SB15-040: Vulnerability Summary for the Week of February 2, 2015

The Patriot · #1 02-25-2015, 06:15 PM

SB15-040: Vulnerability Summary for the Week of February 2, 2015

02-09-2015 03:22 AM

Original release date: February 09, 2015
The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0
Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9
Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

High Vulnerabilities

Primary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoadobe -- acrobatCoolType.dll in Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows, and 10.x through 10.1.13 and 11.x through 11.0.10 on OS X, allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted PDF document.2015-01-309.3 CVE-2014-9161
MISCadobe -- flash_playerUnspecified vulnerability in Adobe Flash Player through 13.0.0.264 and 14.x, 15.x, and 16.x through 16.0.0.296 on Windows and OS X and through 11.2.202.440 on Linux allows remote attackers to execute arbitrary code via unknown vectors, as exploited in the wild in February 2015.2015-02-0210.0 CVE-2015-0313
SECTRACK
BID
SECUNIAadobe -- flash_playerAdobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0316, CVE-2015-0318, CVE-2015-0321, CVE-2015-0329, and CVE-2015-0330.2015-02-0510.0 CVE-2015-0314adobe -- flash_playerUse-after-free vulnerability in Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0313, CVE-2015-0320, and CVE-2015-0322.2015-02-0510.0 CVE-2015-0315adobe -- flash_playerAdobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0314, CVE-2015-0318, CVE-2015-0321, CVE-2015-0329, and CVE-2015-0330.2015-02-0510.0 CVE-2015-0316adobe -- flash_playerAdobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to execute arbitrary code by leveraging an unspecified "type confusion," a different vulnerability than CVE-2015-0319.2015-02-0510.0 CVE-2015-0317adobe -- flash_playerAdobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0314, CVE-2015-0316, CVE-2015-0321, CVE-2015-0329, and CVE-2015-0330.2015-02-0510.0 CVE-2015-0318adobe -- flash_playerAdobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to execute arbitrary code by leveraging an unspecified "type confusion," a different vulnerability than CVE-2015-0317.2015-02-0510.0 CVE-2015-0319adobe -- flash_playerUse-after-free vulnerability in Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0313, CVE-2015-0315, and CVE-2015-0322.2015-02-0510.0 CVE-2015-0320adobe -- flash_playerAdobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0314, CVE-2015-0316, CVE-2015-0318, CVE-2015-0329, and CVE-2015-0330.2015-02-0510.0 CVE-2015-0321adobe -- flash_playerUse-after-free vulnerability in Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0313, CVE-2015-0315, and CVE-2015-0320.2015-02-0510.0 CVE-2015-0322adobe -- flash_playerHeap-based buffer overflow in Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0327.2015-02-0510.0 CVE-2015-0323adobe -- flash_playerBuffer overflow in Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to execute arbitrary code via unspecified vectors.2015-02-0510.0 CVE-2015-0324adobe -- flash_playerAdobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2015-0326 and CVE-2015-0328.2015-02-0510.0 CVE-2015-0325adobe -- flash_playerAdobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2015-0325 and CVE-2015-0328.2015-02-0510.0 CVE-2015-0326adobe -- flash_playerHeap-based buffer overflow in Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0323.2015-02-0510.0 CVE-2015-0327adobe -- flash_playerAdobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2015-0325 and CVE-2015-0326.2015-02-0510.0 CVE-2015-0328adobe -- flash_playerAdobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0314, CVE-2015-0316, CVE-2015-0318, CVE-2015-0321, and CVE-2015-0330.2015-02-0510.0 CVE-2015-0329adobe -- flash_playerAdobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0314, CVE-2015-0316, CVE-2015-0318, CVE-2015-0321, and CVE-2015-0329.2015-02-0510.0 CVE-2015-0330apple -- apple_tvDirectory traversal vulnerability in afc in AppleFileConduit in Apple iOS before 8.1.3 and Apple TV before 7.0.3 allows attackers to access unintended filesystem locations by creating a symlink.2015-01-3010.0 CVE-2014-4480apple -- apple_tvFontParser in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted .dfont file.2015-01-307.5 CVE-2014-4484apple -- apple_tvBuffer overflow in the XML parser in Foundation in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted XML document.2015-01-307.5 CVE-2014-4485apple -- apple_tvIOAcceleratorFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not properly handle resource lists and IOService userclient types, which allows attackers to execute arbitrary code or cause a denial of service (NULL pointer dereference) via a crafted app.2015-01-3010.0 CVE-2014-4486apple -- apple_tvBuffer overflow in IOHIDFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows attackers to execute arbitrary code in a privileged context via a crafted app.2015-01-3010.0 CVE-2014-4487apple -- apple_tvIOHIDFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not properly validate resource-queue metadata, which allows attackers to execute arbitrary code in a privileged context via a crafted app.2015-01-3010.0 CVE-2014-4488apple -- apple_tvIOHIDFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not properly initialize event queues, which allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.2015-01-3010.0 CVE-2014-4489apple -- apple_tvlibnetcore in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not verify that certain values have the expected data type, which allows attackers to execute arbitrary code in an _networkd context via a crafted XPC message from a sandboxed app, as demonstrated by lack of verification of the XPC dictionary data type.2015-01-307.5 CVE-2014-4492
