Weekly Vulnerabilities Reports > March 30 to April 5, 2015

Overview

121 new vulnerabilities reported during this period, including 6 critical vulnerabilities and 37 high severity vulnerabilities. This weekly summary report vulnerabilities in 184 products from 59 vendors including Opensuse, Mozilla, Debian, Cisco, and PHP. Vulnerabilities are notably categorized as "Permissions, Privileges, and Access Controls", "Information Exposure", "Improper Input Validation", "Improper Restriction of Operations within the Bounds of a Memory Buffer", and "Code".

  • 110 reported vulnerabilities are remotely exploitables.
  • 9 reported vulnerabilities have public exploit available.
  • 17 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 107 reported vulnerabilities are exploitable by an anonymous user.
  • Opensuse has the most reported vulnerabilities, with 16 reported vulnerabilities.
  • Fedoraproject has the most reported critical vulnerabilities, with 1 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

6 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2015-04-05 CVE-2015-0932 Antlabs Permissions, Privileges, and Access Controls vulnerability in Antlabs products

The ANTlabs InnGate firmware on IG 3100, IG 3101, InnGate 3.00 E, InnGate 3.01 E, InnGate 3.02 E, InnGate 3.10 E, InnGate 3.01 G, and InnGate 3.10 G devices does not require authentication for rsync sessions, which allows remote attackers to read or write to arbitrary files via TCP traffic on port 873.

10.0
2015-03-31 CVE-2014-2830 Debian Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Debian Cifs-Utils 6.3

Stack-based buffer overflow in cifskey.c or cifscreds.c in cifs-utils before 6.4, as used in pam_cifscreds, allows remote attackers to have unspecified impact via unknown vectors.

10.0
2015-03-31 CVE-2014-7876 HP Remote Code Execution vulnerability in HP products

Unspecified vulnerability in HP Integrated Lights-Out (iLO) firmware 2 before 2.27 and 4 before 2.03 and iLO Chassis Management (CM) firmware before 1.30 allows remote attackers to gain privileges, execute arbitrary code, or cause a denial of service via unknown vectors.

10.0
2015-03-31 CVE-2015-0984 Honeywell Path Traversal vulnerability in Honeywell products

Directory traversal vulnerability in the FTP server on Honeywell Excel Web XL1000C50 52 I/O, XL1000C100 104 I/O, XL1000C500 300 I/O, XL1000C1000 600 I/O, XL1000C50U 52 I/O UUKL, XL1000C100U 104 I/O UUKL, XL1000C500U 300 I/O UUKL, and XL1000C1000U 600 I/O UUKL controllers before 2.04.01 allows remote attackers to read files under the web root, and consequently obtain administrative login access, via a crafted pathname.

10.0
2015-03-30 CVE-2015-1815 Selinux
Fedoraproject
Command Injection vulnerability in multiple products

The get_rpm_nvr_by_file_path_temporary function in util.py in setroubleshoot before 3.2.22 allows remote attackers to execute arbitrary commands via shell metacharacters in a file name.

10.0
2015-04-03 CVE-2014-5405 Hospira Information Exposure vulnerability in Hospira Mednet 5.8

Hospira MedNet before 6.1 uses a hardcoded cleartext password to control SQL database authorization, which allows remote authenticated users to bypass intended access restrictions by leveraging knowledge of this password.

9.0

37 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2015-04-05 CVE-2015-1465 Linux Code vulnerability in Linux Kernel

The IPv4 implementation in the Linux kernel before 3.18.8 does not properly consider the length of the Read-Copy Update (RCU) grace period for redirecting lookups in the absence of caching, which allows remote attackers to cause a denial of service (memory consumption or system crash) via a flood of packets.

7.8
2015-04-03 CVE-2015-0666 Cisco Path Traversal vulnerability in Cisco Prime Data Center Network Manager

Directory traversal vulnerability in the fmserver servlet in Cisco Prime Data Center Network Manager (DCNM) before 7.1(1) allows remote attackers to read arbitrary files via a crafted pathname, aka Bug ID CSCus00241.

7.8
2015-04-03 CVE-2015-0685 Cisco Improper Input Validation vulnerability in Cisco IOS XE

Cisco IOS XE before 3.7.5S on ASR 1000 devices does not properly handle route adjacencies, which allows remote attackers to cause a denial of service (device hang) via crafted IP packets, aka Bug ID CSCub31873.

7.8
2015-03-30 CVE-2015-0283 Redhat Resource Management Errors vulnerability in Redhat Slapi-Nis

The slapi-nis plug-in before 0.54.2 does not properly reallocate memory when processing user accounts, which allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a request for a (1) group with a large number of members or (2) user that belongs to a large number of groups.

7.8
2015-04-03 CVE-2015-0225 Apache Command Injection vulnerability in Apache Cassandra

The default configuration in Apache Cassandra 1.2.0 through 1.2.19, 2.0.0 through 2.0.13, and 2.1.0 through 2.1.3 binds an unauthenticated JMX/RMI interface to all network interfaces, which allows remote attackers to execute arbitrary Java code via an RMI request.

7.5
2015-04-03 CVE-2015-0903 Hidemaru Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Hidemaru Editor

Buffer overflow in Saitoh Kikaku Maruo Editor 8.51 and earlier allows remote attackers to execute arbitrary code via a crafted .hmbook file.

7.5
2015-04-01 CVE-2015-1233 Google Code vulnerability in Google Chrome

Google Chrome before 41.0.2272.118 does not properly handle the interaction of IPC, the Gamepad API, and Google V8, which allows remote attackers to execute arbitrary code via unspecified vectors.

