U.S. Flag Official website of the Department of Homeland Security
TLP:WHITE

Bulletin (SB15-250)

Vulnerability Summary for the Week of August 31, 2015

Original release date: September 07, 2015

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

High Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
call-cc -- chickenBuffer overflow in CHICKEN 4.9.0.x before 4.9.0.2, 4.9.x before 4.9.1, and before 5.0 allows attackers to have unspecified impact via a positive START argument to the "substring-index[-ci] procedures."2015-08-287.5CVE-2014-9651
MLIST
MLIST
check_mk_project -- check_mkCheck_MK 1.2.2p2, 1.2.2p3, and 1.2.3i5 allows remote authenticated users to execute arbitrary Python code via a crafted rules.mk file in a snapshot. NOTE: this can be exploited by remote attackers by leveraging CVE-2014-2330.2015-08-318.5CVE-2014-2331
BUGTRAQ
BUGTRAQ
cisco -- integrated_management_controller_supervisorThe JavaServer Pages (JSP) component in Cisco Integrated Management Controller (IMC) Supervisor before 1.0.0.1 and UCS Director (formerly Cloupia Unified Infrastructure Controller) before 5.2.0.1 allows remote attackers to write to arbitrary files via crafted HTTP requests, aka Bug IDs CSCus36435 and CSCus62625.2015-09-039.4CVE-2015-6259
CISCO
cisco -- ios_xeCisco IOS XE before 2.2.3 on ASR 1000 devices allows remote attackers to cause a denial of service (Embedded Services Processor crash) via a crafted L2TP packet, aka Bug IDs CSCsw95722 and CSCsw95496.2015-08-287.8CVE-2015-6267
CISCO
cisco -- ios_xeCisco IOS XE before 2.2.3 on ASR 1000 devices allows remote attackers to cause a denial of service (Embedded Services Processor crash) via a crafted IPv4 UDP packet, aka Bug ID CSCsw95482.2015-08-287.8CVE-2015-6268
CISCO
cisco -- ios_xeCisco IOS XE before 2.2.3 on ASR 1000 devices allows remote attackers to cause a denial of service (Embedded Services Processor crash) via a crafted (1) IPv4 or (2) IPv6 packet, aka Bug ID CSCsw69990.2015-08-317.8CVE-2015-6269
CISCO
cisco -- ios_xeCisco IOS XE before 2.2.3 on ASR 1000 devices allows remote attackers to cause a denial of service (Embedded Services Processor crash) via a crafted IPv6 packet, aka Bug ID CSCsv98555.2015-08-317.8CVE-2015-6270
CISCO
cisco -- ios_xeCisco IOS XE 2.1.0 through 2.4.3 and 2.5.0 on ASR 1000 devices, when NAT Application Layer Gateway is used, allows remote attackers to cause a denial of service (Embedded Services Processor crash) via a crafted SIP packet, aka Bug IDs CSCta74749 and CSCta77008.2015-08-317.8CVE-2015-6271
CISCO
cisco -- ios_xeCisco IOS XE 2.1.0 through 2.2.3 and 2.3.0 on ASR 1000 devices, when NAT Application Layer Gateway is used, allows remote attackers to cause a denial of service (Embedded Services Processor crash) via a crafted H.323 packet, aka Bug ID CSCsx35393, CSCsx07094, and CSCsw93064.2015-08-317.8CVE-2015-6272
CISCO
cisco -- ios_xeCisco IOS XE before 3.1.2S on ASR 1000 devices mishandles the automatic setup of Virtual Fragment Reassembly (VFR) by certain firewall and NAT components, which allows remote attackers to cause a denial of service (Embedded Services Processor crash) via crafted IP packets, aka Bug IDs CSCtf87624, CSCte93229, CSCtd19103, and CSCti63623.2015-08-287.8CVE-2015-6273
CISCO
cyberoam -- cr500ing-xpSQL injection vulnerability in the Sophos Cyberoam CR500iNG-XP firewall appliance with CyberoamOS 10.6.2 MR-1 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter to login.xml.2015-09-047.5CVE-2015-6811
EXPLOIT-DB
MISC
emc -- atmosThe XML parser in EMC Atmos before 2.2.3.426 and 2.3.x before 2.3.1.0 allows remote authenticated users to read arbitrary files or cause a denial of service (CPU and memory consumption) via an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.2015-09-037.5CVE-2015-4538
BUGTRAQ
emc -- documentum_content_serverEMC Documentum Content Server before 7.1P20 and 7.2.x before 7.2P04 does not properly verify authorization for dm_job object access, which allows remote authenticated users to obtain superuser privileges via crafted object operations. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-4626.2015-09-039.0CVE-2015-4544
BUGTRAQ
fortinet -- forticlientThe (1) mdare64_48.sys, (2) mdare32_48.sys, (3) mdare32_52.sys, and (4) mdare64_52.sys drivers in Fortinet FortiClient before 5.2.4 allows local users to write to arbitrary memory locations via a 0x226108 ioctl call.2015-09-037.2CVE-2015-5735
SECTRACK
CONFIRM
MISC
fortinet -- forticlientThe Fortishield.sys driver in Fortinet FortiClient before 5.2.4 allows local users to execute arbitrary code with kernel privileges by setting the callback function in a (1) 0x220024 or (2) 0x220028 ioctl call.2015-09-037.2CVE-2015-5736
SECTRACK
CONFIRM
MISC
