Weekly Vulnerabilities Reports > April 6 to 12, 2015

Overview

121 new vulnerabilities reported during this period, including 7 critical vulnerabilities and 25 high severity vulnerabilities. This weekly summary report vulnerabilities in 77 products from 31 vendors including Apple, IBM, Canonical, Fedoraproject, and Cisco. Vulnerabilities are notably categorized as "Information Exposure", "Improper Input Validation", "Permissions, Privileges, and Access Controls", "Improper Restriction of Operations within the Bounds of a Memory Buffer", and "Cross-site Scripting".

  • 78 reported vulnerabilities are remotely exploitables.
  • 6 reported vulnerabilities have public exploit available.
  • 14 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 114 reported vulnerabilities are exploitable by an anonymous user.
  • Apple has the most reported vulnerabilities, with 68 reported vulnerabilities.
  • IBM has the most reported critical vulnerabilities, with 3 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

7 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2015-04-10 CVE-2015-2806 Canonical
Debian
Fedoraproject
GNU
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Stack-based buffer overflow in asn1_der_decoding in libtasn1 before 4.4 allows remote attackers to have unspecified impact via unknown vectors.

10.0
2015-04-10 CVE-2015-1842 Redhat Credentials Management vulnerability in Redhat Openstack

The puppet manifests in the Red Hat openstack-puppet-modules package before 2014.2.13-2 uses a default password of CHANGEME for the pcsd daemon, which allows remote attackers to execute arbitrary shell commands via unspecified vectors.

10.0
2015-04-10 CVE-2015-1132 Apple Improper Input Validation vulnerability in Apple mac OS X

fontd in Apple Type Services (ATS) in Apple OS X before 10.10.3 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-1131, CVE-2015-1133, CVE-2015-1134, and CVE-2015-1135.

10.0
2015-04-06 CVE-2015-0134 IBM Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IBM Domino

Buffer overflow in the SSLv2 implementation in IBM Domino 8.5.x before 8.5.1 FP5 IF3, 8.5.2 before FP4 IF3, 8.5.3 before FP6 IF6, 9.0 before IF7, and 9.0.1 before FP2 IF3 allows remote attackers to execute arbitrary code via unspecified vectors.

10.0
2015-04-06 CVE-2015-0117 IBM Arbitrary Code Execution vulnerability in IBM Domino

The LDAP Server in IBM Domino 8.5.x before 8.5.3 FP6 IF6 and 9.x before 9.0.1 FP3 IF1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, aka SPR KLYH9SLRGM.

10.0
2015-04-06 CVE-2014-6221 IBM Cryptographic Issues vulnerability in IBM Rational Clearcase

The MSCAPI/MSCNG interface implementation in GSKit in IBM Rational ClearCase 7.1.2.x before 7.1.2.17, 8.0.0.x before 8.0.0.14, and 8.0.1.x before 8.0.1.7 does not properly generate random numbers, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors.

9.4
2015-04-08 CVE-2015-2828 Broadcom Permissions, Privileges, and Access Controls vulnerability in Broadcom Spectrum 9.2/9.3

CA Spectrum 9.2.x and 9.3.x before 9.3 H02 does not properly validate serialized Java objects, which allows remote authenticated users to obtain administrative privileges via crafted object data.

9.0

25 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2015-04-10 CVE-2015-2247 Boosted Unspecified vulnerability in Boosted Boards

Unspecified vulnerability in Boosted Boards skateboards allows physically proximate attackers to modify skateboard movement, cause human injury, or cause physical damage via vectors related to an "injection attack" that blocks and hijacks a Bluetooth signal.

8.3
2015-04-11 CVE-2015-0678 Cisco Improper Input Validation vulnerability in Cisco products

The virtualization layer in Cisco ASA FirePOWER Software before 5.3.1.2 and 5.4.x before 5.4.0.1 and ASA Context-Aware (CX) Software before 9.3.2.1-9 allows remote attackers to cause a denial of service (device reload) by rapidly sending crafted packets to the management interface, aka Bug IDs CSCus11007 and CSCun56954.

7.8
2015-04-08 CVE-2015-0202 Apache
Opensuse
Resource Management Errors vulnerability in multiple products

The mod_dav_svn server in Subversion 1.8.0 through 1.8.11 allows remote attackers to cause a denial of service (memory consumption) via a large number of REPORT requests, which trigger the traversal of FSFS repository nodes.

7.8
2015-04-10 CVE-2015-1149 Apple Numeric Errors vulnerability in Apple Xcode

Integer overflow in the simulator in Swift in Apple Xcode before 6.3 allows context-dependent attackers to cause a denial of service or possibly have unspecified other impact by triggering an incorrect result of a type conversion.

7.5
2015-04-10 CVE-2015-1103 Apple Improper Input Validation vulnerability in Apple Iphone OS, mac OS X and Tvos

The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 makes routing changes in response to ICMP_REDIRECT messages, which allows remote attackers to cause a denial of service (network outage) or obtain sensitive packet-content information via a crafted ICMP packet.

