Weekly Vulnerabilities Reports > January 26 to February 1, 2015
Overview
113 new vulnerabilities reported during this period, including 17 critical vulnerabilities and 32 high severity vulnerabilities. This weekly summary report vulnerabilities in 77 products from 40 vendors including Apple, Google, IBM, Opensuse, and Vmware. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Permissions, Privileges, and Access Controls", "Cross-site Scripting", "Improper Access Control", and "Data Processing Errors".
- 96 reported vulnerabilities are remotely exploitables.
- 14 reported vulnerabilities have public exploit available.
- 30 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 103 reported vulnerabilities are exploitable by an anonymous user.
- Apple has the most reported vulnerabilities, with 47 reported vulnerabilities.
- Apple has the most reported critical vulnerabilities, with 14 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
17 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2015-01-30 | CVE-2014-8836 | Apple | Improper Input Validation vulnerability in Apple mac OS X The Bluetooth driver in Apple OS X before 10.10.2 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (arbitrary-size bzero of kernel memory) via a crafted app. | 10.0 |
2015-01-30 | CVE-2014-8824 | Apple | Improper Input Validation vulnerability in Apple mac OS X The kernel in Apple OS X before 10.10.2 does not properly validate IODataQueue object metadata fields, which allows attackers to execute arbitrary code in a privileged context via a crafted app. | 10.0 |
2015-01-30 | CVE-2014-8822 | Apple | Data Processing Errors vulnerability in Apple mac OS X IOHIDFamily in Apple OS X before 10.10.2 allows attackers to execute arbitrary code in a kernel context or cause a denial of service (write to kernel memory) via a crafted app that calls an unspecified user-client method. | 10.0 |
2015-01-30 | CVE-2014-8817 | Apple | Data Processing Errors vulnerability in Apple mac OS X coresymbolicationd in CoreSymbolication in Apple OS X before 10.10.2 does not verify that expected data types are present in XPC messages, which allows attackers to execute arbitrary code in a privileged context via a crafted app, as demonstrated by lack of verification of xpc_dictionary_get_value API return values during handling of a (1) match_mmap_archives, (2) delete_mmap_archives, (3) write_mmap_archive, or (4) read_mmap_archive command. | 10.0 |
2015-01-30 | CVE-2014-4497 | Apple | Numeric Errors vulnerability in Apple mac OS X Integer signedness error in IOBluetoothFamily in the Bluetooth implementation in Apple OS X before 10.10 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (write to kernel memory) via a crafted app. | 10.0 |
2015-01-30 | CVE-2014-4495 | Apple | Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS, mac OS X and Tvos The kernel in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not enforce the read-only attribute of a shared memory segment during use of a custom cache mode, which allows attackers to bypass intended access restrictions via a crafted app. | 10.0 |
2015-01-30 | CVE-2014-4489 | Apple | Unspecified vulnerability in Apple Iphone OS, mac OS X and Tvos IOHIDFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not properly initialize event queues, which allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app. | 10.0 |
2015-01-30 | CVE-2014-4488 | Apple | Data Processing Errors vulnerability in Apple Iphone OS, mac OS X and Tvos IOHIDFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not properly validate resource-queue metadata, which allows attackers to execute arbitrary code in a privileged context via a crafted app. | 10.0 |
2015-01-30 | CVE-2014-4487 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, mac OS X and Tvos Buffer overflow in IOHIDFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows attackers to execute arbitrary code in a privileged context via a crafted app. | 10.0 |
2015-01-30 | CVE-2014-4486 | Apple | Unspecified vulnerability in Apple Iphone OS, mac OS X and Tvos IOAcceleratorFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not properly handle resource lists and IOService userclient types, which allows attackers to execute arbitrary code or cause a denial of service (NULL pointer dereference) via a crafted app. | 10.0 |
2015-01-30 | CVE-2014-4480 | Apple | Link Following vulnerability in Apple Iphone OS and Tvos Directory traversal vulnerability in afc in AppleFileConduit in Apple iOS before 8.1.3 and Apple TV before 7.0.3 allows attackers to access unintended filesystem locations by creating a symlink. | 10.0 |
2015-01-27 | CVE-2014-9198 | Schneider Electric | Credentials Management vulnerability in Schneider-Electric products The FTP server on the Schneider Electric ETG3000 FactoryCast HMI Gateway with firmware through 1.60 IR 04 has hardcoded credentials, which makes it easier for remote attackers to obtain access via an FTP session. | 10.0 |
