Weekly Vulnerabilities Reports > January 26 to February 1, 2015

Overview

119 new vulnerabilities reported during this period, including 18 critical vulnerabilities and 32 high severity vulnerabilities. This weekly summary report vulnerabilities in 101 products from 46 vendors including Apple, Opensuse, Google, IBM, and Vmware. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Permissions, Privileges, and Access Controls", "Cross-site Scripting", "Improper Access Control", and "Information Exposure".

  • 102 reported vulnerabilities are remotely exploitables.
  • 14 reported vulnerabilities have public exploit available.
  • 31 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 108 reported vulnerabilities are exploitable by an anonymous user.
  • Apple has the most reported vulnerabilities, with 48 reported vulnerabilities.
  • Apple has the most reported critical vulnerabilities, with 15 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

18 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2015-01-30 CVE-2014-8836 Apple Improper Input Validation vulnerability in Apple mac OS X

The Bluetooth driver in Apple OS X before 10.10.2 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (arbitrary-size bzero of kernel memory) via a crafted app.

10.0
2015-01-30 CVE-2014-8824 Apple Improper Input Validation vulnerability in Apple mac OS X

The kernel in Apple OS X before 10.10.2 does not properly validate IODataQueue object metadata fields, which allows attackers to execute arbitrary code in a privileged context via a crafted app.

10.0
2015-01-30 CVE-2014-8822 Apple Data Processing Errors vulnerability in Apple mac OS X

IOHIDFamily in Apple OS X before 10.10.2 allows attackers to execute arbitrary code in a kernel context or cause a denial of service (write to kernel memory) via a crafted app that calls an unspecified user-client method.

10.0
2015-01-30 CVE-2014-8817 Apple Data Processing Errors vulnerability in Apple mac OS X

coresymbolicationd in CoreSymbolication in Apple OS X before 10.10.2 does not verify that expected data types are present in XPC messages, which allows attackers to execute arbitrary code in a privileged context via a crafted app, as demonstrated by lack of verification of xpc_dictionary_get_value API return values during handling of a (1) match_mmap_archives, (2) delete_mmap_archives, (3) write_mmap_archive, or (4) read_mmap_archive command.

10.0
2015-01-30 CVE-2014-4497 Apple Numeric Errors vulnerability in Apple mac OS X

Integer signedness error in IOBluetoothFamily in the Bluetooth implementation in Apple OS X before 10.10 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (write to kernel memory) via a crafted app.

10.0
2015-01-30 CVE-2014-4495 Apple Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS, mac OS X and Tvos

The kernel in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not enforce the read-only attribute of a shared memory segment during use of a custom cache mode, which allows attackers to bypass intended access restrictions via a crafted app.

10.0
2015-01-30 CVE-2014-4489 Apple Unspecified vulnerability in Apple Iphone OS, mac OS X and Tvos

IOHIDFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not properly initialize event queues, which allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.

10.0
2015-01-30 CVE-2014-4488 Apple Data Processing Errors vulnerability in Apple Iphone OS, mac OS X and Tvos

IOHIDFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not properly validate resource-queue metadata, which allows attackers to execute arbitrary code in a privileged context via a crafted app.

10.0
2015-01-30 CVE-2014-4487 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, mac OS X and Tvos

Buffer overflow in IOHIDFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows attackers to execute arbitrary code in a privileged context via a crafted app.

10.0
2015-01-30 CVE-2014-4486 Apple Unspecified vulnerability in Apple Iphone OS, mac OS X and Tvos

IOAcceleratorFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not properly handle resource lists and IOService userclient types, which allows attackers to execute arbitrary code or cause a denial of service (NULL pointer dereference) via a crafted app.

10.0
2015-01-30 CVE-2014-4480 Apple Link Following vulnerability in Apple Iphone OS and Tvos

Directory traversal vulnerability in afc in AppleFileConduit in Apple iOS before 8.1.3 and Apple TV before 7.0.3 allows attackers to access unintended filesystem locations by creating a symlink.

10.0
2015-01-28 CVE-2015-0235 GNU
Oracle
Debian
Redhat
Apple
IBM
Out-of-bounds Write vulnerability in multiple products

Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 function, aka "GHOST."

10.0
2015-01-27 CVE-2014-9198 Schneider Electric Credentials Management vulnerability in Schneider-Electric products

The FTP server on the Schneider Electric ETG3000 FactoryCast HMI Gateway with firmware through 1.60 IR 04 has hardcoded credentials, which makes it easier for remote attackers to obtain access via an FTP session.

10.0
2015-01-30 CVE-2014-9161 Adobe
Apple
Microsoft
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Adobe Acrobat and Acrobat Reader

CoolType.dll in Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows, and 10.x through 10.1.13 and 11.x through 11.0.10 on OS X, allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted PDF document.

9.3
2015-01-30 CVE-2014-8837 Apple Unspecified vulnerability in Apple mac OS X

Multiple unspecified vulnerabilities in the Bluetooth driver in Apple OS X before 10.10.2 allow attackers to execute arbitrary code in a privileged context via a crafted app.

