID CSCsv98555. | 2015-08-31 | 7.8 | CVE-2015-6270 CISCO |
| cisco -- ios_xe | Cisco IOS XE 2.1.0 through 2.4.3 and 2.5.0 on ASR 1000 devices, when NAT Application Layer Gateway is used, allows remote attackers to cause a denial of service (Embedded Services Processor crash) via a crafted SIP packet, aka Bug IDs CSCta74749 and CSCta77008. | 2015-08-31 | 7.8 | CVE-2015-6271 CISCO |
| cisco -- ios_xe | Cisco IOS XE 2.1.0 through 2.2.3 and 2.3.0 on ASR 1000 devices, when NAT Application Layer Gateway is used, allows remote attackers to cause a denial of service (Embedded Services Processor crash) via a crafted H.323 packet, aka Bug ID CSCsx35393, CSCsx07094, and CSCsw93064. | 2015-08-31 | 7.8 | CVE-2015-6272 CISCO |
| cisco -- ios_xe | Cisco IOS XE before 3.1.2S on ASR 1000 devices mishandles the automatic setup of Virtual Fragment Reassembly (VFR) by certain firewall and NAT components, which allows remote attackers to cause a denial of service (Embedded Services Processor crash) via crafted IP packets, aka Bug IDs CSCtf87624, CSCte93229, CSCtd19103, and CSCti63623. | 2015-08-28 | 7.8 | CVE-2015-6273 CISCO |
| cyberoam -- cr500ing-xp | SQL injection vulnerability in the Sophos Cyberoam CR500iNG-XP firewall appliance with CyberoamOS 10.6.2 MR-1 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter to login.xml. | 2015-09-04 | 7.5 | CVE-2015-6811 EXPLOIT-DB MISC |
| emc -- atmos | The XML parser in EMC Atmos before 2.2.3.426 and 2.3.x before 2.3.1.0 allows remote authenticated users to read arbitrary files or cause a denial of service (CPU and memory consumption) via an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | 2015-09-03 | 7.5 | CVE-2015-4538 BUGTRAQ |
| emc -- documentum_content_server | EMC Documentum Content Server before 7.1P20 and 7.2.x before 7.2P04 does not properly verify authorization for dm_job object access, which allows remote authenticated users to obtain superuser privileges via crafted object operations. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-4626. | 2015-09-03 | 9.0 | CVE-2015-4544 BUGTRAQ |
| fortinet -- forticlient | The (1) mdare64_48.sys, (2) mdare32_48.sys, (3) mdare32_52.sys, and (4) mdare64_52.sys drivers in Fortinet FortiClient before 5.2.4 allows local users to write to arbitrary memory locations via a 0x226108 ioctl call. | 2015-09-03 | 7.2 | CVE-2015-5735 SECTRACK CONFIRM MISC |
| fortinet -- forticlient | The Fortishield.sys driver in Fortinet FortiClient before 5.2.4 allows local users to execute arbitrary code with kernel privileges by setting the callback function in a (1) 0x220024 or (2) 0x220028 ioctl call. | 2015-09-03 | 7.2 | CVE-2015-5736 SECTRACK CONFIRM MISC |
| fortinet -- forticlient | The (1) mdare64_48.sys, (2) mdare32_48.sys, (3) mdare32_52.sys, (4) mdare64_52.sys, and (5) Fortishield.sys drivers in Fortinet FortiClient before 5.2.4 do not properly restrict access to the API for management of processes and the Windows registry, which allows local users to obtain a privileged handle to a PID and possibly have unspecified other impact, as demonstrated by a 0x2220c8 ioctl call. | 2015-09-03 | 7.2 | CVE-2015-5737 SECTRACK CONFIRM MISC |
| gnu -- gnutls | Double free vulnerability in lib/x509/x509_ext.c in GnuTLS before 3.3.14 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted CRL distribution point. | 2015-09-02 | 7.5 | CVE-2015-3308 CONFIRM CONFIRM UBUNTU MLIST MLIST |
| google -- chrome | Use-after-free vulnerability in the SkMatrix::invertNonIdentity function in core/SkMatrix.cpp in Skia, as used in Google Chrome before 45.0.2454.85, allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering the use of matrix elements that lead to an infinite result during an inversion calculation. | 2015-09-03 | 7.5 | CVE-2015-1294 CONFIRM CONFIRM CONFIRM |
| google -- chrome | Multiple use-after-free vulnerabilities in the PrintWebViewHelper class in components/printing/renderer/print_web_view_helper.cc in Google Chrome before 45.0.2454.85 allow user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact by triggering nested IPC messages during preparation for printing, as demonstrated by messages associated with PDF documents in conjunction with messages about printer capabilities. | 2015-09-03 | 7.5 | CVE-2015-1295 CONFIRM CONFIRM CONFIRM |
| google -- chrome | The WebRequest API implementation in extensions/browser/api/web_request/web_request_api.cc in Google Chrome before 45.0.2454.85 does not properly consider a request's source before accepting the request, which allows remote attackers to bypass intended access restrictions via a crafted (1) app or (2) extension. | 2015-09-03 | 7.5 | CVE-2015-1297 CONFIRM CONFIRM CONFIRM |