2015-01-30 | CVE-2014-9161 | Adobe Apple Microsoft | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Adobe Acrobat and Acrobat Reader CoolType.dll in Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows, and 10.x through 10.1.13 and 11.x through 11.0.10 on OS X, allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted PDF document. | 9.3 |
2015-01-30 | CVE-2014-8837 | Apple | Unspecified vulnerability in Apple mac OS X Multiple unspecified vulnerabilities in the Bluetooth driver in Apple OS X before 10.10.2 allow attackers to execute arbitrary code in a privileged context via a crafted app. | 9.3 |
2015-01-30 | CVE-2014-8835 | Apple | Data Processing Errors vulnerability in Apple mac OS X 10.10.0/10.10.1 The xpc_data_get_bytes function in libxpc in Apple OS X before 10.10.2 does not verify that a dictionary's Attributes key has the xpc_data data type, which allows attackers to execute arbitrary code by providing a crafted dictionary to sysmond, related to an "XPC type confusion" issue. | 9.3 |
2015-01-28 | CVE-2015-0312 | Adobe | Double Free vulnerability in Adobe Flash Player Double free vulnerability in Adobe Flash Player before 13.0.0.264 and 14.x through 16.x before 16.0.0.296 on Windows and OS X and before 11.2.202.440 on Linux allows attackers to execute arbitrary code via unspecified vectors. | 9.3 |
2015-02-01 | CVE-2014-7288 | Symantec | Permissions, Privileges, and Access Controls vulnerability in Symantec Encryption Management Server and PGP Universal Server Symantec PGP Universal Server and Encryption Management Server before 3.3.2 MP7 allow remote authenticated administrators to execute arbitrary shell commands via a crafted command line in a database-backup restore action. | 9.0 |
32 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2015-02-01 | CVE-2015-0869 | I O Data Device | Permissions, Privileges, and Access Controls vulnerability in I-O Data Device Np-Bbrm I-O DATA DEVICE NP-BBRM routers allow remote attackers to cause a denial of service (SSDP reflection) via UPnP requests. | 7.8 |
2015-02-01 | CVE-2014-7266 | Cybozu | Resource Management Errors vulnerability in Cybozu Remote Service Manager Algorithmic complexity vulnerability in Cybozu Remote Service Manager through 2.3.0 and 3.x through 3.1.2 allows remote attackers to cause a denial of service (CPU consumption) via vectors that trigger colliding hash-table keys. | 7.8 |
2015-01-28 | CVE-2015-0586 | Cisco | Resource Management Errors vulnerability in Cisco IOS The Network-Based Application Recognition (NBAR) protocol implementation in Cisco IOS 15.3(100)M and earlier on Cisco 2900 Integrated Services Router (aka Cisco Internet Router) devices allows remote attackers to cause a denial of service (NBAR process hang) via IPv4 packets, aka Bug ID CSCuo73682. | 7.8 |
2015-01-27 | CVE-2014-9197 | Schneider Electric | Improper Access Control vulnerability in Schneider-Electric products The Schneider Electric ETG3000 FactoryCast HMI Gateway with firmware before 1.60 IR 04 stores rde.jar under the web root with insufficient access control, which allows remote attackers to obtain sensitive setup and configuration information via a direct request. | 7.8 |
2015-02-01 | CVE-2015-0868 | Shiromuku | Arbitrary File Creation vulnerability in shiromuku(bu2)BBS Unrestricted file upload vulnerability in Mrs. | 7.5 |
2015-02-01 | CVE-2014-9200 | Schneider Electric | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Schneider-Electric products Stack-based buffer overflow in an unspecified DLL file in a DTM development kit in Schneider Electric Unity Pro, SoMachine, SoMove, SoMove Lite, Modbus Communication Library 2.2.6 and earlier, CANopen Communication Library 1.0.2 and earlier, EtherNet/IP Communication Library 1.0.0 and earlier, EM X80 Gateway DTM (MB TCP/SL), Advantys DTM for OTB, Advantys DTM for STB, KINOS DTM, SOLO DTM, and Xantrex DTMs allows remote attackers to execute arbitrary code via unspecified vectors. | 7.5 |
2015-01-30 | CVE-2014-8829 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X SceneKit in Apple OS X before 10.10.2 allows attackers to execute arbitrary code or cause a denial of service (out-of-bounds write) via a crafted app. | 7.5 |
2015-01-30 | CVE-2014-8828 | Apple | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X Sandbox in Apple OS X before 10.10 allows attackers to write to the sandbox-profile cache via a sandboxed app that includes a com.apple.sandbox segment in a path. | 7.5 |
2015-01-30 | CVE-2014-4493 | Apple | Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS The app-installation functionality in MobileInstallation in Apple iOS before 8.1.3 allows attackers to obtain control of the local app container by leveraging access to an enterprise distribution certificate for signing a crafted app. | 7.5 |