9.3
2015-01-30 CVE-2014-8835 Apple Data Processing Errors vulnerability in Apple mac OS X 10.10.0/10.10.1

The xpc_data_get_bytes function in libxpc in Apple OS X before 10.10.2 does not verify that a dictionary's Attributes key has the xpc_data data type, which allows attackers to execute arbitrary code by providing a crafted dictionary to sysmond, related to an "XPC type confusion" issue.

9.3
2015-01-28 CVE-2015-0312 Adobe Double Free vulnerability in Adobe Flash Player

Double free vulnerability in Adobe Flash Player before 13.0.0.264 and 14.x through 16.x before 16.0.0.296 on Windows and OS X and before 11.2.202.440 on Linux allows attackers to execute arbitrary code via unspecified vectors.

9.3
2015-02-01 CVE-2014-7288 Symantec Permissions, Privileges, and Access Controls vulnerability in Symantec Encryption Management Server and PGP Universal Server

Symantec PGP Universal Server and Encryption Management Server before 3.3.2 MP7 allow remote authenticated administrators to execute arbitrary shell commands via a crafted command line in a database-backup restore action.

9.0

32 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2015-02-01 CVE-2015-0869 I O Data Device Permissions, Privileges, and Access Controls vulnerability in I-O Data Device Np-Bbrm

I-O DATA DEVICE NP-BBRM routers allow remote attackers to cause a denial of service (SSDP reflection) via UPnP requests.

7.8
2015-02-01 CVE-2014-7266 Cybozu Resource Management Errors vulnerability in Cybozu Remote Service Manager

Algorithmic complexity vulnerability in Cybozu Remote Service Manager through 2.3.0 and 3.x through 3.1.2 allows remote attackers to cause a denial of service (CPU consumption) via vectors that trigger colliding hash-table keys.

7.8
2015-01-28 CVE-2015-0586 Cisco Resource Management Errors vulnerability in Cisco IOS

The Network-Based Application Recognition (NBAR) protocol implementation in Cisco IOS 15.3(100)M and earlier on Cisco 2900 Integrated Services Router (aka Cisco Internet Router) devices allows remote attackers to cause a denial of service (NBAR process hang) via IPv4 packets, aka Bug ID CSCuo73682.

7.8
2015-01-27 CVE-2014-9197 Schneider Electric Improper Access Control vulnerability in Schneider-Electric products

The Schneider Electric ETG3000 FactoryCast HMI Gateway with firmware before 1.60 IR 04 stores rde.jar under the web root with insufficient access control, which allows remote attackers to obtain sensitive setup and configuration information via a direct request.

7.8
2015-02-01 CVE-2015-0868 Shiromuku Arbitrary File Creation vulnerability in shiromuku(bu2)BBS

Unrestricted file upload vulnerability in Mrs.

7.5
2015-02-01 CVE-2014-9200 Schneider Electric Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Schneider-Electric products

Stack-based buffer overflow in an unspecified DLL file in a DTM development kit in Schneider Electric Unity Pro, SoMachine, SoMove, SoMove Lite, Modbus Communication Library 2.2.6 and earlier, CANopen Communication Library 1.0.2 and earlier, EtherNet/IP Communication Library 1.0.0 and earlier, EM X80 Gateway DTM (MB TCP/SL), Advantys DTM for OTB, Advantys DTM for STB, KINOS DTM, SOLO DTM, and Xantrex DTMs allows remote attackers to execute arbitrary code via unspecified vectors.

7.5
2015-01-30 CVE-2014-8829 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X

SceneKit in Apple OS X before 10.10.2 allows attackers to execute arbitrary code or cause a denial of service (out-of-bounds write) via a crafted app.

7.5
2015-01-30 CVE-2014-8828 Apple Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X

Sandbox in Apple OS X before 10.10 allows attackers to write to the sandbox-profile cache via a sandboxed app that includes a com.apple.sandbox segment in a path.

7.5
2015-01-30 CVE-2014-4493 Apple Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS

The app-installation functionality in MobileInstallation in Apple iOS before 8.1.3 allows attackers to obtain control of the local app container by leveraging access to an enterprise distribution certificate for signing a crafted app.

7.5
2015-01-30 CVE-2014-4492 Apple Data Processing Errors vulnerability in Apple Iphone OS, mac OS X and Tvos

libnetcore in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not verify that certain values have the expected data type, which allows attackers to execute arbitrary code in an _networkd context via a crafted XPC message from a sandboxed app, as demonstrated by lack of verification of the XPC dictionary data type.

7.5
2015-01-30 CVE-2014-4485 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, mac OS X and Tvos

Buffer overflow in the XML parser in Foundation in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted XML document.

7.5
2015-01-30 CVE-2014-4484 Apple Data Processing Errors vulnerability in Apple Iphone OS, mac OS X and Tvos

FontParser in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted .dfont file.