MISC
APPLEapple -- iphone_osThe app-installation functionality in MobileInstallation in Apple iOS before 8.1.3 allows attackers to obtain control of the local app container by leveraging access to an enterprise distribution certificate for signing a crafted app.2015-01-307.5 CVE-2014-4493apple -- apple_tvThe kernel in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not enforce the read-only attribute of a shared memory segment during use of a custom cache mode, which allows attackers to bypass intended access restrictions via a crafted app.2015-01-3010.0 CVE-2014-4495apple -- mac_os_xInteger signedness error in IOBluetoothFamily in the Bluetooth implementation in Apple OS X before 10.10 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (write to kernel memory) via a crafted app.2015-01-3010.0 CVE-2014-4497apple -- mac_os_xcoresymbolicationd in CoreSymbolication in Apple OS X before 10.10.2 does not verify that expected data types are present in XPC messages, which allows attackers to execute arbitrary code in a privileged context via a crafted app, as demonstrated by lack of verification of xpc_dictionary_get_value API return values during handling of a (1) match_mmap_archives, (2) delete_mmap_archives, (3) write_mmap_archive, or (4) read_mmap_archive command.2015-01-3010.0 CVE-2014-8817
MISCapple -- mac_os_xThe Intel Graphics Driver in Apple OS X before 10.10.2 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2014-8820 and CVE-2014-8821.2015-01-307.2 CVE-2014-8819apple -- mac_os_xThe Intel Graphics Driver in Apple OS X before 10.10.2 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2014-8819 and CVE-2014-8821.2015-01-307.2 CVE-2014-8820apple -- mac_os_xThe Intel Graphics Driver in Apple OS X before 10.10.2 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2014-8819 and CVE-2014-8820.2015-01-307.2 CVE-2014-8821apple -- mac_os_xIOHIDFamily in Apple OS X before 10.10.2 allows attackers to execute arbitrary code in a kernel context or cause a denial of service (write to kernel memory) via a crafted app that calls an unspecified user-client method.2015-01-3010.0 CVE-2014-8822apple -- mac_os_xThe kernel in Apple OS X before 10.10.2 does not properly validate IODataQueue object metadata fields, which allows attackers to execute arbitrary code in a privileged context via a crafted app.2015-01-3010.0 CVE-2014-8824apple -- mac_os_xThe kernel in Apple OS X before 10.10.2 does not properly perform identitysvc validation of certain directory-service functionality, which allows local users to gain privileges or spoof directory-service responses via unspecified vectors.2015-01-307.2 CVE-2014-8825apple -- mac_os_xSandbox in Apple OS X before 10.10 allows attackers to write to the sandbox-profile cache via a sandboxed app that includes a com.apple.sandbox segment in a path.2015-01-307.5 CVE-2014-8828
XFapple -- mac_os_xSceneKit in Apple OS X before 10.10.2 allows attackers to execute arbitrary code or cause a denial of service (out-of-bounds write) via a crafted app.2015-01-307.5 CVE-2014-8829
XFapple -- mac_os_xThe xpc_data_get_bytes function in libxpc in Apple OS X before 10.10.2 does not verify that a dictionary's Attributes key has the xpc_data data type, which allows attackers to execute arbitrary code by providing a crafted dictionary to sysmond, related to an "XPC type confusion" issue.2015-01-3010.0 CVE-2014-8835
MISC
XF
BID
EXPLOIT-DBapple -- mac_os_xThe Bluetooth driver in Apple OS X before 10.10.2 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (arbitrary-size bzero of kernel memory) via a crafted app.2015-01-3010.0 CVE-2014-8836
XF
SECTRACK
MISCapple -- mac_os_xMultiple unspecified vulnerabilities in the Bluetooth driver in Apple OS X before 10.10.2 allow attackers to execute arbitrary code in a privileged context via a crafted app.2015-01-3010.0 CVE-2014-8837
XFarubanetworks -- instant_access_point_firmwareHeap-based buffer overflow in Aruba Instant (IAP) with firmware before 4.0.0.7 and 4.1.x before 4.1.1.2 allows remote attackers to cause a denial of service (crash or reset to factory default) via a malformed frame to the wireless interface.2015-02-037.8 CVE-2015-1348avg -- internet_securityThe TDI driver (avgtdix.sys) in AVG Internet Security before 2013.3495 Hot Fix 18 and 2015.x before 2015.5315 and Protection before 2015.5315 allows local users to write to arbitrary memory locations, and consequently gain privileges, via a crafted 0x830020f8 IOCTL call.2015-02-067.2 CVE-2014-9632
OSVDB
MISC
EXPLOIT-DB
MISCbluecoat -- proxyclientBlue Coat ProxyClient before 3.3.3.3 and 3.4.x before 3.4.4.10 and Unified Agent before 4.1.3.151952 does not properly validate certain certificates, which allows man-in-the-middle attackers to spoof ProxySG Client Managers, and consequently modify configurations and execute arbitrary software updates, via a crafted certificate.2015-02-027.1 CVE-2015-1454
SECUNIAclamav -- clamavClamAV before 0.98.6 allows remote attackers to have unspecified impact via a crafted upack packer file, related to a "heap out of bounds condition."2015-02-037.5 CVE-2014-9328
BID
SECTRACK
SECUNIA
SECUNIA
FEDORA
FEDORAclamav -- clamavClamAV before 0.98.6 allows remote attackers to have unspecified impact via a crafted (1) Yoda's crypter or (2) mew packer file, related to a "heap out of bounds condition."2015-02-037.5 CVE-2015-1461
SECTRACK
SECUNIA
FEDORA
FEDORAclamav -- clamavClamAV before 0.98.6 allows remote attackers to have unspecified impact via a crafted upx packer file, related to a "heap out of bounds condition."2015-02-037.5 CVE-2015-1462
SECTRACK
SECUNIA
FEDORA
FEDORAcmsjunkie -- j-classifiedsmanagerSQL injection vulnerability in the CMSJunkie J-ClassifiedsManager component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a viewad task to classifieds/offerring-ads.2015-02-047.5 CVE-2015-1477