2015-01-30 | CVE-2014-4492 | Apple | Data Processing Errors vulnerability in Apple Iphone OS, mac OS X and Tvos libnetcore in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not verify that certain values have the expected data type, which allows attackers to execute arbitrary code in an _networkd context via a crafted XPC message from a sandboxed app, as demonstrated by lack of verification of the XPC dictionary data type. | 7.5 |
2015-01-30 | CVE-2014-4485 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, mac OS X and Tvos Buffer overflow in the XML parser in Foundation in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted XML document. | 7.5 |
2015-01-30 | CVE-2014-4484 | Apple | Data Processing Errors vulnerability in Apple Iphone OS, mac OS X and Tvos FontParser in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted .dfont file. | 7.5 |
2015-01-28 | CVE-2015-0581 | Cisco | XML External Entity Injection vulnerability in Cisco Prime Service Catalog 9.4.1Vortex The XML parser in Cisco Prime Service Catalog before 10.1 allows remote authenticated users to read arbitrary files or cause a denial of service (CPU and memory consumption) via an external entity declaration in conjunction with an entity reference, as demonstrated by reading private keys, related to an XML External Entity (XXE) issue, aka Bug ID CSCup92880. | 7.5 |
2015-01-28 | CVE-2015-1375 | Pixabay Images Project | Permissions, Privileges, and Access Controls vulnerability in Pixabay Images Project Pixabay Images 2.3 pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress does not properly restrict access to the upload functionality, which allows remote attackers to write to arbitrary files. | 7.5 |
2015-01-27 | CVE-2015-1182 | Opensuse Polarssl | The asn1_get_sequence_of function in library/asn1parse.c in PolarSSL 1.0 through 1.2.12 and 1.3.x through 1.3.9 does not properly initialize a pointer in the asn1_sequence linked list, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ASN.1 sequence in a certificate. | 7.5 |
2015-01-27 | CVE-2014-8154 | Gnome Opensuse | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The Gst.MapInfo function in Vala 0.26.0 and 0.26.1 uses an incorrect buffer length declaration for the Gstreamer bindings, which allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via unspecified vectors, which trigger a heap-based buffer overflow. | 7.5 |
2015-01-27 | CVE-2015-1372 | Ferretcms Project | SQL Injection vulnerability in Ferretcms Project Ferretcms 1.0.4 SQL injection vulnerability in ferretCMS 1.0.4-alpha allows remote attackers to execute arbitrary SQL commands via the p parameter in an update action to admin.php. | 7.5 |
2015-01-27 | CVE-2015-1371 | Ferretcms Project | Improper Input Validation vulnerability in Ferretcms Project Ferretcms 1.0.4 Unrestricted file upload vulnerability in ferretCMS 1.0.4-alpha allows remote administrators to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in custom/uploads/. | 7.5 |
2015-01-27 | CVE-2015-1369 | Sequelize Project | SQL Injection vulnerability in Sequelize Project Sequelize SQL injection vulnerability in Sequelize before 2.0.0-rc7 for Node.js allows remote attackers to execute arbitrary SQL commands via the order parameter. | 7.5 |
2015-01-27 | CVE-2015-1367 | Catbot Project | SQL Injection vulnerability in Catbot Project Catbot 0.4.2 SQL injection vulnerability in index.php in CatBot 0.4.2 allows remote attackers to execute arbitrary SQL commands via the lastcatbot parameter. | 7.5 |
2015-01-27 | CVE-2015-1364 | Freereprintables | SQL Injection vulnerability in Freereprintables Articlefr 3.0.5 SQL injection vulnerability in the getProfile function in system/profile.functions.php in Free Reprintables ArticleFR 3.0.5 allows remote attackers to execute arbitrary SQL commands via the username parameter to register/. | 7.5 |
2015-01-27 | CVE-2015-1362 | TWO Pilots | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in TWO Pilots Exif Pilot 4.7.2 Buffer overflow in the Customize 35mm tab in Two Pilots Exif Pilot 4.7.2 allows remote attackers to execute arbitrary code via a long string in the maker element in an XML file. | 7.5 |
2015-01-27 | CVE-2015-1360 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Chrome Skia, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via crafted data that is improperly handled during text drawing, related to gpu/GrBitmapTextContext.cpp and gpu/GrDistanceFieldTextContext.cpp, a different vulnerability than CVE-2015-1205. | 7.5 | |
2015-01-27 | CVE-2015-0231 | PHP | Incomplete Fix Use After Free Remote Code Execution vulnerability in PHP Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling of duplicate numerical keys within the serialized properties of an object. | 7.5 |
2015-01-26 | CVE-2014-9572 | Mantisbt | Improper Access Control vulnerability in Mantisbt MantisBT before 1.2.19 and 1.3.x before 1.3.0-beta.2 does not properly restrict access to /*/install.php, which allows remote attackers to obtain database credentials via the install parameter with the value 4. | 7.5 |