| google -- chrome | Use-after-free vulnerability in the shared-timer implementation in Blink, as used in Google Chrome before 45.0.2454.85, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging erroneous timer firing, related to ThreadTimers.cpp and Timer.cpp. | 2015-09-03 | 7.5 | CVE-2015-1299 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
| google -- chrome | Multiple unspecified vulnerabilities in Google Chrome before 45.0.2454.85 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | 2015-09-03 | 7.5 | CVE-2015-1301 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
| google -- chrome | Multiple unspecified vulnerabilities in Google V8 before 4.5.103.29, as used in Google Chrome before 45.0.2454.85, allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | 2015-09-03 | 7.5 | CVE-2015-6580 CONFIRM |
| google -- chrome | Double free vulnerability in the opj_j2k_copy_default_tcp_and_create_tcd function in j2k.c in OpenJPEG before r3002, as used in PDFium in Google Chrome before 45.0.2454.85, allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by triggering a memory-allocation failure. | 2015-09-03 | 7.5 | CVE-2015-6581 CONFIRM CONFIRM CONFIRM CONFIRM |
| gsm -- sim_card_editor | Stack-based buffer overflow in GSM SIM Utility (aka SIM Card Editor) 6.6 allows remote attackers to execute arbitrary code via a long entry in a .sms file. | 2015-08-28 | 10.0 | CVE-2015-1171 MISC MISC MISC |
| hp -- intelligent_provisioning | Unspecified vulnerability in HP Intelligent Provisioning 1.00 through 1.62(a), 2.00, and 2.10 allows remote attackers to execute arbitrary code via unknown vectors. | 2015-08-31 | 10.0 | CVE-2015-2135 HP |
| invisionpower -- invision_power_board | Invision Power Services IPS Community Suite (aka Invision Power Board, IPB, or Power Board) before 4.0.12.1 allows remote attackers to cause a denial of service (loop and memory consumption) via a crafted URL. | 2015-09-04 | 7.8 | CVE-2015-6812 CONFIRM |
| ippusbxd_project -- ippusbxd | IPPUSBXD before 1.22 listens on all interfaces, which allows remote attackers to obtain access to USB connected printers via a direct request. | 2015-09-01 | 7.5 | CVE-2015-6520 CONFIRM CONFIRM UBUNTU MLIST MLIST |
| linux -- linux_kernel | arch/x86/entry/entry_64.S in the Linux kernel before 4.1.6 on the x86_64 platform improperly relies on espfix64 during nested NMI processing, which allows local users to gain privileges by triggering an NMI within a certain instruction window. | 2015-08-31 | 7.2 | CVE-2015-3290 CONFIRM CONFIRM MLIST MLIST CONFIRM CONFIRM |
| linux -- linux_kernel | Array index error in the tcm_vhost_make_tpg function in drivers/vhost/scsi.c in the Linux kernel before 4.0 might allow guest OS users to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted VHOST_SCSI_SET_ENDPOINT ioctl call. NOTE: the affected function was renamed to vhost_scsi_make_tpg before the vulnerability was announced. | 2015-08-31 | 7.2 | CVE-2015-4036 CONFIRM CONFIRM MLIST CONFIRM |
| linux -- linux_kernel | arch/x86/entry/entry_64.S in the Linux kernel before 4.1.6 on the x86_64 platform mishandles IRET faults in processing NMIs that occurred during userspace execution, which might allow local users to gain privileges by triggering an NMI. | 2015-08-31 | 7.2 | CVE-2015-5157 CONFIRM MLIST CONFIRM CONFIRM |
| linux -- linux_kernel | The (1) udp_recvmsg and (2) udpv6_recvmsg functions in the Linux kernel before 4.0.6 do not properly consider yielding a processor, which allows remote attackers to cause a denial of service (system hang) via incorrect checksums within a UDP packet flood. | 2015-08-31 | 7.8 | CVE-2015-5364 MISC CONFIRM CONFIRM MLIST CONFIRM CONFIRM |
| mediawiki -- mediawiki | The ApiBase::getWatchlistUser function in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 does not perform token comparison in constant time, which allows remote attackers to guess the watchlist token and bypass CSRF protection via a timing attack. | 2015-09-01 | 7.5 | CVE-2015-6728 MLIST MLIST MLIST FEDORA |
| mozilla -- firefox | Use-after-free vulnerability in the CanvasRenderingContext2D implementation in Mozilla Firefox before 40.0.3 and Firefox ESR 38.x before 38.2.1 allows remote attackers to execute arbitrary code by leveraging improper interaction between resize events and changes to Cascading Style Sheets (CSS) token sequences for a CANVAS element. | 2015-08-29 | 10.0 | CVE-2015-4497 CONFIRM CONFIRM CONFIRM |
| mozilla -- firefox | The add-on installation feature in Mozilla Firefox before 40.0.3 and Firefox ESR 38.x before 38.2.1 allows remote attackers to bypass an intended user-confirmation requirement by constructing a crafted data: URL and triggering navigation to an arbitrary http: or https: URL at a certain early point in the installation process. | 2015-08-29 | 7.5 | CVE-2015-4498 CONFIRM CONFIRM |