EXPLOIT-DB
MISC
OSVDBcomodo -- backupThe bdisk.sys driver in COMODO Backup before 4.4.1.23 allows remote attackers to gain privileges via a crafted device handle, which triggers a NULL pointer dereference.2015-02-037.5 CVE-2014-9633
EXPLOIT-DB
MISC
CONFIRMcontent_rating_extbase_project -- content_rating_extbaseSQL injection vulnerability in the Content Rating Extbase extension 2.0.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.2015-02-037.5 CVE-2015-1405
BID
MLIST
MLISTcontent_rating_project -- content_ratingSQL injection vulnerability in the Content Rating extension 1.0.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.2015-02-037.5 CVE-2015-1403
BID
MLIST
MLISTcybozu -- remote_service_managerAlgorithmic complexity vulnerability in Cybozu Remote Service Manager through 2.3.0 and 3.x through 3.1.2 allows remote attackers to cause a denial of service (CPU consumption) via vectors that trigger colliding hash-table keys. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-1983.2015-02-017.8 CVE-2014-7266ecommercemajor_project -- ecommercemajorMultiple SQL injection vulnerabilities in xlinkerz ecommerceMajor allow remote attackers to execute arbitrary SQL commands via the (1) productbycat parameter to product.php, or (2) username or (3) password parameter to __admin/index.php.2015-02-047.5 CVE-2015-1476
EXPLOIT-DB
MISC
OSVDB
OSVDBfluxbb -- fluxbbDirectory traversal vulnerability in install.php in FluxBB before 1.5.8 allows remote attackers to include and execute arbitrary local install.php files via a .. (dot dot) in the install_lang parameter.2015-02-039.3 CVE-2014-9574
MISC
XFfortinet -- fortiosThe Control and Provisioning of Wireless Access Points (CAPWAP) daemon in Fortinet FortiOS 5.0 Patch 7 build 4457 allows remote attackers to cause a denial of service (locked CAPWAP Access Controller) via a large number of ClientHello DTLS messages.2015-02-027.8 CVE-2015-1452
MISC
FULLDISCfortinet -- fortiauthenticatorFortinet FortiAuthenticator 3.0.0 has a password of (1) slony for the slony PostgreSQL user and (2) www-data for the www-data PostgreSQL user, which makes it easier for remote attackers to obtain access via unspecified vectors.2015-02-037.5 CVE-2015-1455
BID
MISC
MISCfreebsd -- freebsdInteger signedness error in the vt console driver (formerly Newcons) in FreeBSD 10.1 allows local users to cause a denial of service (crash) and possibly gain privileges via a negative value in a VT_WAITACTIVE ioctl call, which triggers an array index error and out-of-bounds kernel memory access.2015-02-027.2 CVE-2014-0998
BUGTRAQ
MISC
FULLDISCfreebsd -- freebsdThe sctp module in FreeBSD 10.1 before p5, 10.0 before p17, 9.3 before p9, and 8.4 before p23 allows remote attackers to cause a denial of service (NULL pointer dereference and kernel panic) via a crafted RE_CONFIG chunk.2015-02-027.8 CVE-2014-8613
SECTRACK
BIDgoogle -- chromeUse-after-free vulnerability in the VisibleSelection::nonBoundaryShadowTreeRootNode function in core/editing/VisibleSelection.cpp in the DOM implementation in Blink, as used in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that triggers improper handling of a shadow-root anchor.2015-02-067.5 CVE-2015-1209
CONFIRM
CONFIRMgoogle -- chromeThe OriginCanAccessServiceWorkers function in content/browser/service_worker/service_worker_dispatcher_host.cc in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android does not properly restrict the URI scheme during a ServiceWorker registration, which allows remote attackers to gain privileges via a filesystem: URI.2015-02-067.5 CVE-2015-1211
CONFIRMgoogle -- chromeMultiple unspecified vulnerabilities in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android allow attackers to cause a denial of service or possibly have other impact via unknown vectors.2015-02-067.5 CVE-2015-1212
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRMhuawei -- quidway_firmwareHuawei Quidway switches with firmware before V200R005C00SPC300 allows remote attackers to gain privileges via a crafted packet.2015-02-037.5 CVE-2015-1460i-o_data_device -- np-bbrmI-O DATA DEVICE NP-BBRM routers allow remote attackers to cause a denial of service (SSDP reflection) via UPnP requests.2015-02-017.8 CVE-2015-0869ibm -- tivoli_monitoringIBM Tivoli Monitoring (ITM) 6.2.0 through FP03, 6.2.1 through FP04, 6.2.2 through FP09, 6.2.3 through FP05, and 6.3.0 before FP04 allows remote authenticated users to bypass intended access restrictions and execute arbitrary commands by leveraging Take Action view authority to modify in-progress commands.2015-02-018.5 CVE-2014-6141
XFnetapp -- oncommand_balanceNetApp OnCommand Balance before 4.2P2 contains a "default privileged account," which allows remote attackers to gain privileges via unspecified vectors.2015-02-0610.0 CVE-2014-9353npds -- revolutionSQL injection vulnerability in search.php in NPDS Revolution 13 allows remote attackers to execute arbitrary SQL commands via the query parameter.2015-02-037.5 CVE-2015-1400
MISC
MISCpexip -- pexip_infinityPexip Infinity before 8 uses the same SSH host keys across different customers' installations, which allows man-in-the-middle attackers to spoof Management and Conferencing Nodes by leveraging these keys.2015-02-037.1 CVE-2014-8779
BID
BUGTRAQ
MISCpiwigo -- piwigoSQL injection vulnerability in Piwigo before 2.5.6, 2.6.x before 2.6.5, and 2.7.x before 2.7.3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.2015-02-037.5 CVE-2015-1441
BID
SECUNIArestaurantbiller -- restaurant_billerSQL injection vulnerability in Restaurant Biller allows remote attackers to execute arbitrary SQL commands via the cid parameter in a category action to index.php.2015-02-027.5 CVE-2015-1450