2015-01-26 | CVE-2014-8157 | Opensuse Debian Redhat Jasper Project | Numeric Errors vulnerability in multiple products Off-by-one error in the jpc_dec_process_sot function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 image, which triggers a heap-based buffer overflow. | 7.5 |
2015-01-30 | CVE-2014-8825 | Apple | Improper Input Validation vulnerability in Apple mac OS X The kernel in Apple OS X before 10.10.2 does not properly perform identitysvc validation of certain directory-service functionality, which allows local users to gain privileges or spoof directory-service responses via unspecified vectors. | 7.2 |
2015-01-30 | CVE-2014-8821 | Apple | Unspecified vulnerability in Apple mac OS X The Intel Graphics Driver in Apple OS X before 10.10.2 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2014-8819 and CVE-2014-8820. | 7.2 |
2015-01-30 | CVE-2014-8820 | Apple | Unspecified vulnerability in Apple mac OS X The Intel Graphics Driver in Apple OS X before 10.10.2 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2014-8819 and CVE-2014-8821. | 7.2 |
2015-01-30 | CVE-2014-8819 | Apple | Unspecified vulnerability in Apple mac OS X The Intel Graphics Driver in Apple OS X before 10.10.2 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2014-8820 and CVE-2014-8821. | 7.2 |
2015-01-28 | CVE-2014-8920 | IBM | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in IBM I Access 5R4/6.1/7.1 Buffer overflow in the Data Transfer Program in IBM i Access 5770-XE1 5R4, 6.1, and 7.1 on Windows allows local users to gain privileges via unspecified vectors. | 7.2 |
2015-01-26 | CVE-2014-8148 | Opensuse Midgard Project | Permissions, Privileges, and Access Controls vulnerability in multiple products The default D-Bus access control rule in Midgard2 10.05.7.1 allows local users to send arbitrary method calls or signals to any process on the system bus and possibly execute arbitrary code with root privileges. | 7.2 |
57 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2015-02-01 | CVE-2014-7270 | Asus | Cross-Site Request Forgery (CSRF) vulnerability in Asus products Cross-site request forgery (CSRF) vulnerability on ASUS JAPAN RT-AC87U routers with firmware 3.0.0.4.378.3754 and earlier, RT-AC68U routers with firmware 3.0.0.4.376.3715 and earlier, RT-AC56S routers with firmware 3.0.0.4.376.3715 and earlier, RT-N66U routers with firmware 3.0.0.4.376.3715 and earlier, and RT-N56U routers with firmware 3.0.0.4.376.3715 and earlier allows remote attackers to hijack the authentication of arbitrary users. | 6.8 |
2015-02-01 | CVE-2015-0926 | Labtech Software | Improper Access Control vulnerability in Labtech Software Labtech 55.170 Labtech before 100.237 on Linux uses world-writable permissions for root-executed scripts, which allows local users to gain privileges by modifying a script file. | 6.8 |
2015-01-30 | CVE-2014-8840 | Apple | Cryptographic Issues vulnerability in Apple Iphone OS The iTunes Store component in Apple iOS before 8.1.3 allows remote attackers to bypass a Safari sandbox protection mechanism by leveraging redirection of an SSL URL to the iTunes Store. | 6.8 |
2015-01-30 | CVE-2014-8830 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X Heap-based buffer overflow in SceneKit in Apple OS X before 10.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted accessor element in a Collada file. | 6.8 |
2015-01-30 | CVE-2014-8816 | Apple | Resource Management Errors vulnerability in Apple mac OS X CoreGraphics in Apple OS X before 10.10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted PDF document. | 6.8 |
2015-01-30 | CVE-2014-4494 | Apple | Improper Input Validation vulnerability in Apple Iphone OS Springboard in Apple iOS before 8.1.3 does not properly validate signatures when determining whether to solicit an app trust decision from the user, which allows attackers to bypass intended first-launch restrictions by leveraging access to an enterprise distribution certificate for signing a crafted app. | 6.8 |
2015-01-30 | CVE-2014-4483 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, mac OS X and Tvos Buffer overflow in FontParser in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted font file in a PDF document. | 6.8 |
2015-01-30 | CVE-2014-4481 | Apple | Numeric Errors vulnerability in Apple Iphone OS, mac OS X and Tvos Integer overflow in CoreGraphics in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document. | 6.8 |
2015-01-30 | CVE-2014-4479 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products WebKit, as used in Apple iOS before 8.1.3; Apple Safari before 6.2.3, 7.x before 7.1.3, and 8.x before 8.0.3; and Apple TV before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-4476 and CVE-2014-4477. | 6.8 |