| netsweeper -- netsweeper | WebUpgrade in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to bypass authentication and create a system backup tarball, restart the server, or stop the filters on the server via a ' (single quote) character in the login and password parameters to webupgrade/webupgrade.php. NOTE: this was originally reported as an SQL injection vulnerability, but this may be inaccurate. | 2015-09-04 | 9.4 | CVE-2014-9605 CONFIRM CONFIRM CONFIRM EXPLOIT-DB |
| pacemaker/corosync_configuration_system_project -- pacemaker/corosync_configuration_system | The pcsd web UI in PCS 0.9.139 and earlier allows remote authenticated users to execute arbitrary commands via "escape characters" in a URL. | 2015-09-03 | 8.5 | CVE-2015-5190 CONFIRM REDHAT |
| ricoh -- dl-1_sr10 | Buffer overflow in Ricoh DL FTP Server 1.1.0.6 and earlier allows remote attackers to execute arbitrary code via a long USER command. | 2015-08-31 | 7.5 | CVE-2015-6750 MISC |
| siemens -- simatic_s7_1200_cpu | Cross-site request forgery (CSRF) vulnerability in the web server on Siemens SIMATIC S7-1200 CPU devices with firmware before 4.1.3 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | 2015-08-30 | 7.5 | CVE-2015-5698 MISC CONFIRM |
| tibco -- messaging_appliance | Buffer overflow in the HTTP administrative interface in TIBCO Rendezvous before 8.4.4, Rendezvous Network Server before 1.1.1, Substation ES before 2.9.0, and Messaging Appliance before 8.7.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via unspecified vectors, related to the Rendezvous Daemon (rvd), Routing Daemon (rvrd), Secure Daemon (rvsd), Secure Routing Daemon (rvsrd), Gateway Daemon (rvgd), Daemon Adapter (rvda), Cache (rvcache), Agent (rva), and Relay Agent (rvrad) components. | 2015-08-30 | 7.5 | CVE-2015-4555 CONFIRM CONFIRM |
Medium Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| basware -- banking | Basware Banking (Maksuliikenne) before 9.10.0.0 does not encrypt communication between the client and the backend server, which allows man-in-the-middle attackers to obtain encryption keys, user credentials, and other sensitive information by sniffing the network or modify this traffic by inserting packets into the client-server data stream. | 2015-08-31 | 5.8 | CVE-2015-0943 MISC FULLDISC |
| basware -- banking | Basware Banking (Maksuliikenne) before 8.90.07.X uses a hardcoded password for the ANCO account, which allows remote authenticated users to bypass intended access restrictions by leveraging knowledge of this password. NOTE: this identifier was SPLIT from CVE-2015-0942 per ADT2 and ADT3 due to different vulnerability types and different affected versions. | 2015-08-31 | 6.5 | CVE-2015-6742 MISC FULLDISC |
| basware -- banking | Basware Banking (Maksuliikenne) 8.90.07.X uses a hardcoded password for an unspecified account, which allows remote authenticated users to bypass intended access restrictions by leveraging knowledge of this password. NOTE: this identifier was SPLIT from CVE-2015-0942 per ADT2 and ADT3 due to different vulnerability types and different affected versions. | 2015-08-31 | 6.5 | CVE-2015-6743 MISC FULLDISC |
| basware -- banking | Basware Banking (Maksuliikenne) before 8.90.07.X relies on the client to enforce (1) login verification, (2) audit trail creation, and (3) account locking, which allows remote attackers to "disrupt security-critical functions" by "dropping network traffic." NOTE: this identifier was SPLIT from CVE-2015-0942 per ADT2 and ADT3 due to different vulnerability type and different affected versions. | 2015-08-31 | 4.3 | CVE-2015-6744 MISC FULLDISC |
| basware -- banking | Basware Banking (Maksuliikenne) 8.90.07.X relies on the client to enforce account locking, which allows local users to bypass that security mechanism by deleting the entry from the locking table. NOTE: this identifier was SPLIT from CVE-2015-0942 per ADT2 and ADT3 due to different vulnerability type and different affected versions. NOTE: this vulnerability exists because of an incorrect fix for CVE-2015-6744. | 2015-08-31 | 4.6 | CVE-2015-6745 MISC FULLDISC |
| basware -- banking | Basware Banking (Maksuliikenne) 8.90.07.X does not properly prevent access to private keys, which allows remote attackers to spoof communications with banks via unspecified vectors. NOTE: this identifier was SPLIT from CVE-2015-0942 per ADT2 due to different vulnerability types. NOTE: this vulnerability exists because of an incorrect fix for CVE-2015-6746. | 2015-08-31 | 5.0 | CVE-2015-6747 MISC FULLDISC |