fortinet -- forticlientThe (1) mdare64_48.sys, (2) mdare32_48.sys, (3) mdare32_52.sys, (4) mdare64_52.sys, and (5) Fortishield.sys drivers in Fortinet FortiClient before 5.2.4 do not properly restrict access to the API for management of processes and the Windows registry, which allows local users to obtain a privileged handle to a PID and possibly have unspecified other impact, as demonstrated by a 0x2220c8 ioctl call.2015-09-037.2CVE-2015-5737
SECTRACK
CONFIRM
MISC
gnu -- gnutlsDouble free vulnerability in lib/x509/x509_ext.c in GnuTLS before 3.3.14 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted CRL distribution point.2015-09-027.5CVE-2015-3308
CONFIRM
CONFIRM
UBUNTU
MLIST
MLIST
google -- chromeUse-after-free vulnerability in the SkMatrix::invertNonIdentity function in core/SkMatrix.cpp in Skia, as used in Google Chrome before 45.0.2454.85, allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering the use of matrix elements that lead to an infinite result during an inversion calculation.2015-09-037.5CVE-2015-1294
CONFIRM
CONFIRM
CONFIRM
google -- chromeMultiple use-after-free vulnerabilities in the PrintWebViewHelper class in components/printing/renderer/print_web_view_helper.cc in Google Chrome before 45.0.2454.85 allow user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact by triggering nested IPC messages during preparation for printing, as demonstrated by messages associated with PDF documents in conjunction with messages about printer capabilities.2015-09-037.5CVE-2015-1295
CONFIRM
CONFIRM
CONFIRM
google -- chromeThe WebRequest API implementation in extensions/browser/api/web_request/web_request_api.cc in Google Chrome before 45.0.2454.85 does not properly consider a request's source before accepting the request, which allows remote attackers to bypass intended access restrictions via a crafted (1) app or (2) extension.2015-09-037.5CVE-2015-1297
CONFIRM
CONFIRM
CONFIRM
google -- chromeUse-after-free vulnerability in the shared-timer implementation in Blink, as used in Google Chrome before 45.0.2454.85, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging erroneous timer firing, related to ThreadTimers.cpp and Timer.cpp.2015-09-037.5CVE-2015-1299
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
google -- chromeMultiple unspecified vulnerabilities in Google Chrome before 45.0.2454.85 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.2015-09-037.5CVE-2015-1301
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
google -- chromeMultiple unspecified vulnerabilities in Google V8 before 4.5.103.29, as used in Google Chrome before 45.0.2454.85, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.2015-09-037.5CVE-2015-6580
CONFIRM
google -- chromeDouble free vulnerability in the opj_j2k_copy_default_tcp_and_create_tcd function in j2k.c in OpenJPEG before r3002, as used in PDFium in Google Chrome before 45.0.2454.85, allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by triggering a memory-allocation failure.2015-09-037.5CVE-2015-6581
CONFIRM
CONFIRM
CONFIRM
CONFIRM
gsm -- sim_card_editorStack-based buffer overflow in GSM SIM Utility (aka SIM Card Editor) 6.6 allows remote attackers to execute arbitrary code via a long entry in a .sms file.2015-08-2810.0CVE-2015-1171
MISC
MISC
MISC
hp -- intelligent_provisioningUnspecified vulnerability in HP Intelligent Provisioning 1.00 through 1.62(a), 2.00, and 2.10 allows remote attackers to execute arbitrary code via unknown vectors.2015-08-3110.0CVE-2015-2135
HP
invisionpower -- invision_power_boardInvision Power Services IPS Community Suite (aka Invision Power Board, IPB, or Power Board) before 4.0.12.1 allows remote attackers to cause a denial of service (loop and memory consumption) via a crafted URL.2015-09-047.8CVE-2015-6812
CONFIRM
ippusbxd_project -- ippusbxdIPPUSBXD before 1.22 listens on all interfaces, which allows remote attackers to obtain access to USB connected printers via a direct request.2015-09-017.5CVE-2015-6520
CONFIRM
CONFIRM
UBUNTU
MLIST
MLIST
linux -- linux_kernelarch/x86/entry/entry_64.S in the Linux kernel before 4.1.6 on the x86_64 platform improperly relies on espfix64 during nested NMI processing, which allows local users to gain privileges by triggering an NMI within a certain instruction window.2015-08-317.2CVE-2015-3290
CONFIRM
CONFIRM
MLIST
MLIST
CONFIRM
CONFIRM
linux -- linux_kernelArray index error in the tcm_vhost_make_tpg function in drivers/vhost/scsi.c in the Linux kernel before 4.0 might allow guest OS users to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted VHOST_SCSI_SET_ENDPOINT ioctl call. NOTE: the affected function was renamed to vhost_scsi_make_tpg before the vulnerability was announced.2015-08-317.2CVE-2015-4036
CONFIRM
CONFIRM
MLIST
CONFIRM