2015-01-30 | CVE-2014-4477 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products WebKit, as used in Apple iOS before 8.1.3; Apple Safari before 6.2.3, 7.x before 7.1.3, and 8.x before 8.0.3; and Apple TV before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-4476 and CVE-2014-4479. | 6.8 |
2015-01-30 | CVE-2014-4476 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products WebKit, as used in Apple iOS before 8.1.3; Apple Safari before 6.2.3, 7.x before 7.1.3, and 8.x before 8.0.3; and Apple TV before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-4477 and CVE-2014-4479. | 6.8 |
2015-01-29 | CVE-2015-1424 | Jakweb | Cross-Site Request Forgery (CSRF) vulnerability in Jakweb Gecko CMS 2.2/2.3 Cross-site request forgery (CSRF) vulnerability in Gecko CMS 2.2 and 2.3 allows remote attackers to hijack the authentication of administrators for requests that add an administrator user via a newuser request to admin/index.php. | 6.8 |
2015-01-27 | CVE-2014-5211 | Attachmate | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Attachmate Reflection FTP Client 14.1.429 Stack-based buffer overflow in the Attachmate Reflection FTP Client before 14.1.433 allows remote FTP servers to execute arbitrary code via a large PWD response. | 6.8 |
2015-01-27 | CVE-2015-1374 | Ferretcms Project | Cross-Site Request Forgery (CSRF) vulnerability in Ferretcms Project Ferretcms 1.0.4 Multiple cross-site request forgery (CSRF) vulnerabilities in admin.php in ferretCMS 1.0.4-alpha allow remote attackers to hijack the authentication of administrators for requests that conduct (1) cross-site scripting (XSS), (2) SQL injection, or (3) unrestricted file upload attacks. | 6.8 |
2015-01-27 | CVE-2015-1361 | Code vulnerability in Google Chrome platform/image-decoders/ImageFrame.h in Blink, as used in Google Chrome before 40.0.2214.91, does not initialize a variable that is used in calls to the Skia SkBitmap::setAlphaType function, which might allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted HTML document, a different vulnerability than CVE-2015-1205. | 6.8 | |
2015-01-27 | CVE-2015-1359 | Numeric Errors vulnerability in Google Chrome Multiple off-by-one errors in fpdfapi/fpdf_font/font_int.h in PDFium, as used in Google Chrome before 40.0.2214.91, allow remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted PDF document, related to an "intra-object-overflow" issue, a different vulnerability than CVE-2015-1205. | 6.8 | |
2015-01-27 | CVE-2014-9647 | Denial-Of-Service vulnerability in Chrome Use-after-free vulnerability in PDFium, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF document, related to fpdfsdk/src/fpdfview.cpp and fpdfsdk/src/fsdk_mgr.cpp, a different vulnerability than CVE-2015-1205. | 6.8 | |
2015-01-26 | CVE-2014-8158 | Jasper Project Debian Redhat Opensuse | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Multiple stack-based buffer overflows in jpc_qmfb.c in JasPer 1.900.1 and earlier allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 image. | 6.8 |
2015-02-01 | CVE-2014-8630 | Mozilla Fedoraproject | Command Injection vulnerability in multiple products Bugzilla before 4.0.16, 4.1.x and 4.2.x before 4.2.12, 4.3.x and 4.4.x before 4.4.7, and 5.x before 5.0rc1 allows remote authenticated users to execute arbitrary commands by leveraging the editcomponents privilege and triggering crafted input to a two-argument Perl open call, as demonstrated by shell metacharacters in a product name. | 6.5 |
2015-02-01 | CVE-2014-7269 | Asus | OS Command Injection vulnerability in Asus products ASUS JAPAN RT-AC87U routers with firmware 3.0.0.4.378.3754 and earlier, RT-AC68U routers with firmware 3.0.0.4.376.3715 and earlier, RT-AC56S routers with firmware 3.0.0.4.376.3715 and earlier, RT-N66U routers with firmware 3.0.0.4.376.3715 and earlier, and RT-N56U routers with firmware 3.0.0.4.376.3715 and earlier allow remote authenticated users to execute arbitrary OS commands via unspecified vectors. | 6.5 |
2015-01-29 | CVE-2015-1423 | Jakweb | SQL Injection vulnerability in Jakweb Gecko CMS 2.2/2.3 Multiple SQL injection vulnerabilities in Gecko CMS 2.2 and 2.3 allow remote administrators to execute arbitrary SQL commands via the (1) jak_delete_log[] or (2) ssp parameter to admin/index.php. | 6.5 |
2015-02-01 | CVE-2014-8268 | QPR | Permissions, Privileges, and Access Controls vulnerability in QPR Portal QPR Portal before 2012.2.1 allows remote attackers to modify or delete notes via a direct request. | 6.4 |
2015-01-29 | CVE-2014-8370 | Vmware | Permissions, Privileges, and Access Controls vulnerability in VMWare products VMware Workstation 10.x before 10.0.5, VMware Player 6.x before 6.0.5, VMware Fusion 6.x before 6.0.5, and VMware ESXi 5.0 through 5.5 allow host OS users to gain host OS privileges or cause a denial of service (arbitrary write to a file) by modifying a configuration file. | 6.4 |