7.5
2015-04-08 CVE-2015-2782 Debian
Fedoraproject
ARJ Software
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Buffer overflow in Open-source ARJ archiver 3.10.22 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ARJ archive.

7.5
2015-04-08 CVE-2015-1317 Canonical
Oxide Project
Use-after-free vulnerability in Oxide before 1.5.6 and 1.6.x before 1.6.1 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code by deleting all WebContents while a RenderProcessHost instance still exists.
7.5
2015-04-08 CVE-2015-1472 Canonical
GNU
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

The ADDW macro in stdio-common/vfscanf.c in the GNU C Library (aka glibc or libc6) before 2.21 does not properly consider data-type size during memory allocation, which allows context-dependent attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a long line containing wide characters that are improperly handled in a wscanf call.

7.5
2015-04-06 CVE-2015-2824 Simple ADS Manager Project SQL Injection vulnerability in Simple ADS Manager Project Simple ADS Manager 2.5.94/2.5.96

Multiple SQL injection vulnerabilities in the Simple Ads Manager plugin before 2.7.97 for WordPress allow remote attackers to execute arbitrary SQL commands via a (1) hits[][] parameter in a sam_hits action to sam-ajax.php; the (2) cstr parameter in a load_posts action to sam-ajax-admin.php; the (3) searchTerm parameter in a load_combo_data action to sam-ajax-admin.php; or the (4) subscriber, (5) contributor, (6) author, (7) editor, (8) admin, or (9) sadmin parameter in a load_users action to sam-ajax-admin.php.

7.5
2015-04-06 CVE-2015-0877 C Board Moyuku Project Remote Code Execution vulnerability in C-Board Moyuku Project C-Board Moyuku 1.01/1.02/1.03

Unrestricted file upload vulnerability in app/lib/mlf.pl in C-BOARD Moyuku before 1.03b3 allows remote attackers to execute arbitrary code by uploading a file with a \0 character in its name.

7.5
2015-04-06 CVE-2015-0119 IBM Improper Access Control vulnerability in IBM Tivoli Storage Manager Fastback

FastBack Mount in IBM Tivoli Storage Manager FastBack 6.1.x before 6.1.11.1 allows remote attackers to execute arbitrary code by connecting to the Mount port.

7.5
2015-04-11 CVE-2015-0692 Cisco Permissions, Privileges, and Access Controls vulnerability in Cisco web Security Appliance 8.5Base

Cisco Web Security Appliance (WSA) devices with software 8.5.0-ise-147 do not properly restrict use of the pickle Python module during certain tunnel-status checks, which allows local users to execute arbitrary Python code and gain privileges via crafted serialized objects, aka Bug ID CSCut39230.

7.2
2015-04-10 CVE-2015-3003 Juniper Permissions, Privileges, and Access Controls vulnerability in Juniper Junos

Juniper Junos 12.1X44 before 12.1X44-D45, 12.1X46 before 12.1X46-D30, 12.1X47 before 12.1X47-D20, 12.3 before 12.3R9, 12.3X48 before 12.3X48-D10, 13.2 before 13.2R6, 13.3 before 13.3R5, 14.1 before 14.1R3, and 14.2 before 14.2R1 allows local users to gain privileges via crafted combinations of CLI commands and arguments.

7.2
2015-04-10 CVE-2015-1144 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X

Buffer overflow in the UniformTypeIdentifiers component in Apple OS X before 10.10.3 allows local users to gain privileges via a crafted Uniform Type Identifier.

7.2
2015-04-10 CVE-2015-1143 Apple Multiple Security vulnerability in Apple Mac OS X Prior to 10.10.3

LaunchServices in Apple OS X before 10.10.3 allows local users to gain privileges via a crafted localized string, related to a "type confusion" issue.

7.2
2015-04-10 CVE-2015-1140 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X

Buffer overflow in IOHIDFamily in Apple OS X before 10.10.3 allows local users to gain privileges via unspecified vectors.

7.2
2015-04-10 CVE-2015-1137 Apple Multiple Security vulnerability in Apple Mac OS X Prior to 10.10.3

The NVIDIA graphics driver in Apple OS X before 10.10.3 allows local users to gain privileges or cause a denial of service (NULL pointer dereference) via an unspecified IOService userclient type.

7.2
2015-04-10 CVE-2015-1135 Apple Improper Input Validation vulnerability in Apple mac OS X

fontd in Apple Type Services (ATS) in Apple OS X before 10.10.3 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-1131, CVE-2015-1132, CVE-2015-1133, and CVE-2015-1134.

7.2
2015-04-10 CVE-2015-1134 Apple Improper Input Validation vulnerability in Apple mac OS X

fontd in Apple Type Services (ATS) in Apple OS X before 10.10.3 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-1131, CVE-2015-1132, CVE-2015-1133, and CVE-2015-1135.