linux -- linux_kernelarch/x86/entry/entry_64.S in the Linux kernel before 4.1.6 on the x86_64 platform mishandles IRET faults in processing NMIs that occurred during userspace execution, which might allow local users to gain privileges by triggering an NMI.2015-08-317.2CVE-2015-5157
CONFIRM
MLIST
CONFIRM
CONFIRM
linux -- linux_kernelThe (1) udp_recvmsg and (2) udpv6_recvmsg functions in the Linux kernel before 4.0.6 do not properly consider yielding a processor, which allows remote attackers to cause a denial of service (system hang) via incorrect checksums within a UDP packet flood.2015-08-317.8CVE-2015-5364
MISC
CONFIRM
CONFIRM
MLIST
CONFIRM
CONFIRM
mediawiki -- mediawikiThe ApiBase::getWatchlistUser function in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 does not perform token comparison in constant time, which allows remote attackers to guess the watchlist token and bypass CSRF protection via a timing attack.2015-09-017.5CVE-2015-6728
MLIST
MLIST
MLIST
FEDORA
mozilla -- firefoxUse-after-free vulnerability in the CanvasRenderingContext2D implementation in Mozilla Firefox before 40.0.3 and Firefox ESR 38.x before 38.2.1 allows remote attackers to execute arbitrary code by leveraging improper interaction between resize events and changes to Cascading Style Sheets (CSS) token sequences for a CANVAS element.2015-08-2910.0CVE-2015-4497
CONFIRM
CONFIRM
CONFIRM
mozilla -- firefoxThe add-on installation feature in Mozilla Firefox before 40.0.3 and Firefox ESR 38.x before 38.2.1 allows remote attackers to bypass an intended user-confirmation requirement by constructing a crafted data: URL and triggering navigation to an arbitrary http: or https: URL at a certain early point in the installation process.2015-08-297.5CVE-2015-4498
CONFIRM
CONFIRM
netsweeper -- netsweeperWebUpgrade in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to bypass authentication and create a system backup tarball, restart the server, or stop the filters on the server via a ' (single quote) character in the login and password parameters to webupgrade/webupgrade.php. NOTE: this was originally reported as an SQL injection vulnerability, but this may be inaccurate.2015-09-049.4CVE-2014-9605
CONFIRM
CONFIRM
CONFIRM
EXPLOIT-DB
pacemaker/corosync_configuration_system_project -- pacemaker/corosync_configuration_systemThe pcsd web UI in PCS 0.9.139 and earlier allows remote authenticated users to execute arbitrary commands via "escape characters" in a URL.2015-09-038.5CVE-2015-5190
CONFIRM
REDHAT
ricoh -- dl-1_sr10Buffer overflow in Ricoh DL FTP Server 1.1.0.6 and earlier allows remote attackers to execute arbitrary code via a long USER command.2015-08-317.5CVE-2015-6750
MISC
siemens -- simatic_s7_1200_cpuCross-site request forgery (CSRF) vulnerability in the web server on Siemens SIMATIC S7-1200 CPU devices with firmware before 4.1.3 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.2015-08-307.5CVE-2015-5698
MISC
CONFIRM
tibco -- messaging_applianceBuffer overflow in the HTTP administrative interface in TIBCO Rendezvous before 8.4.4, Rendezvous Network Server before 1.1.1, Substation ES before 2.9.0, and Messaging Appliance before 8.7.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via unspecified vectors, related to the Rendezvous Daemon (rvd), Routing Daemon (rvrd), Secure Daemon (rvsd), Secure Routing Daemon (rvsrd), Gateway Daemon (rvgd), Daemon Adapter (rvda), Cache (rvcache), Agent (rva), and Relay Agent (rvrad) components.2015-08-307.5CVE-2015-4555
CONFIRM
CONFIRM
Back to top

Medium Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
basware -- bankingBasware Banking (Maksuliikenne) before 9.10.0.0 does not encrypt communication between the client and the backend server, which allows man-in-the-middle attackers to obtain encryption keys, user credentials, and other sensitive information by sniffing the network or modify this traffic by inserting packets into the client-server data stream.2015-08-315.8CVE-2015-0943
MISC
FULLDISC
basware -- bankingBasware Banking (Maksuliikenne) before 8.90.07.X uses a hardcoded password for the ANCO account, which allows remote authenticated users to bypass intended access restrictions by leveraging knowledge of this password. NOTE: this identifier was SPLIT from CVE-2015-0942 per ADT2 and ADT3 due to different vulnerability types and different affected versions.2015-08-316.5CVE-2015-6742
MISC
FULLDISC
basware -- bankingBasware Banking (Maksuliikenne) 8.90.07.X uses a hardcoded password for an unspecified account, which allows remote authenticated users to bypass intended access restrictions by leveraging knowledge of this password. NOTE: this identifier was SPLIT from CVE-2015-0942 per ADT2 and ADT3 due to different vulnerability types and different affected versions.2015-08-316.5CVE-2015-6743
MISC
FULLDISC