2015-01-26 | CVE-2014-9573 | Mantisbt | SQL Injection vulnerability in Mantisbt SQL injection vulnerability in manage_user_page.php in MantisBT before 1.2.19 and 1.3.x before 1.3.0-beta.2 allows remote administrators with FILE privileges to execute arbitrary SQL commands via the MANTIS_MANAGE_USERS_COOKIE cookie. | 6.0 |
2015-02-01 | CVE-2014-7287 | Symantec | Injection vulnerability in Symantec Encryption Management Server and PGP Universal Server The key-management component in Symantec PGP Universal Server and Encryption Management Server before 3.3.2 MP7 allows remote attackers to trigger unintended content in outbound e-mail messages via a crafted key UID value in an inbound e-mail message, as demonstrated by the outbound Subject header. | 5.0 |
2015-01-30 | CVE-2014-8839 | Apple | Information Exposure vulnerability in Apple mac OS X Spotlight in Apple OS X before 10.10.2 does not enforce the Mail "Load remote content in messages" configuration, which allows remote attackers to discover recipient IP addresses by including an inline image in an HTML e-mail message and logging HTTP requests for this image's URL. | 5.0 |
2015-01-30 | CVE-2014-8831 | Apple | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X security_taskgate in Apple OS X before 10.10.2 allows attackers to read group-ACL-restricted keychain items of arbitrary apps via a crafted app with a signature from a (1) self-signed certificate or (2) Developer ID certificate. | 5.0 |
2015-01-30 | CVE-2014-8826 | Apple | Data Processing Errors vulnerability in Apple mac OS X LaunchServices in Apple OS X before 10.10.2 does not properly handle file-type metadata, which allows attackers to bypass the Gatekeeper protection mechanism via a crafted JAR archive. | 5.0 |
2015-01-30 | CVE-2014-4496 | Apple | Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS and Tvos The mach_port_kobject interface in the kernel in Apple iOS before 8.1.3 and Apple TV before 7.0.3 does not properly restrict kernel-address and heap-permutation information, which makes it easier for attackers to bypass the ASLR protection mechanism via a crafted app. | 5.0 |
2015-01-30 | CVE-2014-4491 | Apple | Information Exposure vulnerability in Apple Iphone OS, mac OS X and Tvos The extension APIs in the kernel in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 do not prevent the presence of addresses within an OSBundleMachOHeaders key in a response, which makes it easier for attackers to bypass the ASLR protection mechanism via a crafted app. | 5.0 |
2015-01-27 | CVE-2015-1365 | Pixabay Images Project | Path Traversal vulnerability in Pixabay Images Project Pixabay Images 2.3 Directory traversal vulnerability in pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress allows remote attackers to write to arbitrary files via a .. | 5.0 |
2015-01-30 | CVE-2014-8832 | Apple | Information Exposure vulnerability in Apple mac OS X The indexing functionality in Spotlight in Apple OS X before 10.10.2 writes memory contents to an external hard drive, which allows local users to obtain sensitive information by reading from this drive. | 4.9 |
2015-01-29 | CVE-2014-8894 | IBM | Open Redirection vulnerability in IBM Tririga Application Platform Open redirect vulnerability in IBM TRIRIGA Application Platform 3.2.1.x, 3.3.2 before 3.3.2.3, and 3.4.1 before 3.4.1.1 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via the out parameter. | 4.9 |
2015-01-30 | CVE-2014-8823 | Apple | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X The IOUSBControllerUserClient::ReadRegister function in the IOUSB controller in IOUSBFamily in Apple OS X before 10.10.2 allows local users to read data from arbitrary kernel-memory locations by leveraging root access and providing a crafted first argument. | 4.7 |
2015-01-30 | CVE-2014-4498 | Apple | Code vulnerability in Apple mac OS X The CPU Software in Apple OS X before 10.10.2 allows physically proximate attackers to modify firmware during the EFI update process by inserting a Thunderbolt device with crafted code in an Option ROM, aka the "Thunderstrike" issue. | 4.7 |
2015-01-27 | CVE-2014-9646 | Permissions, Privileges, and Access Controls vulnerability in Google Chrome Unquoted Windows search path vulnerability in the GoogleChromeDistribution::DoPostUninstallOperations function in installer/util/google_chrome_distribution.cc in the uninstall-survey feature in Google Chrome before 40.0.2214.91 allows local users to gain privileges via a Trojan horse program in the %SYSTEMDRIVE% directory, as demonstrated by program.exe, a different vulnerability than CVE-2015-1205. | 4.6 | |
2015-02-01 | CVE-2015-0870 | Nishishi | Cross-site Scripting vulnerability in Nishishi Fumy News Clipper Cross-site scripting (XSS) vulnerability in hb.cgi in Nishishi Factory Fumy News Clipper 2.x before 2.5.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2015-02-01 | CVE-2014-8267 | QPR | Cross-site Scripting vulnerability in QPR Portal Cross-site scripting (XSS) vulnerability in QPR Portal 2014.1.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the RID parameter. | 4.3 |