7.5
2015-04-01 CVE-2015-2816 SAP Improper Access Control vulnerability in SAP Afaria 7.0.6001.5

The XcListener in SAP Afaria 7.0.6001.5 does not properly restrict access, which allows remote attackers to have unspecified impact via a crafted request, aka SAP Security Note 2134905.

7.5
2015-04-01 CVE-2015-0815 Mozilla Memory Corruption vulnerability in Mozilla Firefox, Firefox ESR and Thunderbird

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

7.5
2015-04-01 CVE-2015-0814 Mozilla Memory Corruption vulnerability in Mozilla Firefox 36.0.4

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 37.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

7.5
2015-04-01 CVE-2015-0806 Canonical
Mozilla
Opensuse
Code vulnerability in multiple products

The Off Main Thread Compositing (OMTC) implementation in Mozilla Firefox before 37.0 attempts to use memset for a memory region of negative length during interaction with the mozilla::layers::BufferTextureClient::AllocateForSurface function, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors that trigger rendering of 2D graphics content.

7.5
2015-04-01 CVE-2015-0805 Opensuse
Mozilla
Canonical
Code vulnerability in multiple products

The Off Main Thread Compositing (OMTC) implementation in Mozilla Firefox before 37.0 makes an incorrect memset call during interaction with the mozilla::layers::BufferTextureClient::AllocateForSurface function, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors that trigger rendering of 2D graphics content.

7.5
2015-04-01 CVE-2015-0804 Mozilla
Opensuse
Canonical
Permissions, Privileges, and Access Controls vulnerability in multiple products

The HTMLSourceElement::BindToTree function in Mozilla Firefox before 37.0 does not properly constrain a data type after omitting namespace validation during certain tree-binding operations, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via a crafted HTML document containing a SOURCE element.

7.5
2015-04-01 CVE-2015-0803 Canonical
Opensuse
Mozilla
Permissions, Privileges, and Access Controls vulnerability in multiple products

The HTMLSourceElement::AfterSetAttr function in Mozilla Firefox before 37.0 does not properly constrain the original data type of a casted value during the setting of a SOURCE element's attributes, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via a crafted HTML document.

7.5
2015-04-01 CVE-2015-0801 Mozilla Permissions, Privileges, and Access Controls vulnerability in Mozilla Firefox, Firefox ESR and Thunderbird

Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 allow remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code with chrome privileges via vectors involving anchor navigation, a similar issue to CVE-2015-0818.

7.5
2015-03-31 CVE-2015-0838 Debian
Dulwich Project
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

Buffer overflow in the C implementation of the apply_delta function in _pack.c in Dulwich before 0.9.9 allows remote attackers to execute arbitrary code via a crafted pack file.

7.5
2015-03-31 CVE-2014-9707 Embedthis Code vulnerability in Embedthis Goahead

EmbedThis GoAhead 3.0.0 through 3.4.1 does not properly handle path segments starting with a .

7.5
2015-03-31 CVE-2014-9706 Debian
Dulwich Project
Data Processing Errors vulnerability in multiple products

The build_index_from_tree function in index.py in Dulwich before 0.9.9 allows remote attackers to execute arbitrary code via a commit with a directory path starting with .git/, which is not properly handled when checking out a working tree.

7.5
2015-03-31 CVE-2014-9462 Opensuse
Mercurial
Improper Input Validation vulnerability in multiple products

The _validaterepo function in sshpeer in Mercurial before 3.2.4 allows remote attackers to execute arbitrary commands via a crafted repository name in a clone command.

7.5
2015-03-31 CVE-2014-2027 Egroupware Code Injection vulnerability in Egroupware 1.8.001.20110421/1.8.001.20110805

eGroupware before 1.8.006.20140217 allows remote attackers to conduct PHP object injection attacks, delete arbitrary files, and possibly execute arbitrary code via the (1) addr_fields or (2) trans parameter to addressbook/csv_import.php, (3) cal_fields or (4) trans parameter to calendar/csv_import.php, (5) info_fields or (6) trans parameter to csv_import.php in (a) projectmanager/ or (b) infolog/, or (7) processed parameter to preferences/inc/class.uiaclprefs.inc.php.

7.5
2015-03-31 CVE-2015-2109 HP Authentication Bypass vulnerability in HP Operations Orchestration 10.0

Unspecified vulnerability in HP Operations Orchestration 10.x allows remote attackers to bypass authentication, and obtain sensitive information or modify data, via unknown vectors.

7.5
2015-03-30 CVE-2015-2792 Wpml Improper Access Control vulnerability in Wpml

The WPML plugin before 3.1.9 for WordPress does not properly handle multiple actions in a request, which allows remote attackers to bypass nonce checks and perform arbitrary actions via a request containing an action POST parameter, an action GET parameter, and a valid nonce for the action GET parameter.

7.5
2015-03-30 CVE-2015-2171 Slimframework Code Injection vulnerability in Slimframework Slim

Middleware/SessionCookie.php in Slim before 2.6.0 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via crafted session data.

7.5
2015-03-30 CVE-2015-2787 PHP
Apple
Redhat
Opensuse
Remote Code Execution vulnerability in PHP

Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages use of the unset function within an __wakeup function, a related issue to CVE-2015-0231.

7.5
2015-03-30 CVE-2015-2331 NIH
PHP
Debian
Fedoraproject
Opensuse
Numeric Errors vulnerability in multiple products

Integer overflow in the _zip_cdir_new function in zip_dirent.c in libzip 0.11.2 and earlier, as used in the ZIP extension in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a ZIP archive that contains many entries, leading to a heap-based buffer overflow.