MISCschneider-electric -- somachineStack-based buffer overflow in an unspecified DLL file in a DTM development kit in Schneider Electric Unity Pro, SoMachine, SoMove, SoMove Lite, Modbus Communication Library 2.2.6 and earlier, CANopen Communication Library 1.0.2 and earlier, EtherNet/IP Communication Library 1.0.0 and earlier, EM X80 Gateway DTM (MB TCP/SL), Advantys DTM for OTB, Advantys DTM for STB, KINOS DTM, SOLO DTM, and Xantrex DTMs allows remote attackers to execute arbitrary code via unspecified vectors.2015-02-017.5 CVE-2014-9200sefrengo -- sefrengoMultiple SQL injection vulnerabilities in Sefrengo before 1.6.2 allow (1) remote attackers to execute arbitrary SQL commands via the sefrengo cookie in a login to backend/main.php or (2) remote authenticated users to execute arbitrary SQL commands via the value_id parameter in a save_value action to backend/main.php.2015-02-037.5 CVE-2015-1428
MISC
MISC
BUGTRAQ
MISC
EXPLOIT-DBservision -- hvg_video_gateway_firmwaretime.htm in the web interface on SerVision HVG Video Gateway devices with firmware before 2.2.26a78 allows remote attackers to bypass authentication and obtain administrative access by leveraging a cookie received in an HTTP response.2015-02-0310.0 CVE-2015-0929servision -- hvg_video_gateway_firmwareThe web interface on SerVision HVG Video Gateway devices with firmware before 2.2.26a100 has a hardcoded administrative password, which makes it easier for remote attackers to obtain access via an HTTP session.2015-02-0310.0 CVE-2015-0930servision -- hvg_video_gateway_firmwaretime.htm in the web interface on SerVision HVG Video Gateway devices with firmware through 2.2.26a100 allows remote authenticated users to gain privileges by leveraging a cookie received in an HTTP response, a different vulnerability than CVE-2015-0929 and CVE-2015-0930.2015-02-039.0 CVE-2015-1469shiromuku -- bu2_bbsUnrestricted file upload vulnerability in Mrs. Shiromuku Perl CGI shiromuku(bu2)BBS before 2.91 allows remote attackers to execute arbitrary code by uploading an executable file.2015-02-017.5 CVE-2015-0868siemens -- ruggedcom_firmwareThe integrated management service on Siemens Ruggedcom WIN51xx devices with firmware before SS4.4.4624.35, WIN52xx devices with firmware before SS4.4.4624.35, WIN70xx devices with firmware before BS4.4.4621.32, and WIN72xx devices with firmware before BS4.4.4621.32 allows remote attackers to bypass authentication and perform administrative actions via unspecified vectors.2015-02-0210.0 CVE-2015-1448siemens -- ruggedcom_firmwareBuffer overflow in the integrated web server on Siemens Ruggedcom WIN51xx devices with firmware before SS4.4.4624.35, WIN52xx devices with firmware before SS4.4.4624.35, WIN70xx devices with firmware before BS4.4.4621.32, and WIN72xx devices with firmware before BS4.4.4621.32 allows remote attackers to execute arbitrary code via unspecified vectors.2015-02-0210.0 CVE-2015-1449symantec -- encryption_management_serverSymantec PGP Universal Server and Encryption Management Server before 3.3.2 MP7 allow remote authenticated administrators to execute arbitrary shell commands via a crafted command line in a database-backup restore action.2015-01-319.0 CVE-2014-7288
BIDzohocorp -- manageengine_opmanagerMultiple SQL injection vulnerabilities in the FailOverHelperServlet (aka FailServlet) servlet in ZOHO ManageEngine OpManager 8 through 11.5 build 11400 and IT360 10.5 and earlier allow remote attackers and remote authenticated users to execute arbitrary SQL commands via the (1) customerName or (2) serverRole parameter in a standbyUpdateInCentral operation to servlet/com.adventnet.me.opmanager.servlet.FailOverHelperS ervlet.2015-02-047.5 CVE-2014-7864
CONFIRM
MISC
XF
BUGTRAQ
FULLDISC
MISC Back to top

Medium Vulnerabilities

Primary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoansible -- towerAnsible Tower (aka Ansible UI) before 2.0.5 allows remote organization administrators to gain privileges by creating a superuser account.2015-02-046.5 CVE-2015-1481
MISC
BUGTRAQ
EXPLOIT-DB
FULLDISC
MISCansible -- towerAnsible Tower (aka Ansible UI) before 2.0.5 allows remote attackers to bypass authentication and obtain sensitive information via a websocket connection to socket.io/1/.2015-02-045.0 CVE-2015-1482
MISC
BUGTRAQ
EXPLOIT-DB
FULLDISC
MISCapache -- qpidUnspecified vulnerability in Apache Qpid 0.30 and earlier allows remote attackers to bypass access restrictions on qpidd via unknown vectors, related to 0-10 connection handling.2015-02-025.0 CVE-2015-0223
BID
BUGTRAQ
MISCapple -- iphone_osWebKit, as used in Apple iOS before 8.1.3, does not properly determine scrollbar boundaries during the rendering of FRAME elements, which allows remote attackers to spoof the UI via a crafted web site.2015-01-304.3 CVE-2014-4467apple -- apple_tvWebKit, as used in Apple iOS before 8.1.3; Apple Safari before 6.2.3, 7.x before 7.1.3, and 8.x before 8.0.3; and Apple TV before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-4477 and CVE-2014-4479.2015-01-306.8 CVE-2014-4476apple -- apple_tvWebKit, as used in Apple iOS before 8.1.3; Apple Safari before 6.2.3, 7.x before 7.1.3, and 8.x before 8.0.3; and Apple TV before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-4476 and CVE-2014-4479.2015-01-306.8 CVE-2014-4477apple -- apple_tvWebKit, as used in Apple iOS before 8.1.3; Apple Safari before 6.2.3, 7.x before 7.1.3, and 8.x before 8.0.3; and Apple TV before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-4476 and CVE-2014-4477.2015-01-306.8 CVE-2014-4479apple -- apple_tvInteger overflow in CoreGraphics in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document.2015-01-306.8 CVE-2014-4481apple -- apple_tvBuffer overflow in FontParser