7.5
2015-01-28 CVE-2015-0581 Cisco XML External Entity Injection vulnerability in Cisco Prime Service Catalog 9.4.1Vortex

The XML parser in Cisco Prime Service Catalog before 10.1 allows remote authenticated users to read arbitrary files or cause a denial of service (CPU and memory consumption) via an external entity declaration in conjunction with an entity reference, as demonstrated by reading private keys, related to an XML External Entity (XXE) issue, aka Bug ID CSCup92880.

7.5
2015-01-28 CVE-2015-1375 Pixabay Images Project Permissions, Privileges, and Access Controls vulnerability in Pixabay Images Project Pixabay Images 2.3

pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress does not properly restrict access to the upload functionality, which allows remote attackers to write to arbitrary files.

7.5
2015-01-27 CVE-2015-1182 Opensuse
Polarssl
The asn1_get_sequence_of function in library/asn1parse.c in PolarSSL 1.0 through 1.2.12 and 1.3.x through 1.3.9 does not properly initialize a pointer in the asn1_sequence linked list, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ASN.1 sequence in a certificate.
7.5
2015-01-27 CVE-2014-8154 Gnome
Opensuse
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

The Gst.MapInfo function in Vala 0.26.0 and 0.26.1 uses an incorrect buffer length declaration for the Gstreamer bindings, which allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via unspecified vectors, which trigger a heap-based buffer overflow.

7.5
2015-01-27 CVE-2015-1372 Ferretcms Project SQL Injection vulnerability in Ferretcms Project Ferretcms 1.0.4

SQL injection vulnerability in ferretCMS 1.0.4-alpha allows remote attackers to execute arbitrary SQL commands via the p parameter in an update action to admin.php.

7.5
2015-01-27 CVE-2015-1371 Ferretcms Project Improper Input Validation vulnerability in Ferretcms Project Ferretcms 1.0.4

Unrestricted file upload vulnerability in ferretCMS 1.0.4-alpha allows remote administrators to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in custom/uploads/.

7.5
2015-01-27 CVE-2015-1369 Sequelize Project SQL Injection vulnerability in Sequelize Project Sequelize

SQL injection vulnerability in Sequelize before 2.0.0-rc7 for Node.js allows remote attackers to execute arbitrary SQL commands via the order parameter.

7.5
2015-01-27 CVE-2015-1367 Catbot Project SQL Injection vulnerability in Catbot Project Catbot 0.4.2

SQL injection vulnerability in index.php in CatBot 0.4.2 allows remote attackers to execute arbitrary SQL commands via the lastcatbot parameter.

7.5
2015-01-27 CVE-2015-1364 Freereprintables SQL Injection vulnerability in Freereprintables Articlefr 3.0.5

SQL injection vulnerability in the getProfile function in system/profile.functions.php in Free Reprintables ArticleFR 3.0.5 allows remote attackers to execute arbitrary SQL commands via the username parameter to register/.

7.5
2015-01-27 CVE-2015-1362 TWO Pilots Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in TWO Pilots Exif Pilot 4.7.2

Buffer overflow in the Customize 35mm tab in Two Pilots Exif Pilot 4.7.2 allows remote attackers to execute arbitrary code via a long string in the maker element in an XML file.

7.5
2015-01-27 CVE-2015-1360 Google Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Chrome

Skia, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via crafted data that is improperly handled during text drawing, related to gpu/GrBitmapTextContext.cpp and gpu/GrDistanceFieldTextContext.cpp, a different vulnerability than CVE-2015-1205.

7.5
2015-01-27 CVE-2015-0231 PHP Incomplete Fix Use After Free Remote Code Execution vulnerability in PHP

Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling of duplicate numerical keys within the serialized properties of an object.

7.5
2015-01-26 CVE-2014-9572 Mantisbt Improper Access Control vulnerability in Mantisbt

MantisBT before 1.2.19 and 1.3.x before 1.3.0-beta.2 does not properly restrict access to /*/install.php, which allows remote attackers to obtain database credentials via the install parameter with the value 4.

7.5
2015-01-26 CVE-2014-8157 Opensuse
Debian
Redhat
Jasper Project
Numeric Errors vulnerability in multiple products

Off-by-one error in the jpc_dec_process_sot function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 image, which triggers a heap-based buffer overflow.

7.5
2015-01-30 CVE-2014-8825 Apple Improper Input Validation vulnerability in Apple mac OS X

The kernel in Apple OS X before 10.10.2 does not properly perform identitysvc validation of certain directory-service functionality, which allows local users to gain privileges or spoof directory-service responses via unspecified vectors.

7.2
2015-01-30 CVE-2014-8821 Apple Unspecified vulnerability in Apple mac OS X

The Intel Graphics Driver in Apple OS X before 10.10.2 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2014-8819 and CVE-2014-8820.

7.2
2015-01-30 CVE-2014-8820 Apple Unspecified vulnerability in Apple mac OS X

The Intel Graphics Driver in Apple OS X before 10.10.2 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2014-8819 and CVE-2014-8821.