2015-02-01 | CVE-2014-8266 | QPR | Cross-site Scripting vulnerability in QPR Portal Multiple cross-site scripting (XSS) vulnerabilities in the note-creation page in QPR Portal 2014.1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) title or (2) body field. | 4.3 |
2015-02-01 | CVE-2014-4632 | Vmware | Cryptographic Issues vulnerability in VMWare Vsphere Data Protection VMware vSphere Data Protection (VDP) 5.1, 5.5 before 5.5.9, and 5.8 before 5.8.1 and the proxy client in EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) 6.x and 7.0.x do not properly verify X.509 certificates from vCenter Server SSL servers, which allows man-in-the-middle attackers to spoof servers, and bypass intended backup and restore access restrictions, via a crafted certificate. | 4.3 |
2015-01-30 | CVE-2014-8838 | Apple | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X The Security component in Apple OS X before 10.10.2 does not properly process cached information about app certificates, which allows attackers to bypass the Gatekeeper protection mechanism by leveraging access to a revoked Developer ID certificate for signing a crafted app. | 4.3 |
2015-01-30 | CVE-2014-4467 | Apple | Code vulnerability in Apple Iphone OS WebKit, as used in Apple iOS before 8.1.3, does not properly determine scrollbar boundaries during the rendering of FRAME elements, which allows remote attackers to spoof the UI via a crafted web site. | 4.3 |
2015-01-29 | CVE-2015-1422 | Jakweb | Cross-site Scripting vulnerability in Jakweb Gecko CMS 2.2/2.3 Multiple cross-site scripting (XSS) vulnerabilities in Gecko CMS 2.2 and 2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) horder[], (2) jak_catid, (3) jak_content, (4) jak_css, (5) jak_delete_log[], (6) jak_email, (7) jak_extfile, (8) jak_file, (9) jak_hookshow[], (10) jak_img, (11) jak_javascript, (12) jak_lcontent, (13) jak_name, (14) jak_password, (15) jak_showcontact, (16) jak_tags, (17) jak_title, (18) jak_url, (19) jak_username, (20) real_hook_id[], (21) sp, (22) sreal_plugin_id[], (23) ssp, or (24) sssp parameter to admin/index.php or the (25) editor, (26) field_id, (27) fldr, (28) lang, (29) popup, (30) subfolder, or (31) type parameter to js/editor/plugins/filemanager/dialog.php. | 4.3 |
2015-01-29 | CVE-2014-8895 | IBM | Permissions, Privileges, and Access Controls vulnerability in IBM Tririga Application Platform IBM TRIRIGA Application Platform 3.2.1.x, 3.3.2 before 3.3.2.3, and 3.4.1 before 3.4.1.1 allows remote attackers to bypass intended access restrictions and read the image files of arbitrary users via a crafted URL. | 4.3 |
2015-01-28 | CVE-2014-8917 | IBM | Cross-site Scripting vulnerability in IBM products Multiple cross-site scripting (XSS) vulnerabilities in (1) dojox/form/resources/uploader.swf (aka upload.swf), (2) dojox/form/resources/fileuploader.swf (aka fileupload.swf), (3) dojox/av/resources/audio.swf, and (4) dojox/av/resources/video.swf in the IBM Dojo Toolkit, as used in IBM Social Media Analytics 1.3 before IF11 and other products, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2015-01-27 | CVE-2015-1373 | Ferretcms Project | Cross-site Scripting vulnerability in Ferretcms Project Ferretcms 1.0.4 Multiple cross-site scripting (XSS) vulnerabilities in admin.php in ferretCMS 1.0.4-alpha allow remote attackers to inject arbitrary web script or HTML via the (1) action parameter in a search request, (2) username in a login request, which is not properly handled when logging the event, or (3) page title in an insert action. | 4.3 |
2015-01-27 | CVE-2015-1370 | Marked Project | Unspecified vulnerability in Marked Project Marked Incomplete blacklist vulnerability in marked 0.3.2 and earlier for Node.js allows remote attackers to conduct cross-site scripting (XSS) attacks via a vbscript tag in a link. | 4.3 |
2015-01-27 | CVE-2015-1368 | Ansible | Cross-site Scripting vulnerability in Ansible Tower Multiple cross-site scripting (XSS) vulnerabilities in Ansible Tower (aka Ansible UI) before 2.0.5 allow remote attackers to inject arbitrary web script or HTML via the (1) order_by parameter to credentials/, (2) inventories/, (3) projects/, or (4) users/3/permissions/ in api/v1/ or the (5) next_run parameter to api/v1/schedules/. | 4.3 |
2015-01-27 | CVE-2015-1366 | Pixabay Images Project | Cross-site Scripting vulnerability in Pixabay Images Project Pixabay Images 2.3 Cross-site scripting (XSS) vulnerability in pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the image_user parameter. | 4.3 |
2015-01-27 | CVE-2015-1363 | Freereprintables | Cross-site Scripting vulnerability in Freereprintables Articlefr 3.0.5 Cross-site scripting (XSS) vulnerability in Free Reprintables ArticleFR 3.0.5 allows remote attackers to inject arbitrary web script or HTML via the q parameter to search/v/. | 4.3 |
