SB15-131: Vulnerability Summary for the Week of May 04, 2015

[The Patriot]

SB15-131: Vulnerability Summary for the Week of May 04, 2015

05-11-2015 03:15 AM

Original release date: May 11, 2015
The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

• High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0
  
• Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9
  
• Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9
  

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.



High Vulnerabilities

Primary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoalienvault -- unified_security_managementThe Framework Daemon in AlienVault Unified Security Management before 4.15 allows remote attackers to execute arbitrary Python code via a crafted plugin configuration file (.cfg).2015-05-019.3CVE-2015-3446
CONFIRM
MISCcisco -- unified_computing_system_central_softwareCisco UCS Central Software 1.2 and earlier allows remote attackers to execute arbitrary commands via a crafted HTTP request, aka Bug ID CSCut46961.2015-05-0610.0CVE-2015-0701
CISCOemc -- autostartftagent.exe in EMC AutoStart 5.4.x and 5.5.x before 5.5.0.508 HF4 allows remote attackers to execute arbitrary commands via crafted packets.2015-05-069.3CVE-2015-0538
CERT-VN
BUGTRAQgoogle -- chromeMultiple unspecified vulnerabilities in Google Chrome before 42.0.2311.135 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.2015-05-017.5CVE-2015-1250
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRMrealtek -- realtek_sdkThe miniigd SOAP service in Realtek SDK allows remote attackers to execute arbitrary code via a crafted NewInternalClient request.2015-05-0110.0CVE-2014-8361
MISC
CONFIRMsamsung -- samsung_security_managerSamsung Security Manager (SSM) before 1.31 allows remote attackers to execute arbitrary code by uploading a file with an HTTP (1) PUT or (2) MOVE request.2015-05-0110.0CVE-2015-3435
MISC
MISCBack to top


Medium Vulnerabilities

Primary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoapple -- safariWebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-1153 and CVE-2015-1154.2015-05-076.8CVE-2015-1152
CONFIRM
APPLEapple -- safariWebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-1152 and CVE-2015-1154.2015-05-076.8CVE-2015-1153
CONFIRM
APPLEapple -- safariWebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-1152 and CVE-2015-1153.2015-05-076.8CVE-2015-1154
CONFIRM
APPLEapple -- safariThe history implementation in WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to bypass the Same Origin Policy and read arbitrary files via a crafted web site.2015-05-074.3CVE-2015-1155
CONFIRM
APPLEapple -- safariThe page-loading implementation in WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, does not properly handle the rel attribute in an A element, which allows remote attackers to bypass the Same Origin Policy for a link's target, and spoof the user interface, via a crafted web site.2015-05-074.3CVE-2015-1156
CONFIRM
APPLEcisco -- finesseMultiple cross-site scripting (XSS) vulnerabilities in Cisco Finesse Server 10.0(1), 10.5(1), 10.6(1), and 11.0(1) allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCut53595.2015-05-024.3CVE-2015-0714
CISCOcisco -- unity_connectionSQL injection vulnerability in the administrative web interface in Cisco Unified Communications Manager 11.0(0.98000.225) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug IDs CSCut33447 and CSCut33608.2015-05-066.5CVE-2015-0715
CISCOcisco -- unity_connectionCross-site request forgery (CSRF) vulnerability in the CUCReports page in Cisco Unity Connection 11.0(0.98000.225) and 11.0(0.98000.332) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCut33659.2015-05-066.8CVE-2015-0716
CISCOdell -- sonicwall_secure_remote_access_firmwareCross-site request forgery (CSRF) vulnerability in the user portal in Dell SonicWALL Secure Remote Access (SRA) products with firmware before 7.5.1.0-38sv and 8.x before 8.0.0.1-16sv allows remote attackers to hijack the authentication of users for requests that create bookmarks via a crafted request to cgi-bin/editBookmark.2015-05-016.8CVE-2015-2248
CONFIRM
MISCelasticsearch -- elasticsearchDirectory traversal vulnerability in Elasticsearch before 1.4.5 and 1.5.x before 1.5.2, when a site plugin is enabled, allows remote attackers to read arbitrary files via unspecified vectors.2015-05-014.3CVE-2015-3337
CONFIRM
BUGTRAQ
DEBIANemc -- sourceone_email_managementEMC SourceOne Email Management before 7.2 does not have a lockout mechanism for invalid login attempts, which makes it easier for remote attackers to obtain access via a brute-force attack.2015-05-065.0CVE-2015-0531
BUGTRAQfoxitsoftware -- enterprise_readerFoxit Reader, Enterprise Reader, and PhantomPDF before 7.1.5 allow remote attackers to cause a denial of service (memory corruption and crash) via a crafted GIF in a PDF file.2015-05-014.3CVE-2015-3632
EXPLOIT-DB
CONFIRM
MISC
MISCfoxitsoftware -- enterprise_readerFoxit Reader, Enterprise Reader, and PhantomPDF before 7.1.5 allow remote attackers to cause a denial of service (memory corruption and crash) via vectors related to digital signatures.2015-05-015.0CVE-2015-3633
CONFIRMhaxx -- curlThe default configuration for cURL and libcurl before 7.42.1 sends custom HTTP headers to both the proxy and destination server, which might allow remote proxy servers to obtain sensitive information by reading the header contents.2015-05-015.0CVE-2015-3153
UBUNTU
DEBIAN
CONFIRMibm -- db2IBM DB2 9.5 through 10.5 on Linux, UNIX, and Windows stores passwords during the processing of certain SQL statements by the monitoring and audit facilities, which allows remote authenticated users to obtain sensitive information via commands associated with these facilities.2015-05-074.0CVE-2014-0919
CONFIRM
AIXAPAR
AIXAPAR
AIXAPAR
AIXAPAR
AIXAPARibm -- rational_license_key_serverThe Administration and Reporting Tool in IBM Rational License Key Server (RLKS) 8.1.4 before 8.1.4.7 allows remote authenticated users to read cookies via unspecified vectors.2015-05-074.0CVE-2015-1907
CONFIRMpython -- pillowThe Jpeg2KImagePlugin plugin in Pillow before 2.5.3 allows remote attackers to cause a denial of service via a crafted image.2015-05-015.0CVE-2014-3598
CONFIRM
SUSEredhat -- enterprise_virtualization_managerRed Hat Enterprise Virtualization (RHEV) Manager before 3.5.1 ignores the permission to deny snapshot creation during live storage migration between domains, which allows remote authenticated users to cause a denial of service (prevent host start) by creating a long snapshot chain.2015-05-016.8CVE-2015-0237
REDHATsiemens -- homecontrol_for_room_automationThe Siemens HomeControl for Room Automation application before 2.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information or modify data via a crafted certificate.2015-05-075.4CVE-2015-3610
CONFIRMBack to top


Low Vulnerabilities

Primary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infokozos -- easyctfCross-site scripting (XSS) vulnerability in EasyCTF before 1.4 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.2015-05-013.5CVE-2015-0913
JVNDB
JVN
CONFIRMredhat -- enterprise_virtualization_managerRed Hat Enterprise Virtualization (RHEV) Manager before 3.5.1 uses weak permissions on the directories shared by the ovirt-engine-dwhd service and a plugin during service startup, which allows local users to obtain sensitive information by reading files in the directory.2015-05-012.1CVE-2015-0257
REDHATBack to top
This product is provided subject to this Notification and this Privacy & Use policy.




More...