basware -- bankingBasware Banking (Maksuliikenne) before 8.90.07.X relies on the client to enforce (1) login verification, (2) audit trail creation, and (3) account locking, which allows remote attackers to "disrupt security-critical functions" by "dropping network traffic." NOTE: this identifier was SPLIT from CVE-2015-0942 per ADT2 and ADT3 due to different vulnerability type and different affected versions.2015-08-314.3CVE-2015-6744
MISC
FULLDISC
basware -- bankingBasware Banking (Maksuliikenne) 8.90.07.X relies on the client to enforce account locking, which allows local users to bypass that security mechanism by deleting the entry from the locking table. NOTE: this identifier was SPLIT from CVE-2015-0942 per ADT2 and ADT3 due to different vulnerability type and different affected versions. NOTE: this vulnerability exists because of an incorrect fix for CVE-2015-6744.2015-08-314.6CVE-2015-6745
MISC
FULLDISC
basware -- bankingBasware Banking (Maksuliikenne) 8.90.07.X does not properly prevent access to private keys, which allows remote attackers to spoof communications with banks via unspecified vectors. NOTE: this identifier was SPLIT from CVE-2015-0942 per ADT2 due to different vulnerability types. NOTE: this vulnerability exists because of an incorrect fix for CVE-2015-6746.2015-08-315.0CVE-2015-6747
MISC
FULLDISC
bedita -- beditaMultiple cross-site scripting (XSS) vulnerabilities in BEdita before 3.6.0 allow remote attackers to inject arbitrary web script or HTML via the (1) cfg[projectName] parameter to index.php/admin/saveConfig, the (2) data[stats_provider_url] parameter to index.php/areas/saveArea, or the (3) data[description] parameter to index.php/areas/saveSection.2015-09-044.3CVE-2015-6809
CONFIRM
EXPLOIT-DB
CONFIRM
bestpractical -- request_trackerCross-site scripting (XSS) vulnerability in the cryptography interface in Request Tracker (RT) before 4.2.12 allows remote attackers to inject arbitrary web script or HTML via a crafted public key.2015-09-034.3CVE-2015-6506
CONFIRM
CONFIRM
CONFIRM
DEBIAN
check_mk_project -- check_mkMultiple cross-site request forgery (CSRF) vulnerabilities in the Multisite GUI in Check_MK before 1.2.5i2 allow remote attackers to hijack the authentication of users for requests that (1) upload arbitrary snapshots, (2) delete arbitrary files, or possibly have other unspecified impact via unknown vectors.2015-08-316.8CVE-2014-2330
BID
BUGTRAQ
CONFIRM
check_mk_project -- check_mkCheck_MK before 1.2.2p3 and 1.2.3x before 1.2.3i5 allows remote authenticated users to delete arbitrary files via a request to an unspecified link, related to "Insecure Direct Object References." NOTE: this can be exploited by remote attackers by leveraging CVE-2014-2330.2015-08-315.5CVE-2014-2332
BUGTRAQ
BUGTRAQ
cisco -- telepresence_video_communication_server_softwareA local file script in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 allows local users to gain privileges for OS command execution via invalid parameters, aka Bug ID CSCuv10556.2015-09-026.9CVE-2015-4330
CISCO
cisco -- identity_services_engine_softwareThe guest portal in Cisco Identity Services Engine (ISE) 3300 1.2(0.899) does not restrict access to uploaded HTML documents, which allows remote attackers to obtain sensitive information from customized documents via a direct request, aka Bug ID CSCuo78045.2015-08-285.0CVE-2015-6266
CISCO
cisco -- asr_1000_series_softwareThe IPv4 implementation on Cisco ASR 1000 devices with software 15.5(3)S allows remote attackers to cause a denial of service (ESP QFP CPU consumption) by triggering packet fragmentation and reassembly, aka Bug ID CSCuv71273.2015-09-025.0CVE-2015-6274
CISCO
cisco -- 1000vThe ARP implementation in Cisco NX-OS on Nexus 1000V devices for VMware vSphere 5.2(1)SV3(1.4), Nexus 3000 devices 7.3(0)ZD(0.47), Nexus 4000 devices 4.1(2)E1, Nexus 9000 devices 7.3(0)ZD(0.61), and MDS 9000 devices 7.0(0)HSK(0.353) and SAN-OS NX-OS on MDS 9000 devices 7.0(0)HSK(0.353) allows remote attackers to cause a denial of service (ARP process restart) via crafted packet-header fields, aka Bug ID CSCut25292.2015-09-026.1CVE-2015-6277
CISCO
documentcloud -- navis_documentcloudCross-site scripting (XSS) vulnerability in js/window.php in the Navis DocumentCloud plugin before 0.1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the wpbase parameter.2015-09-014.3CVE-2015-2807
CONFIRM
MISC
FULLDISC
MISC
geddyjs -- geddyDirectory traversal vulnerability in lib/app/index.js in Geddy before 13.0.8 for Node.js allows remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the PATH_INFO to the default URI.2015-09-045.0CVE-2015-5688
CONFIRM
CONFIRM
MISC
CONFIRM
CONFIRM