7.5
2015-03-30 CVE-2015-2301 Canonical
Debian
Opensuse
PHP
Apple
Redhat
Denial of Service vulnerability in PHP 'ext/phar/phar_object.c' Double Free

Use-after-free vulnerability in the phar_rename_archive function in phar_object.c in PHP before 5.5.22 and 5.6.x before 5.6.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an attempted renaming of a Phar archive to the name of an existing file.

7.5
2015-03-30 CVE-2015-1351 Oracle
Apple
PHP
Use After Free vulnerability in multiple products

Use-after-free vulnerability in the _zend_shared_memdup function in zend_shared_alloc.c in the OPcache extension in PHP through 5.6.7 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

7.5
2015-03-30 CVE-2015-0273 PHP Use After Free Remote Code Execution vulnerability in PHP

Multiple use-after-free vulnerabilities in ext/date/php_date.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 allow remote attackers to execute arbitrary code via crafted serialized input containing a (1) R or (2) r type specifier in (a) DateTimeZone data handled by the php_date_timezone_initialize_from_hash function or (b) DateTime data handled by the php_date_initialize_from_hash function.

7.5
2015-03-30 CVE-2014-9705 PHP Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in PHP

Heap-based buffer overflow in the enchant_broker_request_dict function in ext/enchant/enchant.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 allows remote attackers to execute arbitrary code via vectors that trigger creation of multiple dictionaries.

7.5
2015-03-30 CVE-2014-9653 File Project
PHP
Debian
Improper Input Validation vulnerability in multiple products

readelf.c in file before 5.22, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not consider that pread calls sometimes read only a subset of the available data, which allows remote attackers to cause a denial of service (uninitialized memory access) or possibly have unspecified other impact via a crafted ELF file.

7.5
2015-04-04 CVE-2015-0688 Cisco Resource Management Errors vulnerability in Cisco IOS XE 13.10.2S

Cisco IOS XE 3.10.2S on an ASR 1000 device with an Embedded Services Processor (ESP) module, when NAT is enabled, allows remote attackers to cause a denial of service (module crash) via malformed H.323 packets, aka Bug ID CSCup21070.

7.1
2015-04-03 CVE-2015-0616 Cisco Data Processing Errors vulnerability in Cisco Unity Connection

The Connection Conversation Manager (aka CuCsMgr) process in Cisco Unity Connection 8.5 before 8.5(1)SU7, 8.6 before 8.6(2a)SU4, and 9.x before 9.1(2)SU2, when SIP trunk integration is enabled, allows remote attackers to cause a denial of service (core dump and restart) by improperly terminating SIP TCP connections, aka Bug ID CSCul69819.

7.1
2015-04-03 CVE-2015-0615 Cisco Data Processing Errors vulnerability in Cisco Unity Connection

The call-handling implementation in Cisco Unity Connection 8.5 before 8.5(1)SU7, 8.6 before 8.6(2a)SU4, 9.x before 9.1(2)SU2, and 10.0 before 10.0(1)SU1, when SIP trunk integration is enabled, allows remote attackers to cause a denial of service (port consumption) by improperly terminating SIP sessions, aka Bug ID CSCul28089.

7.1
2015-04-03 CVE-2015-0614 Cisco Data Processing Errors vulnerability in Cisco Unity Connection

The Connection Conversation Manager (aka CuCsMgr) process in Cisco Unity Connection 8.5 before 8.5(1)SU7, 8.6 before 8.6(2a)SU4, 9.x before 9.1(2)SU2, and 10.0 before 10.0(1)SU1, when SIP trunk integration is enabled, allows remote attackers to cause a denial of service (core dump and restart) via crafted SIP INVITE messages, aka Bug ID CSCul26267.

7.1
2015-04-03 CVE-2015-0613 Cisco Data Processing Errors vulnerability in Cisco Unity Connection

The Connection Conversation Manager (aka CuCsMgr) process in Cisco Unity Connection 8.5 before 8.5(1)SU7, 8.6 before 8.6(2a)SU4, 9.x before 9.1(2)SU2, and 10.0 before 10.0(1)SU1, when SIP trunk integration is enabled, allows remote attackers to cause a denial of service (core dump and restart) via crafted SIP INVITE messages, aka Bug ID CSCul20444.

7.1
2015-04-03 CVE-2015-0612 Cisco Data Processing Errors vulnerability in Cisco products

The Connection Conversation Manager (aka CuCsMgr) process in Cisco Unity Connection 8.5 before 8.5(1)SU6, 8.6 before 8.6(2a)SU4, and 9.x before 9.1(2)SU2, when SIP trunk integration is enabled, allows remote attackers to cause a denial of service (SIP outage) via a crafted UDP packet, aka Bug ID CSCuh25062.

7.1
2015-04-01 CVE-2015-2751 XEN
Fedoraproject
Code vulnerability in multiple products

Xen 4.3.x, 4.4.x, and 4.5.x, when using toolstack disaggregation, allows remote domains with partial management control to cause a denial of service (host lock) via unspecified domctl operations.

7.1

73 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2015-03-31 CVE-2014-9209 Rockwellautomation Unspecified vulnerability in Rockwellautomation products

Untrusted search path vulnerability in the Clean Utility application in Rockwell Automation FactoryTalk Services Platform before 2.71.00 and FactoryTalk View Studio 8.00.00 and earlier allows local users to gain privileges via a Trojan horse DLL in an unspecified directory.