7.2
2015-04-10 CVE-2015-1133 Apple Improper Input Validation vulnerability in Apple mac OS X

fontd in Apple Type Services (ATS) in Apple OS X before 10.10.3 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-1131, CVE-2015-1132, CVE-2015-1134, and CVE-2015-1135.

7.2
2015-04-10 CVE-2015-1131 Apple Improper Input Validation vulnerability in Apple mac OS X

fontd in Apple Type Services (ATS) in Apple OS X before 10.10.3 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-1132, CVE-2015-1133, CVE-2015-1134, and CVE-2015-1135.

7.2
2015-04-10 CVE-2015-1130 Apple 7PK - Security Features vulnerability in Apple mac OS X

The XPC implementation in Admin Framework in Apple OS X before 10.10.3 allows local users to bypass authentication and obtain admin privileges via unspecified vectors.

7.2
2015-04-10 CVE-2015-1095 Apple Unspecified vulnerability in Apple Iphone OS, mac OS X and Tvos

IOHIDFamily in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted HID device.

7.2
2015-04-06 CVE-2015-0179 IBM Permissions, Privileges, and Access Controls vulnerability in IBM Domino

Notes System Diagnostic (NSD) in IBM Domino 8.5.x before 8.5.3 FP6 IF6 and 9.x before 9.0.1 FP3 IF1 allows local users to obtain the System privilege via unspecified vectors, aka SPR TCHL9SST8V.

7.2
2015-04-10 CVE-2015-1102 Apple Improper Input Validation vulnerability in Apple Iphone OS, mac OS X and Tvos

The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 does not properly handle TCP headers, which allows man-in-the-middle attackers to cause a denial of service via unspecified vectors.

7.1

68 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2015-04-10 CVE-2015-3002 Juniper Code vulnerability in Juniper Junos

Juniper Junos 12.1X44 before 12.1X44-D45, 12.1X46 before 12.1X46-D30, 12.1X47 before 12.1X47-D15, and 12.3X48 before 12.3X48-D10 on SRX series devices does not properly enforce the log-out-on-disconnect feature when configured in the [system port console] stanza, which allows physically proximate attackers to reconnect to the console port and gain administrative access by leveraging access to the device.

6.9
2015-04-10 CVE-2015-1117 Apple Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS, mac OS X and Tvos

The (1) setreuid and (2) setregid system-call implementations in the kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 do not properly perform privilege drops, which makes it easier for attackers to execute code with unintended user or group privileges via a crafted app.

6.9
2015-04-10 CVE-2015-1101 Apple Unspecified vulnerability in Apple Iphone OS, mac OS X and Tvos

The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

6.9
2015-04-10 CVE-2015-1086 Apple Improper Input Validation vulnerability in Apple Iphone OS and Tvos

The Audio Drivers subsystem in Apple iOS before 8.3 and Apple TV before 7.2 does not properly validate IOKit object metadata, which allows attackers to execute arbitrary code in a privileged context via a crafted app.

6.9
2015-04-10 CVE-2015-2295 Netgate Cross-Site Request Forgery (CSRF) vulnerability in Netgate Pfsense

Cross-site request forgery (CSRF) vulnerability in system_firmware_restorefullbackup.php in the WebGUI in pfSense before 2.2.1 allows remote attackers to hijack the authentication of administrators for requests that delete arbitrary files via the deletefile parameter.

6.8
2015-04-10 CVE-2015-1139 Apple Improper Input Validation vulnerability in Apple mac OS X

ImageIO in Apple OS X before 10.10.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted .sgi file.

6.8
2015-04-10 CVE-2015-1136 Apple Multiple Security vulnerability in Apple Mac OS X Prior to 10.10.3

Use-after-free vulnerability in CoreAnimation in Apple OS X before 10.10.3 allows remote attackers to execute arbitrary code by leveraging improper use of a mutex.

6.8
2015-04-10 CVE-2015-1124 Apple Memory Corruption vulnerability in WebKit

WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-04-08-1, APPLE-SA-2015-04-08-3, and APPLE-SA-2015-04-08-4.

6.8
2015-04-10 CVE-2015-1123 Apple Memory Corruption vulnerability in Apple Iphone OS and Tvos

WebKit, as used in Apple iOS before 8.3 and Apple TV before 7.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-04-08-3 and APPLE-SA-2015-04-08-4.

6.8
2015-04-10 CVE-2015-1122 Apple Memory Corruption vulnerability in WebKit

WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-04-08-1, APPLE-SA-2015-04-08-3, and APPLE-SA-2015-04-08-4.

6.8
2015-04-10 CVE-2015-1121 Apple Memory Corruption vulnerability in WebKit

WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-04-08-1, APPLE-SA-2015-04-08-3, and APPLE-SA-2015-04-08-4.

6.8
2015-04-10 CVE-2015-1120 Apple Memory Corruption vulnerability in WebKit

WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-04-08-1, APPLE-SA-2015-04-08-3, and APPLE-SA-2015-04-08-4.