| bedita -- bedita | Multiple cross-site scripting (XSS) vulnerabilities in BEdita before 3.6.0 allow remote attackers to inject arbitrary web script or HTML via the (1) cfg[projectName] parameter to index.php/admin/saveConfig, the (2) data[stats_provider_url] parameter to index.php/areas/saveArea, or the (3) data[description] parameter to index.php/areas/saveSection. | 2015-09-04 | 4.3 | CVE-2015-6809 CONFIRM EXPLOIT-DB CONFIRM |
| bestpractical -- request_tracker | Cross-site scripting (XSS) vulnerability in the cryptography interface in Request Tracker (RT) before 4.2.12 allows remote attackers to inject arbitrary web script or HTML via a crafted public key. | 2015-09-03 | 4.3 | CVE-2015-6506 CONFIRM CONFIRM CONFIRM DEBIAN |
| check_mk_project -- check_mk | Multiple cross-site request forgery (CSRF) vulnerabilities in the Multisite GUI in Check_MK before 1.2.5i2 allow remote attackers to hijack the authentication of users for requests that (1) upload arbitrary snapshots, (2) delete arbitrary files, or possibly have other unspecified impact via unknown vectors. | 2015-08-31 | 6.8 | CVE-2014-2330 BID BUGTRAQ CONFIRM |
| check_mk_project -- check_mk | Check_MK before 1.2.2p3 and 1.2.3x before 1.2.3i5 allows remote authenticated users to delete arbitrary files via a request to an unspecified link, related to "Insecure Direct Object References." NOTE: this can be exploited by remote attackers by leveraging CVE-2014-2330. | 2015-08-31 | 5.5 | CVE-2014-2332 BUGTRAQ BUGTRAQ |
| cisco -- telepresence_video_communication_server_software | A local file script in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 allows local users to gain privileges for OS command execution via invalid parameters, aka Bug ID CSCuv10556. | 2015-09-02 | 6.9 | CVE-2015-4330 CISCO |
| cisco -- identity_services_engine_software | The guest portal in Cisco Identity Services Engine (ISE) 3300 1.2(0.899) does not restrict access to uploaded HTML documents, which allows remote attackers to obtain sensitive information from customized documents via a direct request, aka Bug ID CSCuo78045. | 2015-08-28 | 5.0 | CVE-2015-6266 CISCO |
| cisco -- asr_1000_series_software | The IPv4 implementation on Cisco ASR 1000 devices with software 15.5(3)S allows remote attackers to cause a denial of service (ESP QFP CPU consumption) by triggering packet fragmentation and reassembly, aka Bug ID CSCuv71273. | 2015-09-02 | 5.0 | CVE-2015-6274 CISCO |
| cisco -- 1000v | The ARP implementation in Cisco NX-OS on Nexus 1000V devices for VMware vSphere 5.2(1)SV3(1.4), Nexus 3000 devices 7.3(0)ZD(0.47), Nexus 4000 devices 4.1(2)E1, Nexus 9000 devices 7.3(0)ZD(0.61), and MDS 9000 devices 7.0(0)HSK(0.353) and SAN-OS NX-OS on MDS 9000 devices 7.0(0)HSK(0.353) allows remote attackers to cause a denial of service (ARP process restart) via crafted packet-header fields, aka Bug ID CSCut25292. | 2015-09-02 | 6.1 | CVE-2015-6277 CISCO |
| documentcloud -- navis_documentcloud | Cross-site scripting (XSS) vulnerability in js/window.php in the Navis DocumentCloud plugin before 0.1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the wpbase parameter. | 2015-09-01 | 4.3 | CVE-2015-2807 CONFIRM MISC FULLDISC MISC |
| geddyjs -- geddy | Directory traversal vulnerability in lib/app/index.js in Geddy before 13.0.8 for Node.js allows remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the PATH_INFO to the default URI. | 2015-09-04 | 5.0 | CVE-2015-5688 CONFIRM CONFIRM MISC CONFIRM CONFIRM |
| google -- chrome | The ContainerNode::parserRemoveChild function in core/dom/ContainerNode.cpp in Blink, as used in Google Chrome before 45.0.2454.85, does not check whether a node is expected, which allows remote attackers to bypass the Same Origin Policy or cause a denial of service (DOM tree corruption) via a web site with crafted JavaScript code and IFRAME elements. | 2015-09-03 | 6.4 | CVE-2015-1291 CONFIRM CONFIRM CONFIRM |
| google -- chrome | The NavigatorServiceWorker::serviceWorker function in modules/serviceworkers/NavigatorServiceWorker.cpp in Blink, as used in Google Chrome before 45.0.2454.85, allows remote attackers to bypass the Same Origin Policy by accessing a Service Worker. | 2015-09-03 | 5.0 | CVE-2015-1292 CONFIRM CONFIRM CONFIRM CONFIRM |
| google -- chrome | The DOM implementation in Blink, as used in Google Chrome before 45.0.2454.85, allows remote attackers to bypass the Same Origin Policy via unspecified vectors. | 2015-09-03 | 5.0 | CVE-2015-1293 CONFIRM CONFIRM |