6.9
2015-04-03 CVE-2015-2838 Citrix Cross-Site Request Forgery (CSRF) vulnerability in Citrix Netscaler 10.5

Cross-site request forgery (CSRF) vulnerability in Nitro API in Citrix NetScaler before 10.5 build 52.3nc allows remote attackers to hijack the authentication of administrators for requests that execute arbitrary commands as nsroot via shell metacharacters in the file_name JSON member in params/xen_hotfix/0 to nitro/v1/config/xen_hotfix.

6.8
2015-04-01 CVE-2015-1234 Google Race Condition vulnerability in Google Chrome

Race condition in gpu/command_buffer/service/gles2_cmd_decoder.cc in Google Chrome before 41.0.2272.118 allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact by manipulating OpenGL ES commands.

6.8
2015-04-01 CVE-2015-2755 AB Google MAP Travel Project Cross-Site Request Forgery (CSRF) vulnerability in AB Google MAP Travel Project AB Google MAP Travel 3.4

Multiple cross-site request forgery (CSRF) vulnerabilities in the AB Google Map Travel (AB-MAP) plugin before 4.0 for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) lat (Latitude), (2) long (Longitude), (3) map_width, (4) map_height, or (5) zoom (Map Zoom) parameter in the ab_map_options page to wp-admin/admin.php.

6.8
2015-04-01 CVE-2015-0807 Mozilla Cross-Site Request Forgery (CSRF) vulnerability in Mozilla Firefox, Firefox ESR and Thunderbird

The navigator.sendBeacon implementation in Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 processes HTTP 30x status codes for redirects after a preflight request has occurred, which allows remote attackers to bypass intended CORS access-control checks and conduct cross-site request forgery (CSRF) attacks via a crafted web site, a similar issue to CVE-2014-8638.

6.8
2015-03-31 CVE-2015-2754 Gaia GIS
Debian
Improper Input Validation vulnerability in multiple products

FreeXL before 1.0.0i allows remote attackers to cause a denial of service (stack corruption) and possibly execute arbitrary code via a crafted workbook, related to a "premature EOF."

6.8
2015-03-31 CVE-2015-2753 Debian
Gaia GIS
Improper Input Validation vulnerability in multiple products

FreeXL before 1.0.0i allows remote attackers to cause a denial of service (stack corruption) or possibly execute arbitrary code via a crafted sector in a workbook.

6.8
2015-03-31 CVE-2015-0985 Xzeres Cross-Site Request Forgery (CSRF) vulnerability in Xzeres 442Sr and 442Sr OS

Cross-site request forgery (CSRF) vulnerability in XZERES 442SR OS on 442SR wind turbines allows remote attackers to hijack the authentication of admins for requests that modify the default user's password via a GET request.

6.8
2015-03-30 CVE-2015-2305 Rxspencer Project
Debian
Opensuse
Numeric Errors vulnerability in multiple products

Integer overflow in the regcomp implementation in the Henry Spencer BSD regex library (aka rxspencer) alpha3.8.g5 on 32-bit platforms, as used in NetBSD through 6.1.5 and other products, might allow context-dependent attackers to execute arbitrary code via a large regular expression that leads to a heap-based buffer overflow.

6.8
2015-04-05 CVE-2015-0951 Qualiteam Permissions, Privileges, and Access Controls vulnerability in Qualiteam X-Cart

X-Cart before 5.1.11 allows remote authenticated users to read or delete address data of arbitrary accounts via a modified (1) update or (2) remove request.

6.5
2015-04-03 CVE-2015-0684 Cisco SQL Injection vulnerability in Cisco Unified Communications Domain Manager 8.1(.4)

SQL injection vulnerability in the Image Management component in Cisco Unified Communications Domain Manager 8.1(4) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuq52515.

6.5
2015-04-03 CVE-2015-0682 Cisco Permissions, Privileges, and Access Controls vulnerability in Cisco Unified Communications Domain Manager 8.1(.4)

Cisco Unified Communications Domain Manager 8.1(4) allows remote authenticated users to execute arbitrary code by visiting a "deprecated page," aka Bug ID CSCup90168.

6.5
2015-04-01 CVE-2015-2821 Typo3 Permissions, Privileges, and Access Controls vulnerability in Typo3 Neos

TYPO3 Neos 1.1.x before 1.1.3 and 1.2.x before 1.2.3 allows remote editors to access, create, and modify content nodes in the workspace of other editors via unspecified vectors.

6.5
2015-04-01 CVE-2015-2815 SAP Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in SAP Netweaver 7.0/7.40

Buffer overflow in the C_SAPGPARAM function in the NetWeaver Dispatcher in SAP KERNEL 7.00 (7000.52.12.34966) and 7.40 (7400.12.21.30308) allows remote authenticated users to cause a denial of service or possibly execute arbitrary code via unspecified vectors, aka SAP Security Note 2063369.

6.5
2015-03-30 CVE-2015-2172 Dokuwiki Improper Access Control vulnerability in Dokuwiki

DokuWiki before 2014-05-05d and before 2014-09-29c does not properly check permissions for the ACL plugins, which allows remote authenticated users to gain privileges and add or delete ACL rules via a request to the XMLRPC API.

6.5
2015-04-03 CVE-2015-0993 Inductiveautomation 7PK - Security Features vulnerability in Inductiveautomation Ignition 7.7.2

Inductive Automation Ignition 7.7.2 does not terminate a session upon a logout action, which allows remote attackers to bypass intended access restrictions by leveraging an unattended workstation.