7.2
2015-01-30 CVE-2014-8819 Apple Unspecified vulnerability in Apple mac OS X

The Intel Graphics Driver in Apple OS X before 10.10.2 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2014-8820 and CVE-2014-8821.

7.2
2015-01-28 CVE-2014-8920 IBM Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in IBM I Access 5R4/6.1/7.1

Buffer overflow in the Data Transfer Program in IBM i Access 5770-XE1 5R4, 6.1, and 7.1 on Windows allows local users to gain privileges via unspecified vectors.

7.2
2015-01-26 CVE-2014-8148 Opensuse
Midgard Project
Permissions, Privileges, and Access Controls vulnerability in multiple products

The default D-Bus access control rule in Midgard2 10.05.7.1 allows local users to send arbitrary method calls or signals to any process on the system bus and possibly execute arbitrary code with root privileges.

7.2

61 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2015-02-01 CVE-2014-7270 Asus Cross-Site Request Forgery (CSRF) vulnerability in Asus products

Cross-site request forgery (CSRF) vulnerability on ASUS JAPAN RT-AC87U routers with firmware 3.0.0.4.378.3754 and earlier, RT-AC68U routers with firmware 3.0.0.4.376.3715 and earlier, RT-AC56S routers with firmware 3.0.0.4.376.3715 and earlier, RT-N66U routers with firmware 3.0.0.4.376.3715 and earlier, and RT-N56U routers with firmware 3.0.0.4.376.3715 and earlier allows remote attackers to hijack the authentication of arbitrary users.

6.8
2015-02-01 CVE-2015-0926 Labtech Software Improper Access Control vulnerability in Labtech Software Labtech 55.170

Labtech before 100.237 on Linux uses world-writable permissions for root-executed scripts, which allows local users to gain privileges by modifying a script file.

6.8
2015-01-30 CVE-2014-8840 Apple Cryptographic Issues vulnerability in Apple Iphone OS

The iTunes Store component in Apple iOS before 8.1.3 allows remote attackers to bypass a Safari sandbox protection mechanism by leveraging redirection of an SSL URL to the iTunes Store.

6.8
2015-01-30 CVE-2014-8830 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X

Heap-based buffer overflow in SceneKit in Apple OS X before 10.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted accessor element in a Collada file.

6.8
2015-01-30 CVE-2014-8816 Apple Resource Management Errors vulnerability in Apple mac OS X

CoreGraphics in Apple OS X before 10.10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted PDF document.

6.8
2015-01-30 CVE-2014-4494 Apple Improper Input Validation vulnerability in Apple Iphone OS

Springboard in Apple iOS before 8.1.3 does not properly validate signatures when determining whether to solicit an app trust decision from the user, which allows attackers to bypass intended first-launch restrictions by leveraging access to an enterprise distribution certificate for signing a crafted app.

6.8
2015-01-30 CVE-2014-4483 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, mac OS X and Tvos

Buffer overflow in FontParser in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted font file in a PDF document.

6.8
2015-01-30 CVE-2014-4481 Apple Numeric Errors vulnerability in Apple Iphone OS, mac OS X and Tvos

Integer overflow in CoreGraphics in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document.

6.8
2015-01-30 CVE-2014-4479 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products

WebKit, as used in Apple iOS before 8.1.3; Apple Safari before 6.2.3, 7.x before 7.1.3, and 8.x before 8.0.3; and Apple TV before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-4476 and CVE-2014-4477.

6.8
2015-01-30 CVE-2014-4477 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products

WebKit, as used in Apple iOS before 8.1.3; Apple Safari before 6.2.3, 7.x before 7.1.3, and 8.x before 8.0.3; and Apple TV before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-4476 and CVE-2014-4479.

6.8
2015-01-30 CVE-2014-4476 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products

WebKit, as used in Apple iOS before 8.1.3; Apple Safari before 6.2.3, 7.x before 7.1.3, and 8.x before 8.0.3; and Apple TV before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-4477 and CVE-2014-4479.

6.8
2015-01-29 CVE-2015-1424 Jakweb Cross-Site Request Forgery (CSRF) vulnerability in Jakweb Gecko CMS 2.2/2.3

Cross-site request forgery (CSRF) vulnerability in Gecko CMS 2.2 and 2.3 allows remote attackers to hijack the authentication of administrators for requests that add an administrator user via a newuser request to admin/index.php.

6.8
2015-01-27 CVE-2014-5211 Attachmate Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Attachmate Reflection FTP Client 14.1.429

Stack-based buffer overflow in the Attachmate Reflection FTP Client before 14.1.433 allows remote FTP servers to execute arbitrary code via a large PWD response.

6.8
2015-01-27 CVE-2015-1374 Ferretcms Project Cross-Site Request Forgery (CSRF) vulnerability in Ferretcms Project Ferretcms 1.0.4

Multiple cross-site request forgery (CSRF) vulnerabilities in admin.php in ferretCMS 1.0.4-alpha allow remote attackers to hijack the authentication of administrators for requests that conduct (1) cross-site scripting (XSS), (2) SQL injection, or (3) unrestricted file upload attacks.