in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted font file in a PDF document.2015-01-306.8 CVE-2014-4483apple -- apple_tvThe extension APIs in the kernel in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 do not prevent the presence of addresses within an OSBundleMachOHeaders key in a response, which makes it easier for attackers to bypass the ASLR protection mechanism via a crafted app.2015-01-305.0 CVE-2014-4491apple -- iphone_osSpringboard in Apple iOS before 8.1.3 does not properly validate signatures when determining whether to solicit an app trust decision from the user, which allows attackers to bypass intended first-launch restrictions by leveraging access to an enterprise distribution certificate for signing a crafted app.2015-01-306.8 CVE-2014-4494apple -- mac_os_xThe CPU Software in Apple OS X before 10.10.2 allows physically proximate attackers to modify firmware during the EFI update process by inserting a Thunderbolt device with crafted code in an Option ROM, aka the "Thunderstrike" issue.2015-01-304.9 CVE-2014-4498
MISCapple -- mac_os_xCoreGraphics in Apple OS X before 10.10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted PDF document.2015-01-306.8 CVE-2014-8816apple -- mac_os_xThe IOUSBControllerUserClient::ReadRegister function in the IOUSB controller in IOUSBFamily in Apple OS X before 10.10.2 allows local users to read data from arbitrary kernel-memory locations by leveraging root access and providing a crafted first argument.2015-01-304.7 CVE-2014-8823
MISCapple -- mac_os_xLaunchServices in Apple OS X before 10.10.2 does not properly handle file-type metadata, which allows attackers to bypass the Gatekeeper protection mechanism via a crafted JAR archive.2015-01-305.0 CVE-2014-8826
BUGTRAQ
FULLDISCapple -- mac_os_xHeap-based buffer overflow in SceneKit in Apple OS X before 10.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted accessor element in a Collada file.2015-01-306.8 CVE-2014-8830
XFapple -- mac_os_xsecurity_taskgate in Apple OS X before 10.10.2 allows attackers to read group-ACL-restricted keychain items of arbitrary apps via a crafted app with a signature from a (1) self-signed certificate or (2) Developer ID certificate.2015-01-305.0 CVE-2014-8831
XFapple -- mac_os_xThe indexing functionality in Spotlight in Apple OS X before 10.10.2 writes memory contents to an external hard drive, which allows local users to obtain sensitive information by reading from this drive.2015-01-304.9 CVE-2014-8832
XFapple -- mac_os_xThe Security component in Apple OS X before 10.10.2 does not properly process cached information about app certificates, which allows attackers to bypass the Gatekeeper protection mechanism by leveraging access to a revoked Developer ID certificate for signing a crafted app.2015-01-304.3 CVE-2014-8838
XFapple -- mac_os_xSpotlight in Apple OS X before 10.10.2 does not enforce the Mail "Load remote content in messages" configuration, which allows remote attackers to discover recipient IP addresses by including an inline image in an HTML e-mail message and logging HTTP requests for this image's URL.2015-01-305.0 CVE-2014-8839
XF
MISC
SECTRACK
MISCapple -- iphone_osThe iTunes Store component in Apple iOS before 8.1.3 allows remote attackers to bypass a Safari sandbox protection mechanism by leveraging redirection of an SSL URL to the iTunes Store.2015-01-306.8 CVE-2014-8840
MISC
XFasus -- rt-ac56sASUS JAPAN RT-AC87U routers with firmware 3.0.0.4.378.3754 and earlier, RT-AC68U routers with firmware 3.0.0.4.376.3715 and earlier, RT-AC56S routers with firmware 3.0.0.4.376.3715 and earlier, RT-N66U routers with firmware 3.0.0.4.376.3715 and earlier, and RT-N56U routers with firmware 3.0.0.4.376.3715 and earlier allow remote authenticated users to execute arbitrary OS commands via unspecified vectors.2015-02-016.5 CVE-2014-7269asus -- rt-ac56sCross-site request forgery (CSRF) vulnerability on ASUS JAPAN RT-AC87U routers with firmware 3.0.0.4.378.3754 and earlier, RT-AC68U routers with firmware 3.0.0.4.376.3715 and earlier, RT-AC56S routers with firmware 3.0.0.4.376.3715 and earlier, RT-N66U routers with firmware 3.0.0.4.376.3715 and earlier, and RT-N56U routers with firmware 3.0.0.4.376.3715 and earlier allows remote attackers to hijack the authentication of arbitrary users.2015-02-016.8 CVE-2014-7270asus -- rt-n10+d1_firmwareMultiple cross-site scripting (XSS) vulnerabilities in Asus RT-N10+ D1 router with firmware 2.1.1.1.70 allow remote attackers to inject arbitrary web script or HTML via the flag parameter to (1) result_of_get_changed_status.asp or (2) error_page.htm.2015-02-044.3 CVE-2015-1437
XF
XF
BID
BUGTRAQ
BUGTRAQ
BUGTRAQ
MISCbanner_effect_header_project -- banner_effect_headerCross-site scripting (XSS) vulnerability in the Banner Effect Header plugin before 1.2.8 for WordPress allows remote attackers to inject arbitrary web script or HTML via the banner_effect_divid parameter in the BannerEffectOptions page to wp-admin/options-general.php.2015-02-034.3 CVE-2015-1384
MISC
BUGTRAQ
FULLDISCblubrry -- powerpress_podcastingCross-site scripting (XSS) vulnerability in the Blubrry PowerPress Podcasting plugin before 6.0.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cat parameter in a powerpress-editcategoryfeed action in the powerpressadmin_categoryfeeds.php page to wp-admin/admin.php.2015-02-024.3 CVE-2015-1385
MISC
BID
BUGTRAQ
FULLDISC