6.4
2015-04-01 CVE-2015-2814 SAP Permissions, Privileges, and Access Controls vulnerability in SAP Clinical Task Tracker and EMR Unwired

SAP EMR Unwired (com.sap.mobile.healthcare.emr.v2) and Clinical Task Tracker (com.sap.mobile.healthcare.ctt) does not properly restrict access, which allows remote attackers to change the backendurl, clientid, ssourl, and infopageurl settings via unspecified vectors, aka SAP Security Note 2117079.

6.4
2015-04-01 CVE-2015-0811 Mozilla
Opensuse
Canonical
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

The QCMS implementation in Mozilla Firefox before 37.0 allows remote attackers to obtain sensitive information from process heap memory or cause a denial of service (out-of-bounds read) via an image that is improperly handled during transformation.

6.4
2015-03-31 CVE-2015-2106 HP Security vulnerability in HP products

Unspecified vulnerability in HP Integrated Lights-Out (iLO) firmware 2 before 2.27, 3 before 1.82, and 4 before 2.10 allows remote attackers to bypass intended access restrictions or cause a denial of service via unknown vectors.

6.4
2015-03-30 CVE-2015-2791 Wpml Permissions, Privileges, and Access Controls vulnerability in Wpml

The "menu sync" function in the WPML plugin before 3.1.9 for WordPress allows remote attackers to delete arbitrary posts, pages, and menus via a crafted request to sitepress-multilingual-cms/menu/menus-sync.php.

6.4
2015-04-03 CVE-2015-0687 Cisco Resource Management Errors vulnerability in Cisco IOS 15.1(2)Sg4/15.1Sg

The SNMP implementation in Cisco IOS 15.1(2)SG4 on Catalyst 4500 devices, when single-switch Virtual Switching System (VSS) is configured, allows remote authenticated users to cause a denial of service (device crash) by performing SNMP polling, aka Bug ID CSCuq04574.

6.3
2015-04-03 CVE-2015-0686 Cisco Resource Management Errors vulnerability in Cisco Nx-Os 6.1(2)I2(3)

The SNMP implementation in Cisco NX-OS 6.1(2)I2(3) on Nexus 9000 devices, when a Reset High Availability (HA) policy is configured, allows remote authenticated users to cause a denial of service (device reload) via unspecified vectors, aka Bug ID CSCuq92240.

6.3
2015-04-01 CVE-2015-0259 Openstack Insufficient Verification of Data Authenticity vulnerability in Openstack Nova

OpenStack Compute (Nova) before 2014.1.4, 2014.2.x before 2014.2.3, and kilo before kilo-3 does not validate the origin of websocket requests, which allows remote attackers to hijack the authentication of users for access to consoles via a crafted webpage.

5.1
2015-04-01 CVE-2015-0813 Mozilla
Linux
Use After Free Memory Corruption vulnerability in Mozilla Firefox, Firefox ESR and Thunderbird

Use-after-free vulnerability in the AppendElements function in Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 on Linux, when the Fluendo MP3 plugin for GStreamer is used, allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted MP3 file.

5.1
2015-04-05 CVE-2015-0529 EMC Credentials Management vulnerability in EMC Powerpath Virtual Appliance 1.2

EMC PowerPath Virtual Appliance (aka vApp) before 2.0 has default passwords for the (1) emcupdate and (2) svcuser accounts, which makes it easier for remote attackers to obtain potentially sensitive information via a login session.

5.0
2015-04-03 CVE-2015-2841 Citrix Improper Access Control vulnerability in Citrix Netscaler 10.5

Citrix NetScaler AppFirewall, as used in NetScaler 10.5, allows remote attackers to bypass intended firewall restrictions via a crafted Content-Type header, as demonstrated by the application/octet-stream and text/xml Content-Types.

5.0
2015-04-03 CVE-2015-0995 Inductiveautomation Credentials Management vulnerability in Inductiveautomation Ignition 7.7.2

Inductive Automation Ignition 7.7.2 uses MD5 password hashes, which makes it easier for context-dependent attackers to obtain access via a brute-force attack.

5.0
2015-04-03 CVE-2015-0991 Inductiveautomation Information Exposure vulnerability in Inductiveautomation Ignition 7.7.2

Inductive Automation Ignition 7.7.2 allows remote attackers to obtain sensitive information by reading an error message about an unhandled exception, as demonstrated by pathname information.

5.0
2015-04-03 CVE-2015-0902 Semperfiwebdesign Information Exposure vulnerability in ONE SEO Pack 2.2.5.1

The Semper Fi All in One SEO Pack plugin before 2.2.6 for WordPress does not consider the presence of password protection during generation of the Meta Description field, which allows remote attackers to obtain sensitive information by reading HTML source code.

5.0
2015-04-03 CVE-2014-5403 Hospira Cryptographic Issues vulnerability in Hospira Mednet 5.8

Hospira MedNet before 6.1 uses hardcoded cryptographic keys for protection of data transmission from infusion pumps, which allows remote attackers to obtain sensitive information by sniffing the network.

5.0
2015-04-01 CVE-2015-2820 SAP Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in SAP Afaria 7.0.6001.5

Buffer overflow in XcListener in SAP Afaria 7.0.6001.5 allows remote attackers to cause a denial of service (process termination) via a crafted request, aka SAP Security Note 2132584.

5.0
2015-04-01 CVE-2015-2819 SAP Improper Input Validation vulnerability in SAP SQL Anywhere 11.0/16.0

SAP Sybase SQL Anywhere 11 and 16 allows remote attackers to cause a denial of service (crash) via a crafted request, aka SAP Security Note 2108161.