| google -- chrome | The UnescapeURLWithAdjustmentsImpl implementation in net/base/escape.cc in Google Chrome before 45.0.2454.85 does not prevent display of Unicode LOCK characters in the omnibox, which makes it easier for remote attackers to spoof the SSL lock icon by placing one of these characters at the end of a URL, as demonstrated by the omnibox in localizations for right-to-left languages. | 2015-09-03 | 5.0 | CVE-2015-1296 CONFIRM CONFIRM CONFIRM CONFIRM |
| google -- chrome | The RuntimeEventRouter::OnExtensionUninstalled function in extensions/browser/api/runtime/runtime_api.cc in Google Chrome before 45.0.2454.85 does not ensure that the setUninstallURL preference corresponds to the URL of a web site, which allows user-assisted remote attackers to trigger access to an arbitrary URL via a crafted extension that is uninstalled. | 2015-09-03 | 4.3 | CVE-2015-1298 CONFIRM CONFIRM CONFIRM |
| google -- chrome | The FrameFetchContext::updateTimingInfoForIFrameNavigation function in core/loader/FrameFetchContext.cpp in Blink, as used in Google Chrome before 45.0.2454.85, does not properly restrict the availability of IFRAME Resource Timing API times, which allows remote attackers to obtain sensitive information via crafted JavaScript code that leverages a history.back call. | 2015-09-03 | 5.0 | CVE-2015-1300 CONFIRM CONFIRM CONFIRM |
| google -- chrome | The decompose function in platform/transforms/TransformationMatrix.cpp in Blink, as used in Google Chrome before 45.0.2454.85, does not verify that a matrix inversion succeeded, which allows remote attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted web site. | 2015-09-03 | 6.8 | CVE-2015-6582 CONFIRM CONFIRM CONFIRM CONFIRM |
| google -- chrome | Google Chrome before 45.0.2454.85 does not display a location bar for a hosted app's window after navigation away from the installation site, which might make it easier for remote attackers to spoof content via a crafted app, related to browser.cc and hosted_app_browser_controller.cc. | 2015-09-03 | 4.3 | CVE-2015-6583 CONFIRM CONFIRM CONFIRM CONFIRM |
| innominate -- mguard_firmware | The IPsec SA establishment process on Innominate mGuard devices with firmware 8.x before 8.1.7 allows remote authenticated users to cause a denial of service (VPN service restart) by leveraging a peer relationship to send a crafted configuration with compression. | 2015-08-30 | 4.0 | CVE-2015-3966 MISC CONFIRM |
| linux -- linux_kernel | The UDF filesystem implementation in the Linux kernel before 3.18.2 does not validate certain lengths, which allows local users to cause a denial of service (buffer over-read and system crash) via a crafted filesystem image, related to fs/udf/inode.c and fs/udf/symlink.c. | 2015-08-31 | 4.9 | CVE-2014-9728 CONFIRM CONFIRM CONFIRM CONFIRM MLIST CONFIRM CONFIRM CONFIRM CONFIRM |
| linux -- linux_kernel | The udf_read_inode function in fs/udf/inode.c in the Linux kernel before 3.18.2 does not ensure a certain data-structure size consistency, which allows local users to cause a denial of service (system crash) via a crafted UDF filesystem image. | 2015-08-31 | 4.9 | CVE-2014-9729 CONFIRM CONFIRM MLIST CONFIRM CONFIRM |
| linux -- linux_kernel | The udf_pc_to_char function in fs/udf/symlink.c in the Linux kernel before 3.18.2 relies on component lengths that are unused, which allows local users to cause a denial of service (system crash) via a crafted UDF filesystem image. | 2015-08-31 | 4.9 | CVE-2014-9730 CONFIRM CONFIRM MLIST CONFIRM CONFIRM |
| linux -- linux_kernel | Memory leak in the __key_link_end function in security/keys/keyring.c in the Linux kernel before 4.1.4 allows local users to cause a denial of service (memory consumption) via many add_key system calls that refer to existing keys. | 2015-08-31 | 4.9 | CVE-2015-1333 CONFIRM CONFIRM MLIST CONFIRM CONFIRM |
| linux -- linux_kernel | Race condition in net/sctp/socket.c in the Linux kernel before 4.1.2 allows local users to cause a denial of service (list corruption and panic) via a rapid series of system calls related to sockets, as demonstrated by setsockopt calls. | 2015-08-31 | 4.9 | CVE-2015-3212 CONFIRM CONFIRM CONFIRM CONFIRM |
| linux -- linux_kernel | The bpf_int_jit_compile function in arch/x86/net/bpf_jit_comp.c in the Linux kernel before 4.0.6 allows local users to cause a denial of service (system crash) by creating a packet filter and then loading crafted BPF instructions that trigger late convergence by the JIT compiler. | 2015-08-31 | 4.9 | CVE-2015-4700 CONFIRM CONFIRM MLIST CONFIRM CONFIRM |
| linux -- linux_kernel | The (1) udp_recvmsg and (2) udpv6_recvmsg functions in the Linux kernel before 4.0.6 provide inappropriate -EAGAIN return values, which allows remote attackers to cause a denial of service (EPOLLET epoll application read outage) via an incorrect checksum in a UDP packet, a different vulnerability than CVE-2015-5364. | 2015-08-31 | 5.0 | CVE-2015-5366 CONFIRM CONFIRM MLIST CONFIRM CONFIRM |