6.8
2015-04-10 CVE-2015-1119 Apple Memory Corruption vulnerability in WebKit

WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-04-08-1, APPLE-SA-2015-04-08-3, and APPLE-SA-2015-04-08-4.

6.8
2015-04-10 CVE-2015-1098 Apple Buffer Errors vulnerability in Apple Iphone OS and mac OS X

iWork in Apple iOS before 8.3 and Apple OS X before 10.10.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted iWork file.

6.8
2015-04-10 CVE-2015-1093 Apple Multiple Security vulnerability in Apple Iphone OS and mac OS X

FontParser in Apple iOS before 8.3 and Apple OS X before 10.10.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file.

6.8
2015-04-10 CVE-2015-1088 Apple Improper Input Validation vulnerability in Apple Iphone OS and mac OS X

CFURL in Apple iOS before 8.3 and Apple OS X before 10.10.3 does not properly validate URLs, which allows remote attackers to execute arbitrary code via a crafted web site.

6.8
2015-04-08 CVE-2015-2823 Siemens Improper Authentication vulnerability in Siemens Wincc

Siemens SIMATIC HMI Basic Panels 2nd Generation before WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC HMI Comfort Panels before WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC WinCC Runtime Advanced before WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC WinCC Runtime Professional before WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC HMI Basic Panels 1st Generation (WinCC TIA Portal), SIMATIC HMI Mobile Panel 277 (WinCC TIA Portal), SIMATIC HMI Multi Panels (WinCC TIA Portal), and SIMATIC WinCC 7.x before 7.3 Upd4 allow remote attackers to complete authentication by leveraging knowledge of a password hash without knowledge of the associated password.

6.8
2015-04-08 CVE-2015-0905 Bblog Project Cross-Site Request Forgery (CSRF) vulnerability in Bblog Project Bblog

Cross-site request forgery (CSRF) vulnerability in bBlog allows remote attackers to hijack the authentication of arbitrary users.

6.8
2015-04-06 CVE-2015-1601 Siemens 7PK - Security Features vulnerability in Siemens Simatic Step 7 12/13/5.5

Siemens SIMATIC STEP 7 (TIA Portal) 12 and 13 before 13 SP1 Upd1 allows man-in-the-middle attackers to obtain sensitive information or modify transmitted data via unspecified vectors.

6.8
2015-04-06 CVE-2015-1893 IBM Permissions, Privileges, and Access Controls vulnerability in IBM Websphere Datapower Xc10 Appliance Firmware 2.1.0.0/2.1.0.1/2.1.0.2

The IBM WebSphere DataPower XC10 appliance 2.1 before 2.1.0.3 allows remote attackers to hijack the sessions of arbitrary users, and consequently obtain sensitive information or modify data, via unspecified vectors.

6.8
2015-04-08 CVE-2015-1473 Canonical
GNU
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

The ADDW macro in stdio-common/vfscanf.c in the GNU C Library (aka glibc or libc6) before 2.21 does not properly consider data-type size during a risk-management decision for use of the alloca function, which might allow context-dependent attackers to cause a denial of service (segmentation violation) or overwrite memory locations beyond the stack boundary via a long line containing wide characters that are improperly handled in a wscanf call.

6.4
2015-04-08 CVE-2015-0557 ARJ Software
Fedoraproject
Path Traversal vulnerability in multiple products

Open-source ARJ archiver 3.10.22 does not properly remove leading slashes from paths, which allows remote attackers to conduct absolute path traversal attacks and write to arbitrary files via multiple leading slashes in a path in an ARJ archive.

5.8
2015-04-08 CVE-2015-0556 ARJ Software
Fedoraproject
Link Following vulnerability in multiple products

Open-source ARJ archiver 3.10.22 allows remote attackers to conduct directory traversal attacks via a symlink attack in an ARJ archive.

5.8
2015-04-06 CVE-2015-2167 Ericsson Unspecified vulnerability in Ericsson Drutt Mobile Service Delivery Platform 4.0/5.0/6.0

Open redirect vulnerability in the 3PI Manager in Ericsson Drutt Mobile Service Delivery Platform (MSDP) 4, 5, and 6 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter to jsp/start-3pi-manager.jsp.

5.8
2015-04-08 CVE-2015-3028 Mcafee Permissions, Privileges, and Access Controls vulnerability in Mcafee Advanced Threat Defense 3.4.2.32/3.4.4.14

McAfee Advanced Threat Defense (MATD) before 3.4.4.63 allows remote authenticated users to bypass intended restrictions and change or update configuration settings via crafted parameters.

5.5
2015-04-10 CVE-2015-1100 Apple Buffer Errors vulnerability in Apple Iphone OS, mac OS X and Tvos

The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to cause a denial of service (out-of-bounds memory access) or obtain sensitive memory-content information via a crafted app.