5.0
2015-04-01 CVE-2015-2818 SAP XML External Entity Injection vulnerability in SAP Mobile Platform 3.0

XML external entity (XXE) vulnerability in SAP Mobile Platform 3 allows remote attackers to send requests to intranet servers via crafted XML, aka SAP Security Note 2125513.

5.0
2015-04-01 CVE-2015-2817 SAP Information Exposure vulnerability in SAP Netweaver 7.40

The SAP Management Console in SAP NetWeaver 7.40 allows remote attackers to obtain sensitive information via the ReadProfile parameters, aka SAP Security Note 2091768.

5.0
2015-04-01 CVE-2015-2813 SAP XML External Entity Injection vulnerability in SAP Mobile Platform

XML external entity (XXE) vulnerability in SAP Mobile Platform allows remote attackers to send requests to intranet servers via crafted XML, aka SAP Security Note 2125358.

5.0
2015-04-01 CVE-2015-2812 SAP XML External Entity Information Disclosure vulnerability in SAP Netweaver Enterprise Portal 7.31

XML external entity (XXE) vulnerability in XMLValidationComponent in SAP NetWeaver Portal 7.31.201109172004 allows remote attackers to send requests to intranet servers via crafted XML, aka SAP Security Note 2093966.

5.0
2015-04-01 CVE-2015-2811 SAP Unspecified vulnerability in SAP Netweaver Enterprise Portal 7.31

XML external entity (XXE) vulnerability in ReportXmlViewer in SAP NetWeaver Portal 7.31.201109172004 allows remote attackers to send requests to intranet servers via crafted XML, aka SAP Security Note 2111939.

5.0
2015-04-01 CVE-2015-0816 Mozilla Permissions, Privileges, and Access Controls vulnerability in Mozilla Firefox, Firefox ESR and Thunderbird

Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 do not properly restrict resource: URLs, which makes it easier for remote attackers to execute arbitrary JavaScript code with chrome privileges by leveraging the ability to bypass the Same Origin Policy, as demonstrated by the resource: URL associated with PDF.js.

5.0
2015-04-01 CVE-2015-0808 Opensuse
Canonical
Mozilla
Code vulnerability in multiple products

The webrtc::VPMContentAnalysis::Release function in the WebRTC implementation in Mozilla Firefox before 37.0 uses incompatible approaches to the deallocation of memory for simple-type arrays, which might allow remote attackers to cause a denial of service (memory corruption) via unspecified vectors.

5.0
2015-04-01 CVE-2015-0802 Opensuse
Canonical
Mozilla
Permissions, Privileges, and Access Controls vulnerability in multiple products

Mozilla Firefox before 37.0 relies on docshell type information instead of page principal information for Window.webidl access control, which might allow remote attackers to execute arbitrary JavaScript code with chrome privileges via certain content navigation that leverages the reachability of a privileged window with an unintended persistence of access to restricted internal methods.

5.0
2015-04-01 CVE-2015-0800 Mozilla
Google
Information Exposure vulnerability in Mozilla Firefox

The PRNG implementation in the DNS resolver in Mozilla Firefox (aka Fennec) before 37.0 on Android does not properly generate random numbers for query ID values and UDP source ports, which makes it easier for remote attackers to spoof DNS responses by guessing these numbers, a related issue to CVE-2012-2808.

5.0
2015-04-01 CVE-2012-2808 Google Unspecified vulnerability in Google Bionic

The PRNG implementation in the DNS resolver in Bionic in Android before 4.1.1 incorrectly uses time and PID information during the generation of random numbers for query ID values and UDP source ports, which makes it easier for remote attackers to spoof DNS responses by guessing these numbers, a related issue to CVE-2015-0800.

5.0
2015-04-01 CVE-2015-2809 Synology Information Exposure vulnerability in Synology Diskstation Manager 3.0

The Multicast DNS (mDNS) responder in Synology DiskStation Manager (DSM) before 3.1 inadvertently responds to unicast queries with source addresses that are not link-local, which allows remote attackers to cause a denial of service (traffic amplification) or obtain potentially sensitive information via port-5353 UDP packets to the Avahi component.

5.0
2015-04-01 CVE-2015-2808 Oracle
Debian
Redhat
Suse
Opensuse
Canonical
Fujitsu
Huawei
IBM
Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products

The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the "Bar Mitzvah" issue.

5.0
2015-04-01 CVE-2015-1892 IBM Information Exposure vulnerability in IBM products

The Multicast DNS (mDNS) responder in IBM Security Access Manager for Web 7.x before 7.0.0 FP12 and 8.x before 8.0.1 FP1 inadvertently responds to unicast queries with source addresses that are not link-local, which allows remote attackers to cause a denial of service (traffic amplification) or obtain potentially sensitive information via port-5353 UDP packets.

5.0
2015-03-31 CVE-2014-9708 Oracle
Embedthis
Null Pointer Deference Denial of Service vulnerability in Appweb

Embedthis Appweb before 4.6.6 and 5.x before 5.2.1 allows remote attackers to cause a denial of service (NULL pointer dereference) via a Range header with an empty value, as demonstrated by "Range: x=,".

5.0
2015-03-30 CVE-2015-1827 Freeipa
Fedoraproject
Data Processing Errors vulnerability in multiple products

The get_user_grouplist function in the extdom plug-in in FreeIPA before 4.1.4 does not properly reallocate memory when processing user accounts, which allows remote attackers to cause a denial of service (crash) via a group list request for a user that belongs to a large number of groups.