6.8
2015-01-27 CVE-2015-1361 Google Code vulnerability in Google Chrome

platform/image-decoders/ImageFrame.h in Blink, as used in Google Chrome before 40.0.2214.91, does not initialize a variable that is used in calls to the Skia SkBitmap::setAlphaType function, which might allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted HTML document, a different vulnerability than CVE-2015-1205.

6.8
2015-01-27 CVE-2015-1359 Google Numeric Errors vulnerability in Google Chrome

Multiple off-by-one errors in fpdfapi/fpdf_font/font_int.h in PDFium, as used in Google Chrome before 40.0.2214.91, allow remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted PDF document, related to an "intra-object-overflow" issue, a different vulnerability than CVE-2015-1205.

6.8
2015-01-27 CVE-2015-0232 PHP Remote Code Execution vulnerability in PHP 'exif_process_unicode()' Function

The exif_process_unicode function in ext/exif/exif.c in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized pointer free and application crash) via crafted EXIF data in a JPEG image.

6.8
2015-01-27 CVE-2014-9647 Google Denial-Of-Service vulnerability in Chrome

Use-after-free vulnerability in PDFium, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF document, related to fpdfsdk/src/fpdfview.cpp and fpdfsdk/src/fsdk_mgr.cpp, a different vulnerability than CVE-2015-1205.

6.8
2015-01-26 CVE-2014-8158 Jasper Project
Debian
Redhat
Opensuse
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

Multiple stack-based buffer overflows in jpc_qmfb.c in JasPer 1.900.1 and earlier allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 image.

6.8
2015-02-01 CVE-2014-8630 Mozilla
Fedoraproject
Command Injection vulnerability in multiple products

Bugzilla before 4.0.16, 4.1.x and 4.2.x before 4.2.12, 4.3.x and 4.4.x before 4.4.7, and 5.x before 5.0rc1 allows remote authenticated users to execute arbitrary commands by leveraging the editcomponents privilege and triggering crafted input to a two-argument Perl open call, as demonstrated by shell metacharacters in a product name.

6.5
2015-02-01 CVE-2014-7269 Asus OS Command Injection vulnerability in Asus products

ASUS JAPAN RT-AC87U routers with firmware 3.0.0.4.378.3754 and earlier, RT-AC68U routers with firmware 3.0.0.4.376.3715 and earlier, RT-AC56S routers with firmware 3.0.0.4.376.3715 and earlier, RT-N66U routers with firmware 3.0.0.4.376.3715 and earlier, and RT-N56U routers with firmware 3.0.0.4.376.3715 and earlier allow remote authenticated users to execute arbitrary OS commands via unspecified vectors.

6.5
2015-01-29 CVE-2015-1423 Jakweb SQL Injection vulnerability in Jakweb Gecko CMS 2.2/2.3

Multiple SQL injection vulnerabilities in Gecko CMS 2.2 and 2.3 allow remote administrators to execute arbitrary SQL commands via the (1) jak_delete_log[] or (2) ssp parameter to admin/index.php.

6.5
2015-02-01 CVE-2014-8268 QPR Permissions, Privileges, and Access Controls vulnerability in QPR Portal

QPR Portal before 2012.2.1 allows remote attackers to modify or delete notes via a direct request.

6.4
2015-01-29 CVE-2014-8370 Vmware Permissions, Privileges, and Access Controls vulnerability in VMWare products

VMware Workstation 10.x before 10.0.5, VMware Player 6.x before 6.0.5, VMware Fusion 6.x before 6.0.5, and VMware ESXi 5.0 through 5.5 allow host OS users to gain host OS privileges or cause a denial of service (arbitrary write to a file) by modifying a configuration file.

6.4
2015-01-26 CVE-2014-9573 Mantisbt SQL Injection vulnerability in Mantisbt

SQL injection vulnerability in manage_user_page.php in MantisBT before 1.2.19 and 1.3.x before 1.3.0-beta.2 allows remote administrators with FILE privileges to execute arbitrary SQL commands via the MANTIS_MANAGE_USERS_COOKIE cookie.

6.0
2015-02-01 CVE-2014-7287 Symantec Injection vulnerability in Symantec Encryption Management Server and PGP Universal Server

The key-management component in Symantec PGP Universal Server and Encryption Management Server before 3.3.2 MP7 allows remote attackers to trigger unintended content in outbound e-mail messages via a crafted key UID value in an inbound e-mail message, as demonstrated by the outbound Subject header.

5.0
2015-01-30 CVE-2014-8839 Apple Information Exposure vulnerability in Apple mac OS X

Spotlight in Apple OS X before 10.10.2 does not enforce the Mail "Load remote content in messages" configuration, which allows remote attackers to discover recipient IP addresses by including an inline image in an HTML e-mail message and logging HTTP requests for this image's URL.