5.4
2015-04-11 CVE-2015-0694 Cisco Improper Access Control vulnerability in Cisco products

Cisco ASR 9000 devices with software 5.3.0.BASE do not recognize that certain ACL entries have a single-host constraint, which allows remote attackers to bypass intended network-resource access restrictions by using an address that was not supposed to have been allowed, aka Bug ID CSCur28806.

5.0
2015-04-10 CVE-2015-3027 Apple Permissions, Privileges, and Access Controls vulnerability in Apple Xcode

Clang in LLVM, as used in Apple Xcode before 6.3, performs incorrect register allocation in a way that triggers stack storage for stack cookie pointers, which might allow context-dependent attackers to bypass a stack-guard protection mechanism via crafted input to an affected C program.

5.0
2015-04-10 CVE-2015-2779 Quassel IRC Resource Management Errors vulnerability in Quassel-Irc Quassel

Stack consumption vulnerability in the message splitting functionality in Quassel before 0.12-rc1 allows remote attackers to cause a denial of service (uncontrolled recursion) via a crafted massage.

5.0
2015-04-10 CVE-2015-2778 Quassel IRC Resource Management Errors vulnerability in Quassel-Irc Quassel

Quassel before 0.12-rc1 uses an incorrect data-type size when splitting a message, which allows remote attackers to cause a denial of service (crash) via a long CTCP query containing only multibyte characters.

5.0
2015-04-10 CVE-2015-1148 Apple Information Exposure vulnerability in Apple mac OS X

Screen Sharing in Apple OS X before 10.10.3 stores the password of a user in a log file, which might allow context-dependent attackers to obtain sensitive information by reading this file.

5.0
2015-04-10 CVE-2015-1147 Apple Information Exposure vulnerability in Apple mac OS X

Open Directory Client in Apple OS X before 10.10.3 sends unencrypted password-change requests in certain circumstances involving missing certificates, which allows remote attackers to obtain sensitive information by sniffing the network.

5.0
2015-04-10 CVE-2015-1128 Apple Information Exposure vulnerability in Apple Safari

The private-browsing implementation in Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5 allows attackers to obtain sensitive browsing-history information via vectors involving push-notification requests.

5.0
2015-04-10 CVE-2015-1118 Apple Unspecified vulnerability in Apple Iphone OS, mac OS X and Tvos

libnetcore in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to cause a denial of service (memory corruption and application crash) via a crafted configuration profile.

5.0
2015-04-10 CVE-2015-1112 Apple Information Exposure vulnerability in Apple Iphone OS and Safari

Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, as used on iOS before 8.3 and other platforms, does not properly delete browsing-history data from the history.plist file, which allows attackers to obtain sensitive information by reading this file.

5.0
2015-04-10 CVE-2015-1111 Apple Information Exposure vulnerability in Apple Iphone OS

Safari in Apple iOS before 8.3 does not delete Recently Closed Tabs data in response to a history-clearing action, which allows attackers to obtain sensitive information by reading a history file.

5.0
2015-04-10 CVE-2015-1110 Apple Information Exposure vulnerability in Apple Iphone OS and Tvos

The Podcasts component in Apple iOS before 8.3 and Apple TV before 7.2 allows remote attackers to discover unique identifiers by reading asset-download request data.

5.0
2015-04-10 CVE-2015-1105 Apple Improper Input Validation vulnerability in Apple Iphone OS, mac OS X and Tvos

The TCP implementation in the kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 does not properly implement the Urgent (aka out-of-band data) mechanism, which allows remote attackers to cause a denial of service via crafted packets.

5.0
2015-04-10 CVE-2015-1104 Apple Improper Input Validation vulnerability in Apple Iphone OS, mac OS X and Tvos

The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 does not properly determine whether an IPv6 packet had a local origin, which allows remote attackers to bypass an intended network-filtering protection mechanism via a crafted packet.

5.0
2015-04-10 CVE-2015-1092 Apple Information Disclosure vulnerability in Apple Iphone OS and Tvos

NSXMLParser in Foundation in Apple iOS before 8.3 and Apple TV before 7.2 allows remote attackers to read arbitrary files via an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

5.0
2015-04-10 CVE-2015-1090 Apple Information Exposure vulnerability in Apple Iphone OS

CFNetwork in Apple iOS before 8.3 does not delete HTTP Strict Transport Security (HSTS) state information in response to a Safari history-clearing action, which allows attackers to obtain sensitive information by reading a history file.

5.0
2015-04-10 CVE-2015-1089 Apple Information Exposure vulnerability in Apple Iphone OS and mac OS X

CFNetwork in Apple iOS before 8.3 and Apple OS X before 10.10.3 does not properly handle cookies during processing of redirects in HTTP responses, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.

5.0
2015-04-08 CVE-2015-0248 Apache
Opensuse
Apple
Redhat
Oracle
Resource Management Errors vulnerability in multiple products

The (1) mod_dav_svn and (2) svnserve servers in Subversion 1.6.0 through 1.7.19 and 1.8.0 through 1.8.11 allow remote attackers to cause a denial of service (assertion failure and abort) via crafted parameter combinations related to dynamically evaluated revision numbers.