MISCcisco -- nx-osThe TACACS+ command-authorization implementation in Cisco NX-OS allows local users to cause a denial of service (device reload) via a long CLI command, aka Bug ID CSCur54182.2015-02-034.9 CVE-2014-8013cisco -- anyconnect_secure_mobility_clientCross-site scripting (XSS) vulnerability in Cisco AnyConnect Secure Mobility Client 3.1(.02043) and earlier and Cisco HostScan Engine 3.1(.05183) and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving an applet-path URL, aka Bug IDs CSCup82990 and CSCuq80149.2015-02-034.3 CVE-2014-8021cisco -- webex_meetings_serverThe XMLAPI in Cisco WebEx Meetings Server 1.5(.1.131) and earlier allows remote attackers to obtain sensitive information by reading return messages from crafted GET requests, aka Bug ID CSCuj67079.2015-02-015.0 CVE-2015-0595
SECTRACK
BID
SECUNIAcisco -- webex_meetings_serverCross-site request forgery (CSRF) vulnerability in Cisco WebEx Meetings Server 1.5(.1.131) and earlier allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuj67163.2015-02-016.8 CVE-2015-0596
SECTRACK
BID
SECUNIAcisco -- webex_meetings_serverThe Forgot Password feature in Cisco WebEx Meetings Server 1.5(.1.131) and earlier allows remote attackers to enumerate administrative accounts via crafted packets, aka Bug IDs CSCuj67166 and CSCuj67159.2015-02-015.0 CVE-2015-0597
SECTRACK
BIDcisco -- unified_computing_systemThe web interface in Cisco Integrated Management Controller in Cisco Unified Computing System (UCS) on C-Series Rack Servers does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a "cross-frame scripting (XFS)" issue, aka Bug ID CSCuf50138.2015-02-034.3 CVE-2015-0599clamav -- clamavClamAV before 0.98.6 allows remote attackers to cause a denial of service (crash) via a crafted petite packer file, related to an "incorrect compiler optimization."2015-02-035.0 CVE-2015-1463
FEDORA
FEDORAcmsjunkie -- j-classifiedsmanagerCross-site scripting (XSS) vulnerability in the CMSJunkie J-ClassifiedsManager component for Joomla! allows remote attackers to inject arbitrary web script or HTML via the view parameter to /classifieds.2015-02-044.3 CVE-2015-1478
EXPLOIT-DB
MISC
OSVDBcontent_rating_extbase_project -- content_rating_extbaseCross-site scripting (XSS) vulnerability in the Content Rating Extbase extension 2.0.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2015-02-034.3 CVE-2015-1404
BID
MLIST
MLISTcontent_rating_project -- content_ratingCross-site scripting (XSS) vulnerability in the Content Rating extension 1.0.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2015-02-034.3 CVE-2015-1402
BID
MLIST
MLISTemc -- unisphere_centralOpen redirect vulnerability in EMC Unisphere Central before 4.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via an unspecified parameter.2015-02-015.8 CVE-2015-0512
SECTRACK
BID
BUGTRAQfortinet -- forticlientThe qm class in Fortinet FortiClient 5.2.3.091 for Android uses a hardcoded encryption key of FoRtInEt!AnDrOiD, which makes it easier for attackers to obtain passwords and possibly other sensitive data by leveraging the key to decrypt data in the Shared Preferences.2015-02-025.0 CVE-2015-1453
MISC
FULLDISCfortinet -- fortiauthenticatorFortinet FortiAuthenticator 3.0.0 logs the PostgreSQL usernames and passwords in cleartext, which allows remote administrators to obtain sensitive information by reading the log at debug/startup/.2015-02-034.0 CVE-2015-1456
BID
MISC
MISCfortinet -- fortiauthenticatorFortinet FortiAuthenticator 3.0.0 allows local users to read arbitrary files via the -f flag to the dig command.2015-02-034.9 CVE-2015-1457
XF
BID
MISC
MISCfortinet -- fortiauthenticatorFortinet FortiAuthenticator 3.0.0 allows local users to bypass intended restrictions and gain privileges by creating /tmp/privexec/dbgcore_enable_shell_access and executing the "shell" command.2015-02-036.9 CVE-2015-1458
XF
BID
MISC
MISCfortinet -- fortiauthenticatorCross-site scripting (XSS) vulnerability in Fortinet FortiAuthenticator 3.0.0 allows remote attackers to inject arbitrary web script or HTML via the operation parameter to cert/scep/.2015-02-034.3 CVE-2015-1459
XF
BID
MISC
MISCfreebsd -- freebsdMultiple array index errors in the Stream Control Transmission Protocol (SCTP) module in FreeBSD 10.1 before p5, 10.0 before p17, 9.3 before p9, and 8.4 before p23 allow local users to (1) gain privileges via the stream id to the setsockopt function, when setting the SCTIP_SS_VALUE option, or (2) read arbitrary kernel memory via the stream id to the getsockopt function, when getting the SCTP_SS_PRIORITY option.2015-02-024.6 CVE-2014-8612
SECTRACK
BID
BUGTRAQ
MISC
FULLDISCgeo_mashup_project -- geo_mashupCross-site scripting (XSS) vulnerability in the geo search widget in the Geo Mashup plugin before 1.8.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the search key.2015-02-024.3 CVE-2015-1383
MLIST
FULLDISCgoogle -- chromeThe V8ThrowException::createDOMException function in bindings/core/v8/V8ThrowException.cpp in the V8 bindings in Blink, as used in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android, does not properly consider frame access restrictions during the throwing of an exception, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.2015-02-065.0 CVE-2015-1210
CONFIRM
CONFIRMhp -- sitescopeUnspecified vulnerability in HP SiteScope 11.1x and 11.2x allows remote authenticated users to gain privileges via unknown vectors.2015-02-015.5 CVE-2014-7882ibm -- security_appscanIBM Security AppScan Standard 8.x and 9.x before 9.0.1.1 FP1 supports unencrypted sessions, which allows remote attackers to obtain sensitive information by sniffing the network.2015-02-015.0 CVE-2014-6136
XFibm -- integration_busThe HTTPInput node in IBM WebSphere Message Broker 7.0 before 7.0.0.8 and 8.0 before 8.0.0.6 and IBM Integration Bus 9.0 before 9.0.0.4 allows remote attackers to obtain sensitive information by triggering a SOAP fault.2015-02-015.0 CVE-2014-6170
XFibm -- security_appscanIBM Security AppScan Standard 8.x and 9.x before 9.0.1.1 FP1 does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.2015-02-015.8 CVE-2014-8918