5.0
2015-01-30 CVE-2014-8831 Apple Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X

security_taskgate in Apple OS X before 10.10.2 allows attackers to read group-ACL-restricted keychain items of arbitrary apps via a crafted app with a signature from a (1) self-signed certificate or (2) Developer ID certificate.

5.0
2015-01-30 CVE-2014-8826 Apple Data Processing Errors vulnerability in Apple mac OS X

LaunchServices in Apple OS X before 10.10.2 does not properly handle file-type metadata, which allows attackers to bypass the Gatekeeper protection mechanism via a crafted JAR archive.

5.0
2015-01-30 CVE-2014-4496 Apple Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS and Tvos

The mach_port_kobject interface in the kernel in Apple iOS before 8.1.3 and Apple TV before 7.0.3 does not properly restrict kernel-address and heap-permutation information, which makes it easier for attackers to bypass the ASLR protection mechanism via a crafted app.

5.0
2015-01-30 CVE-2014-4491 Apple Information Exposure vulnerability in Apple Iphone OS, mac OS X and Tvos

The extension APIs in the kernel in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 do not prevent the presence of addresses within an OSBundleMachOHeaders key in a response, which makes it easier for attackers to bypass the ASLR protection mechanism via a crafted app.

5.0
2015-01-28 CVE-2015-1419 Opensuse
Beasts
Security Bypass vulnerability in vsftpd

Unspecified vulnerability in vsftpd 3.0.2 and earlier allows remote attackers to bypass access restrictions via unknown vectors, related to deny_file parsing.

5.0
2015-01-27 CVE-2015-1365 Pixabay Images Project Path Traversal vulnerability in Pixabay Images Project Pixabay Images 2.3

Directory traversal vulnerability in pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress allows remote attackers to write to arbitrary files via a ..

5.0
2015-01-27 CVE-2014-9650 Pivotal Software HTTP Response Splitting vulnerability in RabbitMQ

CRLF injection vulnerability in the management plugin in RabbitMQ 2.1.0 through 3.4.x before 3.4.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the download parameter to api/definitions.

5.0
2015-01-30 CVE-2014-8832 Apple Information Exposure vulnerability in Apple mac OS X

The indexing functionality in Spotlight in Apple OS X before 10.10.2 writes memory contents to an external hard drive, which allows local users to obtain sensitive information by reading from this drive.

4.9
2015-01-29 CVE-2014-8894 IBM Open Redirection vulnerability in IBM Tririga Application Platform

Open redirect vulnerability in IBM TRIRIGA Application Platform 3.2.1.x, 3.3.2 before 3.3.2.3, and 3.4.1 before 3.4.1.1 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via the out parameter.

4.9
2015-01-30 CVE-2014-8823 Apple Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X

The IOUSBControllerUserClient::ReadRegister function in the IOUSB controller in IOUSBFamily in Apple OS X before 10.10.2 allows local users to read data from arbitrary kernel-memory locations by leveraging root access and providing a crafted first argument.

4.7
2015-01-30 CVE-2014-4498 Apple Code vulnerability in Apple mac OS X

The CPU Software in Apple OS X before 10.10.2 allows physically proximate attackers to modify firmware during the EFI update process by inserting a Thunderbolt device with crafted code in an Option ROM, aka the "Thunderstrike" issue.

4.7
2015-01-27 CVE-2014-9646 Google Permissions, Privileges, and Access Controls vulnerability in Google Chrome

Unquoted Windows search path vulnerability in the GoogleChromeDistribution::DoPostUninstallOperations function in installer/util/google_chrome_distribution.cc in the uninstall-survey feature in Google Chrome before 40.0.2214.91 allows local users to gain privileges via a Trojan horse program in the %SYSTEMDRIVE% directory, as demonstrated by program.exe, a different vulnerability than CVE-2015-1205.

4.6
2015-02-01 CVE-2015-0870 Nishishi Cross-site Scripting vulnerability in Nishishi Fumy News Clipper

Cross-site scripting (XSS) vulnerability in hb.cgi in Nishishi Factory Fumy News Clipper 2.x before 2.5.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2015-02-01 CVE-2014-8267 QPR Cross-site Scripting vulnerability in QPR Portal

Cross-site scripting (XSS) vulnerability in QPR Portal 2014.1.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the RID parameter.

4.3
2015-02-01 CVE-2014-8266 QPR Cross-site Scripting vulnerability in QPR Portal

Multiple cross-site scripting (XSS) vulnerabilities in the note-creation page in QPR Portal 2014.1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) title or (2) body field.

4.3
2015-02-01 CVE-2014-4632 Vmware Cryptographic Issues vulnerability in VMWare Vsphere Data Protection

VMware vSphere Data Protection (VDP) 5.1, 5.5 before 5.5.9, and 5.8 before 5.8.1 and the proxy client in EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) 6.x and 7.0.x do not properly verify X.509 certificates from vCenter Server SSL servers, which allows man-in-the-middle attackers to spoof servers, and bypass intended backup and restore access restrictions, via a crafted certificate.