5.0
2015-04-08 CVE-2015-0798 Oracle
Mozilla
Google
Permissions, Privileges, and Access Controls vulnerability in multiple products

The Reader mode feature in Mozilla Firefox before 37.0.1 on Android, and Desktop Firefox pre-release, does not properly handle privileged URLs, which makes it easier for remote attackers to execute arbitrary JavaScript code with chrome privileges by leveraging the ability to bypass the Same Origin Policy.

5.0
2015-04-06 CVE-2015-2166 Ericsson Path Traversal vulnerability in Ericsson Drutt Mobile Service Delivery Platform 4.0/5.0/6.0

Directory traversal vulnerability in the Instance Monitor in Ericsson Drutt Mobile Service Delivery Platform (MSDP) 4, 5, and 6 allows remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the default URI.

5.0
2015-04-10 CVE-2015-1141 Apple Multiple Security vulnerability in Apple Mac OS X Prior to 10.10.3

The mach_vm_read functionality in the kernel in Apple OS X before 10.10.3 allows local users to cause a denial of service (system crash) via unspecified vectors.

4.9
2015-04-10 CVE-2015-1138 Apple Improper Input Validation vulnerability in Apple mac OS X

Hypervisor in Apple OS X before 10.10.3 allows local users to cause a denial of service via unspecified vectors.

4.9
2015-04-10 CVE-2015-1115 Apple Improper Access Control vulnerability in Apple Iphone OS

The Telephony component in Apple iOS before 8.3 allows attackers to bypass a sandbox protection mechanism and access unintended telephone capabilities via a crafted app.

4.4
2015-04-10 CVE-2015-3008 Digium Cryptographic Issues vulnerability in Digium Asterisk and Certified Asterisk

Asterisk Open Source 1.8 before 1.8.32.3, 11.x before 11.17.1, 12.x before 12.8.2, and 13.x before 13.3.2 and Certified Asterisk 1.8.28 before 1.8.28-cert5, 11.6 before 11.6-cert11, and 13.1 before 13.1-cert2, when registering a SIP TLS device, does not properly handle a null byte in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.

4.3
2015-04-10 CVE-2015-3005 Juniper Cross-Site Scripting vulnerability in Juniper Junos

Cross-site scripting (XSS) vulnerability in the Dynamic VPN in Juniper Junos 12.1X44 before 12.1X44-D45, 12.1X46 before 12.1X46-D30, 12.1X47 before 12.1X47-D20, and 12.3X48 before 12.3X48-D10 on SRX series devices allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2015-04-10 CVE-2015-3004 Juniper Improper Input Validation vulnerability in Juniper Junos

J-Web in Juniper Junos 11.4 before 11.4R12, 12.1X44 before 12.1X44-D35, 12.1X46 before 12.1X46-D25, 12.1X47 before 12.1X47-D10, 12.3X48 before 12.3X48-D10, 12.2 before 12.2R9, 12.3 before 12.3R7, 13.2 before 13.2R6, 13.2X51 before 13.2X51-D20, 13.3 before 13.3R5, 14.1 before 14.1R3, 14.1X53 before 14.1X53-D10, and 14.2 before 14.2R1 allows remote attackers to conduct clickjacking attacks via an X-Frame-Options header.

4.3
2015-04-10 CVE-2015-1129 Apple Cryptographic Issues vulnerability in Apple Iphone OS and Safari

Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5 does not properly select X.509 client certificates, which makes it easier for remote attackers to track users via a crafted web site.

4.3
2015-04-10 CVE-2015-1126 Apple Improper Input Validation vulnerability in Apple Iphone OS and Safari

WebKit, as used in Apple iOS before 8.3 and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, does not properly handle the userinfo field in FTP URLs, which allows remote attackers to trigger incorrect resource access via unspecified vectors.

4.3
2015-04-10 CVE-2015-1125 Apple Code vulnerability in Apple Iphone OS

The touch-events implementation in WebKit in Apple iOS before 8.3 allows remote attackers to trigger an association between a tap and an unintended web resource via a crafted web site.

4.3
2015-04-10 CVE-2015-1091 Apple Information Exposure vulnerability in Apple Iphone OS and mac OS X

The CFNetwork Session component in Apple iOS before 8.3 and Apple OS X before 10.10.3 does not properly handle request headers during processing of redirects in HTTP responses, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.

4.3
2015-04-10 CVE-2013-7436 Kanaka Cryptographic Issues vulnerability in Kanaka Novnc 0.4

noVNC before 0.5 does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.

4.3
2015-04-08 CVE-2015-2822 Siemens Improper Input Validation vulnerability in Siemens Wincc 5.0/7.0/7.1

Siemens SIMATIC HMI Comfort Panels before WinCC (TIA Portal) 13 SP1 Upd2 and SIMATIC WinCC Runtime Advanced before WinCC (TIA Portal) 13 SP1 Upd2 allow man-in-the-middle attackers to cause a denial of service via crafted packets on TCP port 102.