| linux -- linux_kernel | Use-after-free vulnerability in the path_openat function in fs/namei.c in the Linux kernel 3.x and 4.x before 4.0.4 allows local users to cause a denial of service or possibly have unspecified other impact via O_TMPFILE filesystem operations that leverage a duplicate cleanup operation. | 2015-08-31 | 4.6 | CVE-2015-5706 CONFIRM CONFIRM MLIST CONFIRM MISC CONFIRM |
| linux -- linux_kernel | The perf_callchain_user_64 function in arch/powerpc/perf/callchain.c in the Linux kernel before 4.0.2 on ppc64 platforms allows local users to cause a denial of service (infinite loop) via a deep 64-bit userspace backtrace. | 2015-08-31 | 4.9 | CVE-2015-6526 CONFIRM CONFIRM MLIST CONFIRM CONFIRM |
| mediawiki -- mediawiki | The Special:Contributions page in MediaWiki before 1.22.0 allows remote attackers to determine if an IP is autoblocked via the "Change block" text. | 2015-09-01 | 5.0 | CVE-2013-7444 CONFIRM MLIST CONFIRM MLIST MLIST FEDORA |
| mediawiki -- mediawiki | The Special:DeletedContributions page in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 allows remote attackers to determine if an IP is autoblocked via the "Change block" text. | 2015-09-01 | 5.0 | CVE-2015-6727 CONFIRM MLIST CONFIRM MLIST MLIST FEDORA |
| mediawiki -- mediawiki | Cross-site scripting (XSS) vulnerability in thumb.php in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 allows remote attackers to inject arbitrary web script or HTML via the rel404 parameter, which is not properly handled in an error page. | 2015-09-01 | 4.3 | CVE-2015-6729 MLIST MLIST MLIST FEDORA |
| mediawiki -- mediawiki | Cross-site scripting (XSS) vulnerability in thumb.php in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 allows remote attackers to inject arbitrary web script or HTML via the f parameter, which is not properly handled in an error page, related to "ForeignAPI images." | 2015-09-01 | 4.3 | CVE-2015-6730 MLIST MLIST MLIST FEDORA |
| mediawiki -- mediawiki | GeSHi, as used in the SyntaxHighlight_GeSHi extension and MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2, allows remote attackers to cause a denial of service (resource consumption) via unspecified vectors. | 2015-09-01 | 5.0 | CVE-2015-6733 CONFIRM MLIST MLIST MLIST FEDORA |
| mediawiki -- mediawiki | Cross-site scripting (XSS) vulnerability in contrib/cssgen.php in the GeSHi, as used in the SyntaxHighlight_GeSHi extension and MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2015-09-01 | 4.3 | CVE-2015-6734 CONFIRM MLIST MLIST MLIST FEDORA |
| mybb -- mybb | Cross-site scripting (XSS) vulnerability in the quick edit function in xmlhttp.php in MyBB (aka MyBulletinBoard) before 1.8.5 allows remote attackers to inject arbitrary web script or HTML via the content of a post. | 2015-09-03 | 4.3 | CVE-2015-4552 CONFIRM MISC |
| octobercms -- october | Cross-site scripting (XSS) vulnerability in October CMS build 271 and earlier allows remote attackers to inject arbitrary web script or HTML via the caption tag of a profile image. | 2015-09-04 | 4.3 | CVE-2015-5612 CONFIRM CONFIRM MLIST MLIST |
| ok_web_server_project -- ok_web_server | Cross-site scripting (XSS) vulnerability in libahttp/err.c in OkCupid OKWS (OK Web Server) allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to a non-existent page, which is not properly handled in a 404 error page. | 2015-08-31 | 4.3 | CVE-2014-3148 MISC MISC CONFIRM MISC |
| openafs -- openafs | The vlserver in OpenAFS before 1.6.13 allows remote authenticated users to cause a denial of service (out-of-bounds read and crash) via a crafted regular expression in a VL_ListAttributesN2 RPC. | 2015-09-02 | 4.0 | CVE-2015-6587 CONFIRM MLIST CONFIRM DEBIAN |
| pacemaker/corosync_configuration_system_project -- pacemaker/corosync_configuration_system | Race condition in pcsd in PCS 0.9.139 and earlier uses a global variable to validate usernames, which allows remote authenticated users to gain privileges by sending a command that is checked for security after another user is authenticated. | 2015-09-03 | 4.9 | CVE-2015-5189 CONFIRM REDHAT |
| php_font_lib_project -- php_font_lib | Cross-site scripting (XSS) vulnerability in www/make_subset.php in PHP Font Lib before 0.3.1 allows remote attackers to inject arbitrary web script or HTML via the name parameter. | 2015-08-31 | 4.3 | CVE-2014-2570 CONFIRM CONFIRM BID BUGTRAQ OSVDB MISC |
| pligg -- pligg_cms | Cross-site request forgery (CSRF) vulnerability in Pligg CMS 2.0.2 allows remote attackers to hijack the authentication of administrators for requests that add an administrator via a request to admin/admin_users.php. | 2015-08-31 | 6.8 | CVE-2015-6655 EXPLOIT-DB |