4.3
2015-01-30 CVE-2014-8838 Apple Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X

The Security component in Apple OS X before 10.10.2 does not properly process cached information about app certificates, which allows attackers to bypass the Gatekeeper protection mechanism by leveraging access to a revoked Developer ID certificate for signing a crafted app.

4.3
2015-01-30 CVE-2014-4467 Apple Code vulnerability in Apple Iphone OS

WebKit, as used in Apple iOS before 8.1.3, does not properly determine scrollbar boundaries during the rendering of FRAME elements, which allows remote attackers to spoof the UI via a crafted web site.

4.3
2015-01-29 CVE-2015-1422 Jakweb Cross-site Scripting vulnerability in Jakweb Gecko CMS 2.2/2.3

Multiple cross-site scripting (XSS) vulnerabilities in Gecko CMS 2.2 and 2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) horder[], (2) jak_catid, (3) jak_content, (4) jak_css, (5) jak_delete_log[], (6) jak_email, (7) jak_extfile, (8) jak_file, (9) jak_hookshow[], (10) jak_img, (11) jak_javascript, (12) jak_lcontent, (13) jak_name, (14) jak_password, (15) jak_showcontact, (16) jak_tags, (17) jak_title, (18) jak_url, (19) jak_username, (20) real_hook_id[], (21) sp, (22) sreal_plugin_id[], (23) ssp, or (24) sssp parameter to admin/index.php or the (25) editor, (26) field_id, (27) fldr, (28) lang, (29) popup, (30) subfolder, or (31) type parameter to js/editor/plugins/filemanager/dialog.php.

4.3
2015-01-29 CVE-2014-8895 IBM Permissions, Privileges, and Access Controls vulnerability in IBM Tririga Application Platform

IBM TRIRIGA Application Platform 3.2.1.x, 3.3.2 before 3.3.2.3, and 3.4.1 before 3.4.1.1 allows remote attackers to bypass intended access restrictions and read the image files of arbitrary users via a crafted URL.

4.3
2015-01-28 CVE-2014-8917 IBM Cross-site Scripting vulnerability in IBM products

Multiple cross-site scripting (XSS) vulnerabilities in (1) dojox/form/resources/uploader.swf (aka upload.swf), (2) dojox/form/resources/fileuploader.swf (aka fileupload.swf), (3) dojox/av/resources/audio.swf, and (4) dojox/av/resources/video.swf in the IBM Dojo Toolkit, as used in IBM Social Media Analytics 1.3 before IF11 and other products, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2015-01-27 CVE-2015-1373 Ferretcms Project Cross-site Scripting vulnerability in Ferretcms Project Ferretcms 1.0.4

Multiple cross-site scripting (XSS) vulnerabilities in admin.php in ferretCMS 1.0.4-alpha allow remote attackers to inject arbitrary web script or HTML via the (1) action parameter in a search request, (2) username in a login request, which is not properly handled when logging the event, or (3) page title in an insert action.

4.3
2015-01-27 CVE-2015-1370 Marked Project Unspecified vulnerability in Marked Project Marked

Incomplete blacklist vulnerability in marked 0.3.2 and earlier for Node.js allows remote attackers to conduct cross-site scripting (XSS) attacks via a vbscript tag in a link.

4.3
2015-01-27 CVE-2015-1368 Ansible Cross-site Scripting vulnerability in Ansible Tower

Multiple cross-site scripting (XSS) vulnerabilities in Ansible Tower (aka Ansible UI) before 2.0.5 allow remote attackers to inject arbitrary web script or HTML via the (1) order_by parameter to credentials/, (2) inventories/, (3) projects/, or (4) users/3/permissions/ in api/v1/ or the (5) next_run parameter to api/v1/schedules/.

4.3
2015-01-27 CVE-2015-1366 Pixabay Images Project Cross-site Scripting vulnerability in Pixabay Images Project Pixabay Images 2.3

Cross-site scripting (XSS) vulnerability in pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the image_user parameter.

4.3
2015-01-27 CVE-2015-1363 Freereprintables Cross-site Scripting vulnerability in Freereprintables Articlefr 3.0.5

Cross-site scripting (XSS) vulnerability in Free Reprintables ArticleFR 3.0.5 allows remote attackers to inject arbitrary web script or HTML via the q parameter to search/v/.

4.3
2015-01-27 CVE-2014-9649 Pivotal Software Cross-site Scripting vulnerability in Pivotal Software Rabbitmq

Cross-site scripting (XSS) vulnerability in the management plugin in RabbitMQ 2.1.0 through 3.4.x before 3.4.1 allows remote attackers to inject arbitrary web script or HTML via the path info to api/, which is not properly handled in an error message.