4.3
2015-04-08 CVE-2015-1799 NTP Code vulnerability in NTP

The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP 3.x and 4.x before 4.2.8p2 performs state-variable updates upon receiving certain invalid packets, which makes it easier for man-in-the-middle attackers to cause a denial of service (synchronization loss) by spoofing the source IP address of a peer.

4.3
2015-04-08 CVE-2015-0799 Canonical
Opensuse
Mozilla
Improper Input Validation vulnerability in multiple products

The HTTP Alternative Services feature in Mozilla Firefox before 37.0.1 allows man-in-the-middle attackers to bypass an intended X.509 certificate-verification step for an SSL server by specifying that server in the uri-host field of an Alt-Svc HTTP/2 response header.

4.3
2015-04-08 CVE-2015-1773 Apache Cross-Site Scripting vulnerability in Apache Flex 4.14.0

Cross-site scripting (XSS) vulnerability in asdoc/templates/index.html in Apache Flex before 4.14.1 allows remote attackers to inject arbitrary web script or HTML by providing a crafted URI to JavaScript code generated by the asdoc component.

4.3
2015-04-07 CVE-2015-0876 Saurus Cross-Site Scripting vulnerability in Saurus CMS 4.7.0

Multiple cross-site scripting (XSS) vulnerabilities in the print_language_selectbox function in classes/adminpage.inc.php in Saurus CMS Community Edition before 4.7 2015-02-04 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2015-04-07 CVE-2015-0690 Cisco Cross-Site Scripting vulnerability in Cisco Wireless LAN Controller Software

Cross-site scripting (XSS) vulnerability in the HTML help system on Cisco Wireless LAN Controller (WLC) devices before 8.0 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCun95178.

4.3
2015-04-06 CVE-2015-2165 Ericsson Cross-Site Scripting vulnerability in Ericsson Drutt Mobile Service Delivery Platform 4.0/5.0/6.0

Multiple cross-site scripting (XSS) vulnerabilities in the Report Viewer in Ericsson Drutt Mobile Service Delivery Platform (MSDP) 4.x, 5.x, and 6.x allow remote attackers to inject arbitrary web script or HTML via the (1) portal, (2) fromDate, (3) toDate, (4) fromTime, (5) toTime, (6) kword, (7) uname, (8) pname, (9) sname, (10) atype, or (11) atitle parameter to top-links.jsp; (12) portal or (13) uid parameter to (a) page-summary.jsp or (b) service-summary.jsp; (14) portal, (15) fromDate, (16) toDate, (17) fromTime, (18) toTime, (19) sortDirection, (20) kword, (21) uname, (22) pname, (23) sname, (24) file, (25) atype, or (26) atitle parameter to (c) top-useragent-devices.jsp or (d) top-interest-areas.jsp; (27) fromDate, (28) toDate, (29) fromTime, (30) toTime, (31) sortDirection, (32) kword, (33) uname, (34) pname, (35) sname, (36) file, (37) atype, or (38) atitle parameter to top-message-services.jsp; (39) portal, (40) fromDate, (41) toDate, (42) fromTime, (43) toTime, (44) orderBy, (45) sortDirection, (46) kword, (47) uname, (48) pname, (49) sname, (50) file, (51) atype, or (52) atitle parameter to (e) user-statistics.jsp, (f) top-web-pages.jsp, (g) top-devices.jsp, (h) top-pages.jsp, (i) session-summary.jsp, (j) top-providers.jsp, (k) top-modules.jsp, or (l) top-services.jsp; (53) fromDate, (54) toDate, (55) fromTime, (56) toTime, (57) orderBy, (58) sortDirection, (59) uid, (60) uid2, (61) kword, (62) uname, (63) pname, (64) sname, (65) file, (66) atype, or (67) atitle parameter to message-shortcode-summary.jsp; (68) fromDate, (69) toDate, (70) fromTime, (71) toTime, (72) orderBy, (73) sortDirection, (74) uid, (75) kword, (76) uname, (77) pname, (78) sname, (79) file, (80) atype, or (81) atitle parameter to (m) message-providers-summary.jsp or (n) message-services-summary.jsp; (82) kword, (83) uname, (84) pname, (85) sname, (86) file, (87) atype, or (88) atitle parameter to license-summary.jsp; (89) portal, (90) fromDate, (91) toDate, (92) fromTime, (93) toTime, (94) orderBy, (95) sortDirection, (96) uid, (97) uid2, (98) kword, (99) uname, (100) pname, (101) sname, (102) file, (103) atype, or (104) atitle parameter to useragent-device-summary.jsp; (105) fromDate, (106) toDate, (107) fromTime, (108) toTime, (109) orderBy, (110) sortDirection, (111) kword, (112) uname, (113) pname, (114) sname, (115) file, (116) atype, or (117) atitle parameter to (o) top-message-providers.jsp, (p) top-message-devices.jsp, (q) top-message-assets.jsp, (r) top-message-downloads.jsp, or (s) top-message-shortcode.jsp; (118) fromDate, (119) toDate, (120) fromTime, (121) toTime, (122) kword, (123) uname, (124) pname, (125) sname, (126) file, (127) atype, or (128) atitle parameter to request-summary.jsp; (129) portal parameter to link-summary-select.jsp, (130) provider-summary-select.jsp, or (131) module-summary-select.jsp; (132) portal, (133) uid, (134) kword, (135) uname, (136) pname, (137) sname, (138) file, (139) atype, or (140) atitle parameter to link-summary.jsp; (141) portal, (142) fromDate, (143) toDate, (144) fromTime, (145) toTime, (146) orderBy, (147) sortDirection, (148) uid, (149) kword, (150) uname, (151) pname, (152) sname, (153) file, (154) atype, or (155) atitle parameter to (t) provider-summary.jsp or (u) module-summary.jsp in reports/pages/.