| qemu -- qemu | The pit_ioport_read in i8254.c in the Linux kernel before 2.6.33 and QEMU before 2.3.1 does not distinguish between read lengths and write lengths, which might allow guest OS users to execute arbitrary code on the host OS by triggering use of an invalid index. | 2015-08-31 | 6.9 | CVE-2015-3214 CONFIRM CONFIRM MLIST CONFIRM CONFIRM |
| quiz_project -- quiz | The Quiz extension for MediaWiki allows remote attackers to cause a denial of service via regex metacharacters in a regular expression. | 2015-09-01 | 5.0 | CVE-2015-6736 MLIST MLIST MLIST FEDORA |
| semanticforms_project -- semanticforms | Multiple cross-site scripting (XSS) vulnerabilities in the SemanticForms extension for MediaWiki allow remote attackers to inject arbitrary web script or HTML via a (1) section_*, (2) template_*, (3) label_*, or (4) new_template parameter to Special:CreateForm or (5) target or (6) alt_form parameter to Special:FormEdit. | 2015-09-01 | 4.3 | CVE-2015-6731 CONFIRM MLIST MLIST MLIST FEDORA |
| semanticforms_project -- semanticforms | Multiple cross-site scripting (XSS) vulnerabilities in the SemanticForms extension for MediaWiki allow remote attackers to inject arbitrary web script or HTML via the (1) wpSummary parameter to Special:FormEdit, the (2) "Template label (optional)" field in a form, or a (3) Field name in a template. | 2015-09-01 | 4.3 | CVE-2015-6732 CONFIRM CONFIRM CONFIRM MLIST MLIST MLIST FEDORA |
| siemens -- compas | The Siemens COMPAS Mobile application before 1.6 for Android does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 2015-08-31 | 5.8 | CVE-2015-5717 CONFIRM |
| softing -- fg-x00_profibus_firmware | Cross-site scripting (XSS) vulnerability in Softing FG-100 PROFIBUS Single Channel (FG-100-PB) with firmware FG-x00-PB_V2.02.0.00 allows remote attackers to inject arbitrary web script or HTML via the DEVICE_NAME parameter to cgi-bin/CFGhttp/. | 2015-08-31 | 4.3 | CVE-2014-6616 BID BUGTRAQ MISC |
| timedmediahandler_project -- timedmediahandler | The reset functionality in the TimedMediaHandler extension for MediaWiki does not create a new transcode, which allows remote attackers to cause a denial of service (transcode deletion) by resetting a transcode. | 2015-09-01 | 5.0 | CVE-2015-6735 CONFIRM MLIST MLIST MLIST FEDORA |
| webgroupmedia -- cerb | Cross-site request forgery (CSRF) vulnerability in ajax.php in Cerb before 7.0.4 allows remote attackers to hijack the authentication of administrators for requests that add an administrator account via a saveWorkerPeek action. | 2015-09-03 | 6.8 | CVE-2015-6545 MISC CONFIRM BUGTRAQ CONFIRM |
| widgets_project -- widgets | Cross-site scripting (XSS) vulnerability in the Widgets extension for MediaWiki allows remote attackers to inject arbitrary web script or HTML via vectors involving base64 encoded content. | 2015-09-01 | 4.3 | CVE-2015-6737 MLIST MLIST MLIST FEDORA |
Low Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| basware -- banking | Basware Banking (Maksuliikenne) before 8.90.07.X stores private keys in plaintext in the SQL database, which allows remote attackers to spoof communications with banks via unspecified vectors. NOTE: this identifier was SPLIT from CVE-2015-0942 per ADT2 due to different vulnerability types. | 2015-08-31 | 2.1 | CVE-2015-6746 MISC FULLDISC |
| check_mk_project -- check_mk | Multiple cross-site scripting (XSS) vulnerabilities in Check_MK before 1.2.2p3 and 1.2.3x before 1.2.3i5 allow remote authenticated users to inject arbitrary web script or HTML via the (1) agent string for a check_mk agent, a (2) crafted request to a monitored host, which is not properly handled by the logwatch module, or other unspecified vectors. | 2015-08-31 | 3.5 | CVE-2014-2329 BUGTRAQ BUGTRAQ |
| fortinet -- forticlient | The (1) mdare64_48.sys, (2) mdare32_48.sys, (3) mdare32_52.sys, and (4) mdare64_52.sys drivers in Fortinet FortiClient before 5.2.4 allows local users to read arbitrary kernel memory via a 0x22608C ioctl call. | 2015-09-03 | 2.1 | CVE-2015-4077 SECTRACK CONFIRM MISC |
| invisionpower -- invision_power_board | Cross-site scripting (XSS) vulnerability in Invision Power Services IPS Community Suite (aka Invision Power Board, IPB, or Power Board) 4.x before 4.0.12.1 allows remote authenticated users to inject arbitrary web script or HTML via the event_location[address] array parameter to calendar/submit/. | 2015-09-04 | 3.5 | CVE-2015-6810 EXPLOIT-DB CONFIRM |
| levelten_interactive -- spotlight | Cross-site scripting (XSS) vulnerability in the Spotlight module 7.x-1.x before 7.x-1.5 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via a node title. | 2015-09-04 | 3.5 | CVE-2015-6808 MISC CONFIRM |