google -- chromeThe ContainerNode::parserRemoveChild function in core/dom/ContainerNode.cpp in Blink, as used in Google Chrome before 45.0.2454.85, does not check whether a node is expected, which allows remote attackers to bypass the Same Origin Policy or cause a denial of service (DOM tree corruption) via a web site with crafted JavaScript code and IFRAME elements.2015-09-036.4CVE-2015-1291
CONFIRM
CONFIRM
CONFIRM
google -- chromeThe NavigatorServiceWorker::serviceWorker function in modules/serviceworkers/NavigatorServiceWorker.cpp in Blink, as used in Google Chrome before 45.0.2454.85, allows remote attackers to bypass the Same Origin Policy by accessing a Service Worker.2015-09-035.0CVE-2015-1292
CONFIRM
CONFIRM
CONFIRM
CONFIRM
google -- chromeThe DOM implementation in Blink, as used in Google Chrome before 45.0.2454.85, allows remote attackers to bypass the Same Origin Policy via unspecified vectors.2015-09-035.0CVE-2015-1293
CONFIRM
CONFIRM
google -- chromeThe UnescapeURLWithAdjustmentsImpl implementation in net/base/escape.cc in Google Chrome before 45.0.2454.85 does not prevent display of Unicode LOCK characters in the omnibox, which makes it easier for remote attackers to spoof the SSL lock icon by placing one of these characters at the end of a URL, as demonstrated by the omnibox in localizations for right-to-left languages.2015-09-035.0CVE-2015-1296
CONFIRM
CONFIRM
CONFIRM
CONFIRM
google -- chromeThe RuntimeEventRouter::OnExtensionUninstalled function in extensions/browser/api/runtime/runtime_api.cc in Google Chrome before 45.0.2454.85 does not ensure that the setUninstallURL preference corresponds to the URL of a web site, which allows user-assisted remote attackers to trigger access to an arbitrary URL via a crafted extension that is uninstalled.2015-09-034.3CVE-2015-1298
CONFIRM
CONFIRM
CONFIRM
google -- chromeThe FrameFetchContext::updateTimingInfoForIFrameNavigation function in core/loader/FrameFetchContext.cpp in Blink, as used in Google Chrome before 45.0.2454.85, does not properly restrict the availability of IFRAME Resource Timing API times, which allows remote attackers to obtain sensitive information via crafted JavaScript code that leverages a history.back call.2015-09-035.0CVE-2015-1300
CONFIRM
CONFIRM
CONFIRM
google -- chromeThe decompose function in platform/transforms/TransformationMatrix.cpp in Blink, as used in Google Chrome before 45.0.2454.85, does not verify that a matrix inversion succeeded, which allows remote attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted web site.2015-09-036.8CVE-2015-6582
CONFIRM
CONFIRM
CONFIRM
CONFIRM
google -- chromeGoogle Chrome before 45.0.2454.85 does not display a location bar for a hosted app's window after navigation away from the installation site, which might make it easier for remote attackers to spoof content via a crafted app, related to browser.cc and hosted_app_browser_controller.cc.2015-09-034.3CVE-2015-6583
CONFIRM
CONFIRM
CONFIRM
CONFIRM
innominate -- mguard_firmwareThe IPsec SA establishment process on Innominate mGuard devices with firmware 8.x before 8.1.7 allows remote authenticated users to cause a denial of service (VPN service restart) by leveraging a peer relationship to send a crafted configuration with compression.2015-08-304.0CVE-2015-3966
MISC
CONFIRM
linux -- linux_kernelThe UDF filesystem implementation in the Linux kernel before 3.18.2 does not validate certain lengths, which allows local users to cause a denial of service (buffer over-read and system crash) via a crafted filesystem image, related to fs/udf/inode.c and fs/udf/symlink.c.2015-08-314.9CVE-2014-9728
CONFIRM
CONFIRM
CONFIRM
CONFIRM
MLIST
CONFIRM
CONFIRM
CONFIRM
CONFIRM
linux -- linux_kernelThe udf_read_inode function in fs/udf/inode.c in the Linux kernel before 3.18.2 does not ensure a certain data-structure size consistency, which allows local users to cause a denial of service (system crash) via a crafted UDF filesystem image.2015-08-314.9CVE-2014-9729
CONFIRM
CONFIRM
MLIST
CONFIRM
CONFIRM
linux -- linux_kernelThe udf_pc_to_char function in fs/udf/symlink.c in the Linux kernel before 3.18.2 relies on component lengths that are unused, which allows local users to cause a denial of service (system crash) via a crafted UDF filesystem image.2015-08-314.9CVE-2014-9730
CONFIRM
CONFIRM
MLIST
CONFIRM
CONFIRM
linux -- linux_kernelMemory leak in the __key_link_end function in security/keys/keyring.c in the Linux kernel before 4.1.4 allows local users to cause a denial of service (memory consumption) via many add_key system calls that refer to existing keys.2015-08-314.9CVE-2015-1333
CONFIRM
CONFIRM
MLIST
CONFIRM
CONFIRM
linux -- linux_kernelRace condition in net/sctp/socket.c in the Linux kernel before 4.1.2 allows local users to cause a denial of service (list corruption and panic) via a rapid series of system calls related to sockets, as demonstrated by setsockopt calls.2015-08-314.9CVE-2015-3212