4.3
2015-01-27 CVE-2014-9648 Google Improper Access Control vulnerability in Google Chrome

components/navigation_interception/intercept_navigation_resource_throttle.cc in Google Chrome before 40.0.2214.91 on Android does not properly restrict use of intent: URLs to open an application after navigation to a web site, which allows remote attackers to cause a denial of service (loss of browser access to that site) via crafted JavaScript code, as demonstrated by pandora.com and the Pandora application, a different vulnerability than CVE-2015-1205.

4.3
2015-01-26 CVE-2015-1308 KDE Information Exposure vulnerability in KDE Kde-Workspace and Plasma-Workspace

kde-workspace 4.2.0 and plasma-workspace before 5.1.95 allows remote attackers to obtain input events, and consequently obtain passwords, by leveraging access to the X server when the screen is locked.

4.3
2015-01-26 CVE-2015-1307 KDE Improper Access Control vulnerability in KDE Plasma-Workspace

plasma-workspace before 5.1.95 allows remote attackers to obtain passwords via a Trojan horse Look and Feel package.

4.3
2015-01-26 CVE-2015-1179 Infinite Automation Systems Cross-site Scripting vulnerability in Infinite Automation Systems Mango Automation 2.4.0

Multiple cross-site scripting (XSS) vulnerabilities in data_point_details.shtm in Mango Automation 2.4.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) dpid, (2) dpxid, or (3) pid parameter.

4.3
2015-01-26 CVE-2015-1178 Qualiteam Cross-site Scripting vulnerability in Qualiteam X-Cart

Multiple cross-site scripting (XSS) vulnerabilities in cart.php in X-Cart 5.1.8 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) product_id or (2) category_id parameter.

4.3
2015-01-26 CVE-2014-9571 Mantisbt Cross-site Scripting vulnerability in Mantisbt

Cross-site scripting (XSS) vulnerability in admin/install.php in MantisBT before 1.2.19 and 1.3.x before 1.3.0-beta.2 allows remote attackers to inject arbitrary web script or HTML via the (1) admin_username or (2) admin_password parameter.

4.3
2015-01-28 CVE-2015-1376 Pixabay Images Project Improper Access Control vulnerability in Pixabay Images Project Pixabay Images 2.3

pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress does not validate hostnames, which allows remote authenticated users to write to arbitrary files via an upload URL with a host other than pixabay.com.

4.0

8 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2015-01-29 CVE-2015-0236 Mageia
Redhat
Opensuse
Canonical
Information Exposure vulnerability in multiple products

libvirt before 1.2.12 allow remote authenticated users to obtain the VNC password by using the VIR_DOMAIN_XML_SECURE flag with a crafted (1) snapshot to the virDomainSnapshotGetXMLDesc interface or (2) image to the virDomainSaveImageGetXMLDesc interface.

3.5
2015-01-29 CVE-2014-8893 IBM Cross-site Scripting vulnerability in IBM Tririga Application Platform

Multiple cross-site scripting (XSS) vulnerabilities in (1) mainpage.jsp and (2) GetImageServlet.img in IBM TRIRIGA Application Platform 3.2.1.x, 3.3.2 before 3.3.2.3, and 3.4.1 before 3.4.1.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

3.5
2015-01-29 CVE-2015-1044 Vmware Denial Of Service vulnerability in VMWare Esxi, Player and Workstation

vmware-authd (aka the Authorization process) in VMware Workstation 10.x before 10.0.5, VMware Player 6.x before 6.0.5, and VMware ESXi 5.0 through 5.5 allows attackers to cause a host OS denial of service via unspecified vectors.

3.3
2015-01-29 CVE-2015-1043 Vmware Improper Input Validation vulnerability in VMWare Fusion, Player and Workstation

The Host Guest File System (HGFS) in VMware Workstation 10.x before 10.0.5, VMware Player 6.x before 6.0.5, and VMware Fusion 6.x before 6.0.5 and 7.x before 7.0.1 allows guest OS users to cause a guest OS denial of service via unspecified vectors.

3.3
2015-01-30 CVE-2014-8834 Apple Information Exposure vulnerability in Apple mac OS X 10.10.0/10.10.1

UserAccountUpdater in Apple OS X 10.10 before 10.10.2 stores a PDF document's password in a printing preference file, which allows local users to obtain sensitive information by reading a file.

2.1
2015-01-30 CVE-2014-8833 Apple Improper Access Control vulnerability in Apple mac OS X

SpotlightIndex in Apple OS X before 10.10.2 does not properly perform deserialization during access to a permission cache, which allows local users to read search results associated with other users' protected files via a Spotlight query.

2.1
2015-01-30 CVE-2014-8827 Apple Improper Access Control vulnerability in Apple mac OS X

LoginWindow in Apple OS X before 10.10.2 does not transition to the lock-screen state immediately upon being woken from sleep, which allows physically proximate attackers to obtain sensitive information by reading the screen.

2.1
2015-01-30 CVE-2014-4499 Apple Information Exposure vulnerability in Apple mac OS X

The App Store process in CommerceKit Framework in Apple OS X before 10.10.2 places Apple ID credentials in App Store logs, which allows local users to obtain sensitive information by reading a file.

2.1