XFlabtech_software -- labtechLabtech before 100.237 on Linux uses world-writable permissions for root-executed scripts, which allows local users to gain privileges by modifying a script file.2015-01-316.8 CVE-2015-0926landesk -- landesk_management_suiteCross-site scripting (XSS) vulnerability in the admin interface in LANDESK Management Suite before 9.6 SP1 allows remote attackers to inject arbitrary web script or HTML via the AMTVersion parameter to remote/serverlist_grouptree.aspx.2015-02-034.3 CVE-2014-5360
FULLDISClibmspack_project -- libmspackInteger overflow in the qtmd_decompress function in libmspack 0.4 allows remote attackers to cause a denial of service (hang) via a crafted CAB file, which triggers an infinite loop.2015-02-035.0 CVE-2014-9556
CONFIRM
MLIST
MLIST
SECUNIA
SUSElinux -- linux_kernelRace condition in NVMap in NVIDIA Tegra Linux Kernel 3.10 alllows local users to gain privileges via a crafted NVMAP_IOC_CREATE IOCTL call, which triggers a use-after-free error, as demonstrated by using a race condition to escape the Chrome sandbox.2015-02-066.9 CVE-2014-5332
MISCm2_technologies -- optimalsiteCross-site scripting (XSS) vulnerability in display_dialog.php in M2 OptimalSite 0.1 and 2.4 allows remote attackers to inject arbitrary web script or HTML via the image parameter.2015-02-044.3 CVE-2014-9562
MISC
FULLDISCmanageengine -- supportcenter_plusMultiple cross-site scripting (XSS) vulnerabilities in Zoho ManageEngine SupportCenter Plus 7.9 before hotfix 7941 allow remote attackers to inject arbitrary web script or HTML via the (1) fromCustomer, (2) username, or (3) password parameter to HomePage.do.2015-02-024.3 CVE-2015-0866
MISC
BID
BUGTRAQmanageengine -- servicedesk_plusZOHO ManageEngine ServiceDesk Plus (SDP) before 9.0 build 9031 allows remote authenticated users to obtain sensitive ticket information via a (1) getTicketData action to servlet/AJaxServlet or a direct request to (2) swf/flashreport.swf, (3) reports/flash/details.jsp, or (4) reports/CreateReportTable.jsp.2015-02-044.0 CVE-2015-1480
BID
BUGTRAQ
MISC
EXPLOIT-DB
MISC
OSVDBmozilla -- bugzillaBugzilla before 4.0.16, 4.1.x and 4.2.x before 4.2.12, 4.3.x and 4.4.x before 4.4.7, and 5.x before 5.0rc1 allows remote authenticated users to execute arbitrary commands by leveraging the editcomponents privilege and triggering crafted input to a two-argument Perl open call, as demonstrated by shell metacharacters in a product name.2015-02-016.5 CVE-2014-8630mylittleforum -- mylittleforumMultiple cross-site scripting (XSS) vulnerabilities in my little forum 2.3.3, 2.2, and 1.7 allow remote attackers to inject arbitrary web script or HTML via the (1) page or (2) category parameter to forum.php or the (3) page or (4) order parameter to (a) board_entry.php or (b) forum_entry.php.2015-02-044.3 CVE-2015-1475
MISC
FULLDISCnishishi -- fumy_news_clipperCross-site scripting (XSS) vulnerability in hb.cgi in Nishishi Factory Fumy News Clipper 2.x before 2.5.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2015-01-314.3 CVE-2015-0870owncloud -- owncloudThe SFTP external storage driver (files_external) in ownCloud Server before 6.0.5 validates the RSA Host key after login, which allows remote attackers to obtain sensitive information by sniffing the network.2015-02-044.3 CVE-2014-5341owncloud -- owncloudThe import functionality in the bookmarks application in ownCloud server before 5.0.18, 6.x before 6.0.6, and 7.x before 7.0.3 does not validate CSRF tokens, which allow remote attackers to conduct CSRF attacks.2015-02-046.8 CVE-2014-9041owncloud -- owncloudThe user_ldap (aka LDAP user and group backend) application in ownCloud before 5.0.18, 6.x before 6.0.6, and 7.x before 7.0.3 allows remote attackers to bypass authentication via a null byte in the password and a valid user name, which triggers an unauthenticated bind.2015-02-045.0 CVE-2014-9043owncloud -- owncloudAsset Pipeline in ownCloud 7.x before 7.0.3 uses an MD5 hash of the absolute file paths of the original CSS and JS files as the name of the concatenated file, which allows remote attackers to obtain sensitive information via a brute force attack.2015-02-045.0 CVE-2014-9044owncloud -- owncloudThe FTP backend in user_external in ownCloud Server before 5.0.18 and 6.x before 6.0.6 allows remote attackers to bypass intended authentication requirements via a crafted password.2015-02-045.0 CVE-2014-9045owncloud -- owncloudThe OC_Util::getUrlContent function in ownCloud Server before 5.0.18, 6.x before 6.0.6, and 7.x before 7.0.3 allows remote attackers to read arbitrary files via a file:// protocol.2015-02-045.0 CVE-2014-9046owncloud -- owncloudMultiple unspecified vulnerabilities in the preview system in ownCloud 6.x before 6.0.6 and 7.x before 7.0.3 allow remote attackers to read arbitrary files via unknown vectors.2015-02-044.3 CVE-2014-9047owncloud -- owncloudThe documents application in ownCloud Server 6.x before 6.0.6 and 7.x before 7.0.3 allows remote attackers to bypass the password-protection for shared files via the API.2015-02-045.0 CVE-2014-9048owncloud -- owncloudThe documents application in ownCloud Server 6.x before 6.0.6 and 7.x before 7.0.3 allows remote authenticated users to obtain all valid session IDs via an unspecified API method.2015-02-044.0 CVE-2014-9049privoxy -- privoxyjcc.c in Privoxy before 3.0.23 allows remote attackers to cause a denial of service (abort) via a crafted chunk-encoded body.2015-02-035.0 CVE-2015-1380
MLIST
MLIST
CONFIRMprivoxy -- privoxyMultiple unspecified vulnerabilities in pcrs.c in Privoxy before 3.0.23 allow remote attackers to cause a denial of service (segmentation fault or memory consumption) via unspecified vectors.2015-02-035.0 CVE-2015-1381
MLIST
MLIST
DEBIAN
SECUNIA
CONFIRM