CONFIRM
CONFIRM
CONFIRM
CONFIRM
linux -- linux_kernelThe bpf_int_jit_compile function in arch/x86/net/bpf_jit_comp.c in the Linux kernel before 4.0.6 allows local users to cause a denial of service (system crash) by creating a packet filter and then loading crafted BPF instructions that trigger late convergence by the JIT compiler.2015-08-314.9CVE-2015-4700
CONFIRM
CONFIRM
MLIST
CONFIRM
CONFIRM
linux -- linux_kernelThe (1) udp_recvmsg and (2) udpv6_recvmsg functions in the Linux kernel before 4.0.6 provide inappropriate -EAGAIN return values, which allows remote attackers to cause a denial of service (EPOLLET epoll application read outage) via an incorrect checksum in a UDP packet, a different vulnerability than CVE-2015-5364.2015-08-315.0CVE-2015-5366
CONFIRM
CONFIRM
MLIST
CONFIRM
CONFIRM
linux -- linux_kernelUse-after-free vulnerability in the path_openat function in fs/namei.c in the Linux kernel 3.x and 4.x before 4.0.4 allows local users to cause a denial of service or possibly have unspecified other impact via O_TMPFILE filesystem operations that leverage a duplicate cleanup operation.2015-08-314.6CVE-2015-5706
CONFIRM
CONFIRM
MLIST
CONFIRM
MISC
CONFIRM
linux -- linux_kernelThe perf_callchain_user_64 function in arch/powerpc/perf/callchain.c in the Linux kernel before 4.0.2 on ppc64 platforms allows local users to cause a denial of service (infinite loop) via a deep 64-bit userspace backtrace.2015-08-314.9CVE-2015-6526
CONFIRM
CONFIRM
MLIST
CONFIRM
CONFIRM
mediawiki -- mediawikiThe Special:Contributions page in MediaWiki before 1.22.0 allows remote attackers to determine if an IP is autoblocked via the "Change block" text.2015-09-015.0CVE-2013-7444
CONFIRM
MLIST
CONFIRM
MLIST
MLIST
FEDORA
mediawiki -- mediawikiThe Special:DeletedContributions page in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 allows remote attackers to determine if an IP is autoblocked via the "Change block" text.2015-09-015.0CVE-2015-6727
CONFIRM
MLIST
CONFIRM
MLIST
MLIST
FEDORA
mediawiki -- mediawikiCross-site scripting (XSS) vulnerability in thumb.php in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 allows remote attackers to inject arbitrary web script or HTML via the rel404 parameter, which is not properly handled in an error page.2015-09-014.3CVE-2015-6729
MLIST
MLIST
MLIST
FEDORA
mediawiki -- mediawikiCross-site scripting (XSS) vulnerability in thumb.php in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 allows remote attackers to inject arbitrary web script or HTML via the f parameter, which is not properly handled in an error page, related to "ForeignAPI images."2015-09-014.3CVE-2015-6730
MLIST
MLIST
MLIST
FEDORA
mediawiki -- mediawikiGeSHi, as used in the SyntaxHighlight_GeSHi extension and MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2, allows remote attackers to cause a denial of service (resource consumption) via unspecified vectors.2015-09-015.0CVE-2015-6733
CONFIRM
MLIST
MLIST
MLIST
FEDORA
mediawiki -- mediawikiCross-site scripting (XSS) vulnerability in contrib/cssgen.php in the GeSHi, as used in the SyntaxHighlight_GeSHi extension and MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2015-09-014.3CVE-2015-6734
CONFIRM
MLIST
MLIST
MLIST
FEDORA
mybb -- mybbCross-site scripting (XSS) vulnerability in the quick edit function in xmlhttp.php in MyBB (aka MyBulletinBoard) before 1.8.5 allows remote attackers to inject arbitrary web script or HTML via the content of a post.2015-09-034.3CVE-2015-4552
CONFIRM
MISC
octobercms -- octoberCross-site scripting (XSS) vulnerability in October CMS build 271 and earlier allows remote attackers to inject arbitrary web script or HTML via the caption tag of a profile image.2015-09-044.3CVE-2015-5612
CONFIRM
CONFIRM
MLIST
MLIST
ok_web_server_project -- ok_web_serverCross-site scripting (XSS) vulnerability in libahttp/err.c in OkCupid OKWS (OK Web Server) allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to a non-existent page, which is not properly handled in a 404 error page.2015-08-314.3CVE-2014-3148
MISC
MISC
CONFIRM
MISC
openafs -- openafsThe vlserver in OpenAFS before 1.6.13 allows remote authenticated users to cause a denial of service (out-of-bounds read and crash) via a crafted regular expression in a VL_ListAttributesN2 RPC.2015-09-024.0CVE-2015-6587
CONFIRM
MLIST
CONFIRM
DEBIAN
pacemaker/corosync_configuration_system_project -- pacemaker/corosync_configuration_systemRace condition in pcsd in PCS 0.9.139 and earlier uses a global variable to validate usernames, which allows remote authenticated users to gain privileges by sending a command that is checked for security after another user is authenticated.2015-09-034.9CVE-2015-5189
CONFIRM
REDHAT