5.0
2015-03-30 CVE-2015-1609 Fedoraproject
Mongodb
Improper Input Validation vulnerability in multiple products

MongoDB before 2.4.13 and 2.6.x before 2.6.8 allows remote attackers to cause a denial of service via a crafted UTF-8 string in a BSON request.

5.0
2015-03-30 CVE-2015-2348 Redhat
Apple
Opensuse
PHP
Permissions, Privileges, and Access Controls vulnerability in multiple products

The move_uploaded_file implementation in ext/standard/basic_functions.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 truncates a pathname upon encountering a \x00 character, which allows remote attackers to bypass intended extension restrictions and create files with unexpected names via a crafted second argument.

5.0
2015-03-30 CVE-2015-1352 Apple
PHP
Denial of Service vulnerability in PHP '/ext/pgsql/pgsql.c' Null Pointer Deference

The build_tablename function in pgsql.c in the PostgreSQL (aka pgsql) extension in PHP through 5.6.7 does not validate token extraction for table names, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted name.

5.0
2015-03-30 CVE-2014-9709 PHP
Opensuse
Libgd
Debian
Canonical
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

The GetCode_ function in gd_gif_in.c in GD 2.1.1 and earlier, as used in PHP before 5.5.21 and 5.6.x before 5.6.5, allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted GIF image that is improperly handled by the gdImageCreateFromGif function.

5.0
2015-03-30 CVE-2014-9652 PHP
File Project
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in PHP

The mconvert function in softmagic.c in file before 5.21, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not properly handle a certain string-length field during a copy of a truncated version of a Pascal string, which might allow remote attackers to cause a denial of service (out-of-bounds memory access and application crash) via a crafted file.

5.0
2015-04-01 CVE-2015-2756 Debian
XEN
Fedoraproject
Canonical
Permissions, Privileges, and Access Controls vulnerability in multiple products

QEMU, as used in Xen 3.3.x through 4.5.x, does not properly restrict access to PCI command registers, which might allow local HVM guest users to cause a denial of service (non-maskable interrupt and host crash) by disabling the (1) memory or (2) I/O decoding for a PCI Express device and then accessing the device, which triggers an Unsupported Request (UR) response.

4.9
2015-04-01 CVE-2015-2752 Fedoraproject
XEN
Improper Input Validation vulnerability in multiple products

The XEN_DOMCTL_memory_mapping hypercall in Xen 3.2.x through 4.5.x, when using a PCI passthrough device, is not preemptible, which allows local x86 HVM domain users to cause a denial of service (host CPU consumption) via a crafted request to the device model (qemu-dm).

4.9
2015-03-30 CVE-2013-6501 PHP
Suse
Injection vulnerability in PHP

The default soap.wsdl_cache_dir setting in (1) php.ini-production and (2) php.ini-development in PHP through 5.6.7 specifies the /tmp directory, which makes it easier for local users to conduct WSDL injection attacks by creating a file under /tmp with a predictable filename that is used by the get_sdl function in ext/soap/php_sdl.c.

4.6
2015-04-03 CVE-2015-0990 Ecava Local Code Execution vulnerability in Ecava Integraxor SCADA Server

Untrusted search path vulnerability in Ecava IntegraXor SCADA Server before 4.2.4488 allows local users to gain privileges via a renamed DLL in the default install directory.

4.4
2015-04-03 CVE-2014-8390 Schneider Electric Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Schneider-Electric Vampset 2.2.145

Multiple buffer overflows in Schneider Electric VAMPSET before 2.2.168 allow local users to gain privileges via malformed disturbance-recording data in a (1) CFG or (2) DAT file.

4.4
2015-03-30 CVE-2015-2789 Foxitsoftware Local Privilege Escalation vulnerability in Foxit Reader

Unquoted Windows search path vulnerability in the Foxit Cloud Safe Update Service in the Cloud plugin in Foxit Reader 6.1 through 7.0.6.1126 allows local users to gain privileges via a Trojan horse program in the %SYSTEMDRIVE% folder.

4.4
2015-04-05 CVE-2015-0950 Qualiteam Cross-site Scripting vulnerability in Qualiteam X-Cart

Cross-site scripting (XSS) vulnerability in admin.php in X-Cart 5.1.6 through 5.1.10 allows remote attackers to inject arbitrary web script or HTML via the substring parameter.

4.3
2015-04-03 CVE-2015-2840 Citrix Cross-site Scripting vulnerability in Citrix Netscaler 10.5

Cross-site scripting (XSS) vulnerability in help/rt/large_search.html in Citrix NetScaler before 10.5 build 52.3nc allows remote attackers to inject arbitrary web script or HTML via the searchQuery parameter.

4.3
2015-04-03 CVE-2015-2839 Citrix Cross-site Scripting vulnerability in Citrix Netscaler 10.5

The Nitro API in Citrix NetScaler before 10.5 build 52.3nc uses an incorrect Content-Type when returning an error message, which allows remote attackers to conduct cross-site scripting (XSS) attacks via the file_name JSON member in params/xen_hotfix/0 to nitro/v1/config/xen_hotfix.