2015-01-27 | CVE-2014-9648 | Improper Access Control vulnerability in Google Chrome components/navigation_interception/intercept_navigation_resource_throttle.cc in Google Chrome before 40.0.2214.91 on Android does not properly restrict use of intent: URLs to open an application after navigation to a web site, which allows remote attackers to cause a denial of service (loss of browser access to that site) via crafted JavaScript code, as demonstrated by pandora.com and the Pandora application, a different vulnerability than CVE-2015-1205. | 4.3 | |
2015-01-26 | CVE-2015-1308 | KDE | Information Exposure vulnerability in KDE Kde-Workspace and Plasma-Workspace kde-workspace 4.2.0 and plasma-workspace before 5.1.95 allows remote attackers to obtain input events, and consequently obtain passwords, by leveraging access to the X server when the screen is locked. | 4.3 |
2015-01-26 | CVE-2015-1307 | KDE | Improper Access Control vulnerability in KDE Plasma-Workspace plasma-workspace before 5.1.95 allows remote attackers to obtain passwords via a Trojan horse Look and Feel package. | 4.3 |
2015-01-26 | CVE-2015-1179 | Infinite Automation Systems | Cross-site Scripting vulnerability in Infinite Automation Systems Mango Automation 2.4.0 Multiple cross-site scripting (XSS) vulnerabilities in data_point_details.shtm in Mango Automation 2.4.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) dpid, (2) dpxid, or (3) pid parameter. | 4.3 |
2015-01-26 | CVE-2015-1178 | Qualiteam | Cross-site Scripting vulnerability in Qualiteam X-Cart Multiple cross-site scripting (XSS) vulnerabilities in cart.php in X-Cart 5.1.8 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) product_id or (2) category_id parameter. | 4.3 |
2015-01-26 | CVE-2014-9571 | Mantisbt | Cross-site Scripting vulnerability in Mantisbt Cross-site scripting (XSS) vulnerability in admin/install.php in MantisBT before 1.2.19 and 1.3.x before 1.3.0-beta.2 allows remote attackers to inject arbitrary web script or HTML via the (1) admin_username or (2) admin_password parameter. | 4.3 |
2015-01-28 | CVE-2015-1376 | Pixabay Images Project | Improper Access Control vulnerability in Pixabay Images Project Pixabay Images 2.3 pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress does not validate hostnames, which allows remote authenticated users to write to arbitrary files via an upload URL with a host other than pixabay.com. | 4.0 |
7 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2015-01-29 | CVE-2014-8893 | IBM | Cross-site Scripting vulnerability in IBM Tririga Application Platform Multiple cross-site scripting (XSS) vulnerabilities in (1) mainpage.jsp and (2) GetImageServlet.img in IBM TRIRIGA Application Platform 3.2.1.x, 3.3.2 before 3.3.2.3, and 3.4.1 before 3.4.1.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | 3.5 |
2015-01-29 | CVE-2015-1044 | Vmware | Denial Of Service vulnerability in VMWare Esxi, Player and Workstation vmware-authd (aka the Authorization process) in VMware Workstation 10.x before 10.0.5, VMware Player 6.x before 6.0.5, and VMware ESXi 5.0 through 5.5 allows attackers to cause a host OS denial of service via unspecified vectors. | 3.3 |
2015-01-29 | CVE-2015-1043 | Vmware | Improper Input Validation vulnerability in VMWare Fusion, Player and Workstation The Host Guest File System (HGFS) in VMware Workstation 10.x before 10.0.5, VMware Player 6.x before 6.0.5, and VMware Fusion 6.x before 6.0.5 and 7.x before 7.0.1 allows guest OS users to cause a guest OS denial of service via unspecified vectors. | 3.3 |
2015-01-30 | CVE-2014-8834 | Apple | Information Exposure vulnerability in Apple mac OS X 10.10.0/10.10.1 UserAccountUpdater in Apple OS X 10.10 before 10.10.2 stores a PDF document's password in a printing preference file, which allows local users to obtain sensitive information by reading a file. | 2.1 |
2015-01-30 | CVE-2014-8833 | Apple | Improper Access Control vulnerability in Apple mac OS X SpotlightIndex in Apple OS X before 10.10.2 does not properly perform deserialization during access to a permission cache, which allows local users to read search results associated with other users' protected files via a Spotlight query. | 2.1 |
2015-01-30 | CVE-2014-8827 | Apple | Improper Access Control vulnerability in Apple mac OS X LoginWindow in Apple OS X before 10.10.2 does not transition to the lock-screen state immediately upon being woken from sleep, which allows physically proximate attackers to obtain sensitive information by reading the screen. | 2.1 |
2015-01-30 | CVE-2014-4499 | Apple | Information Exposure vulnerability in Apple mac OS X The App Store process in CommerceKit Framework in Apple OS X before 10.10.2 places Apple ID credentials in App Store logs, which allows local users to obtain sensitive information by reading a file. | 2.1 |