php_font_lib_project -- php_font_libCross-site scripting (XSS) vulnerability in www/make_subset.php in PHP Font Lib before 0.3.1 allows remote attackers to inject arbitrary web script or HTML via the name parameter.2015-08-314.3CVE-2014-2570
CONFIRM
CONFIRM
BID
BUGTRAQ
OSVDB
MISC
pligg -- pligg_cmsCross-site request forgery (CSRF) vulnerability in Pligg CMS 2.0.2 allows remote attackers to hijack the authentication of administrators for requests that add an administrator via a request to admin/admin_users.php.2015-08-316.8CVE-2015-6655
EXPLOIT-DB
qemu -- qemuThe pit_ioport_read in i8254.c in the Linux kernel before 2.6.33 and QEMU before 2.3.1 does not distinguish between read lengths and write lengths, which might allow guest OS users to execute arbitrary code on the host OS by triggering use of an invalid index.2015-08-316.9CVE-2015-3214
CONFIRM
CONFIRM
MLIST
CONFIRM
CONFIRM
quiz_project -- quizThe Quiz extension for MediaWiki allows remote attackers to cause a denial of service via regex metacharacters in a regular expression.2015-09-015.0CVE-2015-6736
MLIST
MLIST
MLIST
FEDORA
semanticforms_project -- semanticformsMultiple cross-site scripting (XSS) vulnerabilities in the SemanticForms extension for MediaWiki allow remote attackers to inject arbitrary web script or HTML via a (1) section_*, (2) template_*, (3) label_*, or (4) new_template parameter to Special:CreateForm or (5) target or (6) alt_form parameter to Special:FormEdit.2015-09-014.3CVE-2015-6731
CONFIRM
MLIST
MLIST
MLIST
FEDORA
semanticforms_project -- semanticformsMultiple cross-site scripting (XSS) vulnerabilities in the SemanticForms extension for MediaWiki allow remote attackers to inject arbitrary web script or HTML via the (1) wpSummary parameter to Special:FormEdit, the (2) "Template label (optional)" field in a form, or a (3) Field name in a template.2015-09-014.3CVE-2015-6732
CONFIRM
CONFIRM
CONFIRM
MLIST
MLIST
MLIST
FEDORA
siemens -- compasThe Siemens COMPAS Mobile application before 1.6 for Android does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.2015-08-315.8CVE-2015-5717
CONFIRM
softing -- fg-x00_profibus_firmwareCross-site scripting (XSS) vulnerability in Softing FG-100 PROFIBUS Single Channel (FG-100-PB) with firmware FG-x00-PB_V2.02.0.00 allows remote attackers to inject arbitrary web script or HTML via the DEVICE_NAME parameter to cgi-bin/CFGhttp/.2015-08-314.3CVE-2014-6616
BID
BUGTRAQ
MISC
timedmediahandler_project -- timedmediahandlerThe reset functionality in the TimedMediaHandler extension for MediaWiki does not create a new transcode, which allows remote attackers to cause a denial of service (transcode deletion) by resetting a transcode.2015-09-015.0CVE-2015-6735
CONFIRM
MLIST
MLIST
MLIST
FEDORA
webgroupmedia -- cerbCross-site request forgery (CSRF) vulnerability in ajax.php in Cerb before 7.0.4 allows remote attackers to hijack the authentication of administrators for requests that add an administrator account via a saveWorkerPeek action.2015-09-036.8CVE-2015-6545
MISC
CONFIRM
BUGTRAQ
CONFIRM
widgets_project -- widgetsCross-site scripting (XSS) vulnerability in the Widgets extension for MediaWiki allows remote attackers to inject arbitrary web script or HTML via vectors involving base64 encoded content.2015-09-014.3CVE-2015-6737
MLIST
MLIST
MLIST
FEDORA
Back to top

Low Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
basware -- bankingBasware Banking (Maksuliikenne) before 8.90.07.X stores private keys in plaintext in the SQL database, which allows remote attackers to spoof communications with banks via unspecified vectors. NOTE: this identifier was SPLIT from CVE-2015-0942 per ADT2 due to different vulnerability types.2015-08-312.1CVE-2015-6746
MISC
FULLDISC
check_mk_project -- check_mkMultiple cross-site scripting (XSS) vulnerabilities in Check_MK before 1.2.2p3 and 1.2.3x before 1.2.3i5 allow remote authenticated users to inject arbitrary web script or HTML via the (1) agent string for a check_mk agent, a (2) crafted request to a monitored host, which is not properly handled by the logwatch module, or other unspecified vectors.2015-08-313.5CVE-2014-2329
BUGTRAQ
BUGTRAQ
fortinet -- forticlientThe (1) mdare64_48.sys, (2) mdare32_48.sys, (3) mdare32_52.sys, and (4) mdare64_52.sys drivers in Fortinet FortiClient before 5.2.4 allows local users to read arbitrary kernel memory via a 0x22608C ioctl call.2015-09-032.1CVE-2015-4077
SECTRACK
CONFIRM
MISC
invisionpower -- invision_power_boardCross-site scripting (XSS) vulnerability in Invision Power Services IPS Community Suite (aka Invision Power Board, IPB, or Power Board) 4.x before 4.0.12.1 allows remote authenticated users to inject arbitrary web script or HTML via the event_location[address] array parameter to calendar/submit/.2015-09-043.5CVE-2015-6810