4.3
2015-04-03 CVE-2015-0976 Inductiveautomation Cross-site Scripting vulnerability in Inductiveautomation Ignition 7.7.2

Cross-site scripting (XSS) vulnerability in Inductive Automation Ignition 7.7.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2015-04-01 CVE-2015-2294 Netgate Cross-site Scripting vulnerability in Netgate Pfsense

Multiple cross-site scripting (XSS) vulnerabilities in the WebGUI in pfSense before 2.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) zone parameter to status_captiveportal.php; (2) if or (3) dragtable parameter to firewall_rules.php; (4) queue parameter in an add action to firewall_shaper.php; (5) id parameter in an edit action to services_unbound_acls.php; or (6) filterlogentries_time, (7) filterlogentries_sourceipaddress, (8) filterlogentries_sourceport, (9) filterlogentries_destinationipaddress, (10) filterlogentries_interfaces, (11) filterlogentries_destinationport, (12) filterlogentries_protocolflags, or (13) filterlogentries_qty parameter to diag_logs_filter.php.

4.3
2015-04-01 CVE-2015-0812 Mozilla
Opensuse
Canonical
Code vulnerability in multiple products

Mozilla Firefox before 37.0 does not require an HTTPS session for lightweight theme add-on installations, which allows man-in-the-middle attackers to bypass an intended user-confirmation requirement by deploying a crafted web site and conducting a DNS spoofing attack against a mozilla.org subdomain.

4.3
2015-04-01 CVE-2015-0810 Mozilla
Apple
Improper Input Validation vulnerability in Mozilla Firefox

Mozilla Firefox before 37.0 on OS X does not ensure that the cursor is visible, which allows remote attackers to conduct clickjacking attacks via a Flash object in conjunction with DIV elements associated with layered presentation, and crafted JavaScript code that interacts with an IMG element.

4.3
2015-03-31 CVE-2015-2776 Debian
Gaia GIS
Improper Input Validation vulnerability in multiple products

The parse_SST function in FreeXL before 1.0.0i allows remote attackers to cause a denial of service (memory consumption) via a crafted shared strings table in a workbook.

4.3
2015-03-31 CVE-2015-0901 Flashy Project Cross-site Scripting vulnerability in Flashy Project Flashy 1.3

Cross-site scripting (XSS) vulnerability in the duwasai flashy theme 1.3 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2015-03-31 CVE-2015-0900 Nishishi Cross-site Scripting vulnerability in Nishishi Fumy Teachers Schedule Board

Cross-site scripting (XSS) vulnerability in schedule.cgi in Nishishi Factory Fumy Teacher's Schedule Board 1.10 through 2.21 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

4.3
2015-03-30 CVE-2015-2790 Foxitsoftware Improper Input Validation vulnerability in Foxitsoftware Enterprise Reader, Foxit Reader and Phantompdf

Foxit Reader, Enterprise Reader, and PhantomPDF before 7.1 allow remote attackers to cause a denial of service (memory corruption and crash) via a crafted (1) Ubyte Size in a DataSubBlock structure or (2) LZWMinimumCodeSize in a GIF image.

4.3
2015-04-03 CVE-2015-0994 Inductiveautomation 7PK - Security Features vulnerability in Inductiveautomation Ignition 7.7.2

Inductive Automation Ignition 7.7.2 allows remote authenticated users to bypass a brute-force protection mechanism by using different session ID values in a series of HTTP requests.

4.0
2015-04-03 CVE-2015-0683 Cisco Information Exposure vulnerability in Cisco Unified Communications Domain Manager 8.1(.4)

Cisco Unified Communications Domain Manager 8.1(4) allows remote authenticated users to obtain sensitive information via a file-inclusion attack, aka Bug ID CSCup94744.

4.0
2015-04-01 CVE-2014-9713 Openldap
Debian
Permissions, Privileges, and Access Controls vulnerability in multiple products

The default slapd configuration in the Debian openldap package 2.4.23-3 through 2.4.39-1.1 allows remote authenticated users to modify the user's permissions and other user attributes via unspecified vectors.

4.0
2015-03-31 CVE-2015-2684 Shibboleth
Debian
Improper Input Validation vulnerability in multiple products

Shibboleth Service Provider (SP) before 2.5.4 allows remote authenticated users to cause a denial of service (crash) via a crafted SAML message.

4.0

5 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2015-03-31 CVE-2015-2108 HP Information Exposure vulnerability in HP Operations Orchestration 10.0/9.0

Unspecified vulnerability in Powershell Operations in HP Operations Orchestration 9.x and 10.x allows remote authenticated users to obtain sensitive information via unknown vectors.

3.5
2015-04-05 CVE-2015-0777 XEN
Linux
Information Exposure vulnerability in XEN

drivers/xen/usbback/usbback.c in linux-2.6.18-xen-3.4.0 (aka the Xen 3.4.x support patches for the Linux kernel 2.6.18), as used in the Linux kernel 2.6.x and 3.x in SUSE Linux distributions, allows guest OS users to obtain sensitive information from uninitialized locations in host OS kernel memory via unspecified vectors.

2.1
2015-04-04 CVE-2015-2111 HP
Microsoft
Local Information Disclosure vulnerability in HP Intelligent Provisioning 1.40/1.50/1.60

Unspecified vulnerability in HP Intelligent Provisioning 1.40 through 1.60 on Windows Server 2008 R2 and 2012 allows local users to obtain sensitive information via unknown vectors.

2.1
2015-04-03 CVE-2015-0992 Inductiveautomation Information Exposure vulnerability in Inductiveautomation Ignition 7.7.2

Inductive Automation Ignition 7.7.2 stores cleartext OPC Server credentials, which allows local users to obtain sensitive information via unspecified vectors.

2.1
2015-04-03 CVE-2014-5400 Hospira Information Exposure vulnerability in Hospira Mednet 5.8

The installation component in Hospira MedNet before 6.1 places cleartext credentials in configuration files, which allows local users to obtain sensitive information by reading a file.

2.1