| linux -- linux_kernel | The UDF filesystem implementation in the Linux kernel before 3.18.2 does not ensure that space is available for storing a symlink target's name along with a trailing \0 character, which allows local users to obtain sensitive information via a crafted filesystem image, related to fs/udf/symlink.c and fs/udf/unicode.c. | 2015-08-31 | 2.1 | CVE-2014-9731 CONFIRM CONFIRM MLIST CONFIRM CONFIRM |
| linux -- linux_kernel | arch/x86/entry/entry_64.S in the Linux kernel before 4.1.6 on the x86_64 platform does not properly determine when nested NMI processing is occurring, which allows local users to cause a denial of service (skipped NMI) by modifying the rsp register, issuing a syscall instruction, and triggering an NMI. | 2015-08-31 | 2.1 | CVE-2015-3291 CONFIRM CONFIRM MLIST CONFIRM CONFIRM |
| linux -- linux_kernel | The get_bitmap_file function in drivers/md/md.c in the Linux kernel before 4.1.6 does not initialize a certain bitmap data structure, which allows local users to obtain sensitive information from kernel memory via a GET_BITMAP_FILE ioctl call. | 2015-08-31 | 2.1 | CVE-2015-5697 CONFIRM CONFIRM MLIST CONFIRM CONFIRM |
| mass_contact_project -- mass_contact | Cross-site scripting (XSS) vulnerability in the Mass Contact module 6.x-1.x before 6.x-1.6 and 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the "administer mass contact" permission to inject arbitrary web script or HTML via a category label. | 2015-09-04 | 2.1 | CVE-2015-6807 MISC CONFIRM CONFIRM |
| medhabidotcom -- mdc_private_message | Cross-site scripting (XSS) vulnerability in the MDC Private Message plugin 1.0.0 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the message field in a private message. | 2015-09-02 | 3.5 | CVE-2015-6805 EXPLOIT-DB |
| path_breadcrumbs_project -- path_breadcrumbs | Cross-site scripting (XSS) vulnerability in the administration interface in the Path Breadcrumbs module 7.x-3.x before 7.x-3.3 for Drupal allows remote authenticated users with the "Administer Path Breadcrumbs" permission to inject arbitrary web script or HTML via unspecified vectors. | 2015-08-31 | 2.1 | CVE-2015-6754 MISC CONFIRM |
| polycom -- realpresence_cloudaxis_suite | Cross-site scripting (XSS) vulnerability in Polycom RealPresence CloudAXIS Suite before 1.7.0 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 2015-09-03 | 3.5 | CVE-2015-1516 MISC |
| quick_edit_project -- quick_edit | Multiple cross-site scripting (XSS) vulnerabilities in the Quick Edit module 7.x-1.x before 7.x-1.2 for Drupal allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via an (1) entity title, related to in-place editing, or a (2) node title. | 2015-08-31 | 3.5 | CVE-2015-6753 MISC CONFIRM |
| search_api_autocomplete_project -- search_api_autocomplete | Cross-site scripting (XSS) vulnerability in the Search API Autocomplete module 7.x-1.x before 7.x-1.3 for Drupal, when the search index is configured to use the HTML filter processor, allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors, which are not properly handled in the returned suggestions. | 2015-08-31 | 2.1 | CVE-2015-6752 MISC CONFIRM |
| time_tracker_project -- time_tracker | Multiple cross-site scripting (XSS) vulnerabilities in the Time Tracker module 7.x-1.x before 7.x-1.4 for Drupal allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via a (1) notes added to a time entry or (2) activity used to categorize time tracker entries. | 2015-08-31 | 3.5 | CVE-2015-6751 MISC CONFIRM CONFIRM |
| type74 -- ed | Type74 ED before 4.0 misuses 128-bit ECB encryption for small files, which makes it easier for attackers to obtain plaintext data via differential cryptanalysis of a file with an original length smaller than 128 bits. | 2015-08-28 | 2.6 | CVE-2015-2987 CONFIRM CONFIRM JVNDB JVN |
| xen -- xen | The xenmem_add_to_physmap_one function in arch/arm/mm.c in Xen 4.5.x, 4.4.x, and earlier does not limit the number of printk console messages when reporting a failure to retrieve a reference on a foreign page, which allows remote domains to cause a denial of service by leveraging permissions to map the memory of a foreign guest. | 2015-09-03 | 2.1 | CVE-2015-6654 CONFIRM SECTRACK |
| youtube_embed_project -- youtube_embed | Cross-site scripting (XSS) vulnerability in includes/options-profiles.php in the YouTube Embed plugin before 3.3.3 for WordPress allows remote administrators to inject arbitrary web script or HTML via the Profile name field (youtube_embed_name parameter). | 2015-08-31 | 3.5 | CVE-2015-6535 CONFIRM BUGTRAQ MISC |
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.