EXPLOIT-DB
CONFIRM
levelten_interactive -- spotlightCross-site scripting (XSS) vulnerability in the Spotlight module 7.x-1.x before 7.x-1.5 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via a node title.2015-09-043.5CVE-2015-6808
MISC
CONFIRM
linux -- linux_kernelThe UDF filesystem implementation in the Linux kernel before 3.18.2 does not ensure that space is available for storing a symlink target's name along with a trailing \0 character, which allows local users to obtain sensitive information via a crafted filesystem image, related to fs/udf/symlink.c and fs/udf/unicode.c.2015-08-312.1CVE-2014-9731
CONFIRM
CONFIRM
MLIST
CONFIRM
CONFIRM
linux -- linux_kernelarch/x86/entry/entry_64.S in the Linux kernel before 4.1.6 on the x86_64 platform does not properly determine when nested NMI processing is occurring, which allows local users to cause a denial of service (skipped NMI) by modifying the rsp register, issuing a syscall instruction, and triggering an NMI.2015-08-312.1CVE-2015-3291
CONFIRM
CONFIRM
MLIST
CONFIRM
CONFIRM
linux -- linux_kernelThe get_bitmap_file function in drivers/md/md.c in the Linux kernel before 4.1.6 does not initialize a certain bitmap data structure, which allows local users to obtain sensitive information from kernel memory via a GET_BITMAP_FILE ioctl call.2015-08-312.1CVE-2015-5697
CONFIRM
CONFIRM
MLIST
CONFIRM
CONFIRM
mass_contact_project -- mass_contactCross-site scripting (XSS) vulnerability in the Mass Contact module 6.x-1.x before 6.x-1.6 and 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the "administer mass contact" permission to inject arbitrary web script or HTML via a category label.2015-09-042.1CVE-2015-6807
MISC
CONFIRM
CONFIRM
medhabidotcom -- mdc_private_messageCross-site scripting (XSS) vulnerability in the MDC Private Message plugin 1.0.0 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the message field in a private message.2015-09-023.5CVE-2015-6805
EXPLOIT-DB
path_breadcrumbs_project -- path_breadcrumbsCross-site scripting (XSS) vulnerability in the administration interface in the Path Breadcrumbs module 7.x-3.x before 7.x-3.3 for Drupal allows remote authenticated users with the "Administer Path Breadcrumbs" permission to inject arbitrary web script or HTML via unspecified vectors.2015-08-312.1CVE-2015-6754
MISC
CONFIRM
polycom -- realpresence_cloudaxis_suiteCross-site scripting (XSS) vulnerability in Polycom RealPresence CloudAXIS Suite before 1.7.0 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.2015-09-033.5CVE-2015-1516
MISC
quick_edit_project -- quick_editMultiple cross-site scripting (XSS) vulnerabilities in the Quick Edit module 7.x-1.x before 7.x-1.2 for Drupal allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via an (1) entity title, related to in-place editing, or a (2) node title.2015-08-313.5CVE-2015-6753
MISC
CONFIRM
search_api_autocomplete_project -- search_api_autocompleteCross-site scripting (XSS) vulnerability in the Search API Autocomplete module 7.x-1.x before 7.x-1.3 for Drupal, when the search index is configured to use the HTML filter processor, allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors, which are not properly handled in the returned suggestions.2015-08-312.1CVE-2015-6752
MISC
CONFIRM
time_tracker_project -- time_trackerMultiple cross-site scripting (XSS) vulnerabilities in the Time Tracker module 7.x-1.x before 7.x-1.4 for Drupal allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via a (1) notes added to a time entry or (2) activity used to categorize time tracker entries.2015-08-313.5CVE-2015-6751
MISC
CONFIRM
CONFIRM
type74 -- edType74 ED before 4.0 misuses 128-bit ECB encryption for small files, which makes it easier for attackers to obtain plaintext data via differential cryptanalysis of a file with an original length smaller than 128 bits.2015-08-282.6CVE-2015-2987
CONFIRM
CONFIRM
JVNDB
JVN
xen -- xenThe xenmem_add_to_physmap_one function in arch/arm/mm.c in Xen 4.5.x, 4.4.x, and earlier does not limit the number of printk console messages when reporting a failure to retrieve a reference on a foreign page, which allows remote domains to cause a denial of service by leveraging permissions to map the memory of a foreign guest.2015-09-032.1CVE-2015-6654
CONFIRM
SECTRACK
youtube_embed_project -- youtube_embedCross-site scripting (XSS) vulnerability in includes/options-profiles.php in the YouTube Embed plugin before 3.3.3 for WordPress allows remote administrators to inject arbitrary web script or HTML via the Profile name field (youtube_embed_name parameter).2015-08-313.5CVE-2015-6535
CONFIRM
BUGTRAQ
MISC
Back to top

This product is provided subject to this Notification and this Privacy & Use policy.

Was this document helpful?  Yes  |  Somewhat  |  No

Back to Top