CONFIRMprivoxy -- privoxyparsers.c in Privoxy before 3.0.23 allows remote attackers to cause a denial of service (invalid read and crash) via vectors related to an HTTP time header.2015-02-035.0 CVE-2015-1382
MLIST
MLIST
DEBIAN
SECUNIA
CONFIRM
CONFIRMqpr -- portalMultiple cross-site scripting (XSS) vulnerabilities in the note-creation page in QPR Portal 2014.1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) title or (2) body field.2015-01-314.3 CVE-2014-8266qpr -- portalCross-site scripting (XSS) vulnerability in QPR Portal 2014.1.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the RID parameter.2015-01-314.3 CVE-2014-8267qpr -- portalQPR Portal before 2012.2.1 allows remote attackers to modify or delete notes via a direct request.2015-01-316.4 CVE-2014-8268roundcube -- webmailprogram/lib/Roundcube/rcube_washtml.php in Roundcube before 1.0.5 does not properly quote strings, which allows remote attackers to conduct cross-site scripting (XSS) attacks via the style attribute in an email.2015-02-034.3 CVE-2015-1433
BID
MLIST
MLIST
CONFIRMsiemens -- scalance_x-200_series_firmwareThe web server on Siemens SCALANCE X-200IRT switches with firmware before 5.2.0 allows remote attackers to hijack sessions via unspecified vectors.2015-02-026.8 CVE-2015-1049siemens -- ruggedcom_firmwareSiemens Ruggedcom WIN51xx devices with firmware before SS4.4.4624.35, WIN52xx devices with firmware before SS4.4.4624.35, WIN70xx devices with firmware before BS4.4.4621.32, and WIN72xx devices with firmware before BS4.4.4621.32 allow context-dependent attackers to discover password hashes by reading (1) files or (2) security logs.2015-02-025.0 CVE-2015-1357snipsnap -- snipsnapCross-site scripting (XSS) vulnerability in SnipSnap 0.5.2a, 1.0b1, and 1.0b2 allows remote attackers to inject arbitrary web script or HTML via the query parameter to /snipsnap-search.2015-02-034.3 CVE-2014-9559
MISC
FULLDISCsymantec -- encryption_management_serverThe key-management component in Symantec PGP Universal Server and Encryption Management Server before 3.3.2 MP7 allows remote attackers to trigger unintended content in outbound e-mail messages via a crafted key UID value in an inbound e-mail message, as demonstrated by the outbound Subject header.2015-01-315.0 CVE-2014-7287
BIDvmware -- vsphere_data_protectionVMware vSphere Data Protection (VDP) 5.1, 5.5 before 5.5.9, and 5.8 before 5.8.1 does not properly verify X.509 certificates from vCenter Server SSL servers, which allows man-in-the-middle attackers to spoof servers, and bypass intended backup and restore access restrictions, via a crafted certificate.2015-01-314.3 CVE-2014-4632web-dorado -- photo_gallerySQL injection vulnerability in the Photo Gallery plugin before 1.2.11 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the asc_or_desc parameter in a create gallery request in the galleries_bwg page to wp-admin/admin.php.2015-02-026.5 CVE-2015-1393
CONFIRM
BUGTRAQzohocorp -- manageengine_desktop_centralCross-site request forgery (CSRF) vulnerability in ZOHO ManageEngine Desktop Central before 9 build 90130 allows remote attackers to hijack the authentication of administrators for requests that add an administrator account via an addUser action to STATE_ID/1417736606982/roleMgmt.do.2015-02-046.8 CVE-2014-9331
BID
BUGTRAQ
EXPLOIT-DB
MISCzohocorp -- servicedesk_plusSQL injection vulnerability in reports/CreateReportTable.jsp in ZOHO ManageEngine ServiceDesk Plus (SDP) before 9.0 build 9031 allows remote authenticated users to execute arbitrary SQL commands via the site parameter.2015-02-046.5 CVE-2015-1479
BID
MISC
EXPLOIT-DB
MISC Back to top

Low Vulnerabilities

Primary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoapple -- mac_os_xThe App Store process in CommerceKit Framework in Apple OS X before 10.10.2 places Apple ID credentials in App Store logs, which allows local users to obtain sensitive information by reading a file.2015-01-302.1 CVE-2014-4499apple -- mac_os_xLoginWindow in Apple OS X before 10.10.2 does not transition to the lock-screen state immediately upon being woken from sleep, which allows physically proximate attackers to obtain sensitive information by reading the screen.2015-01-302.1 CVE-2014-8827
XFapple -- mac_os_xSpotlightIndex in Apple OS X before 10.10.2 does not properly perform deserialization during access to a permission cache, which allows local users to read search results associated with other users' protected files via a Spotlight query.2015-01-302.1 CVE-2014-8833
XFapple -- mac_os_xUserAccountUpdater in Apple OS X 10.10 before 10.10.2 stores a PDF document's password in a printing preference file, which allows local users to obtain sensitive information by reading a file.2015-01-302.1 CVE-2014-8834fortinet -- fortiosMultiple cross-site scripting (XSS) vulnerabilities in Fortinet FortiOS 5.0 Patch 7 build 4457 allow remote authenticated users to inject arbitrary web script or HTML via the (1) WTP Name or (2) WTP Active Software Version field in a CAPWAP Join request.2015-02-023.5 CVE-2015-1451
MISC
FULLDISCowncloud -- owncloudCross-site scripting (XSS) vulnerability in the import functionality in the bookmarks application in ownCloud before 5.0.18, 6.x before 6.0.6, and 7.x before 7.0.3 allows remote authenticated users to inject arbitrary web script or HTML by importing a link with an unspecified protocol. NOTE: this can be leveraged by remote attackers using CVE-2014-9041.2015-02-043.5 CVE-2014-9042puppetlabs -- rabbitmqpuppetlabs-rabbitmq 3.0 through 4.1 stores the RabbitMQ Erlang cookie value in the facts of a node, which allows local users to obtain sensitive information as demonstrated by using Facter.2015-02-032.1 CVE-2014-9568 Back to top
This product is provided subject to this Notification and this Privacy & Use policy.

More...