4.3
2015-04-06 CVE-2015-1843 Redhat Improper Input Validation vulnerability in Redhat Docker 1.5.027

The Red Hat docker package before 1.5.0-28, when using the --add-registry option, falls back to HTTP when the HTTPS connection to the registry fails, which allows man-in-the-middle attackers to conduct downgrade attacks and obtain authentication and image data by leveraging a network position between the client and the registry to block HTTPS traffic.

4.3
2015-04-10 CVE-2015-1099 Apple Race Condition vulnerability in Apple Iphone OS, mac OS X and Tvos

Race condition in the setreuid system-call implementation in the kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to cause a denial of service via a crafted app.

4.0
2015-04-08 CVE-2015-3030 Mcafee Information Exposure vulnerability in Mcafee Advanced Threat Defense 3.4.2.32/3.4.4.14

The web interface in McAfee Advanced Threat Defense (MATD) before 3.4.4.63 allows remote authenticated users to obtain sensitive configuration information via unspecified vectors.

4.0
2015-04-08 CVE-2015-3029 Mcafee Permissions, Privileges, and Access Controls vulnerability in Mcafee Advanced Threat Defense 3.4.2.32/3.4.4.14

The web interface in McAfee Advanced Threat Defense (MATD) before 3.4.4.63 does not properly restrict access, which allows remote authenticated users to obtain sensitive information via unspecified vectors.

4.0
2015-04-08 CVE-2015-0251 Apache
Opensuse
Redhat
Oracle
Apple
Insufficient Verification of Data Authenticity vulnerability in multiple products

The mod_dav_svn server in Subversion 1.5.0 through 1.7.19 and 1.8.0 through 1.8.11 allows remote authenticated users to spoof the svn:author property via a crafted v1 HTTP protocol request sequences.

4.0

21 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2015-04-08 CVE-2015-2827 Broadcom Cross-Site Scripting vulnerability in Broadcom Spectrum 9.2/9.3

Cross-site scripting (XSS) vulnerability in CA Spectrum 9.2.x and 9.3.x before 9.3 H02 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

3.5
2015-04-06 CVE-2015-1890 IBM Information Exposure vulnerability in IBM General Parallel File System 4.1

/usr/lpp/mmfs/bin/gpfs.snap in IBM General Parallel File System (GPFS) 4.1 before 4.1.0.7 produces an archive potentially containing cleartext keys, and lacks a warning about reviewing this archive to detect included keys, which might allow remote attackers to obtain sensitive information by leveraging access to a technical-support data stream.

3.5
2015-04-10 CVE-2015-1415 Freebsd Information Exposure vulnerability in Freebsd

The bsdinstall installer in FreeBSD 10.x before 10.1 p9, when configuring full disk encrypted ZFS, uses world-readable permissions for the GELI keyfile (/boot/encryption.key), which allows local users to obtain sensitive key information by reading the file.

2.1
2015-04-10 CVE-2015-1142 Apple Improper Input Validation vulnerability in Apple mac OS X

LaunchServices in Apple OS X before 10.10.3 allows local users to cause a denial of service (Finder crash) via crafted localization data.

2.1
2015-04-10 CVE-2015-1127 Apple Information Exposure vulnerability in Apple Safari

The private-browsing implementation in WebKit in Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5 places browsing history into an index, which might allow local users to obtain sensitive information by reading index entries.

2.1
2015-04-10 CVE-2015-1116 Apple Information Exposure vulnerability in Apple Iphone OS

The UIKit View component in Apple iOS before 8.3 displays unblurred application snapshots in the Task Switcher, which makes it easier for physically proximate attackers to obtain sensitive information by reading the device screen.

2.1
2015-04-10 CVE-2015-1109 Apple Information Exposure vulnerability in Apple Iphone OS

NetworkExtension in Apple iOS before 8.3 stores credentials in VPN configuration logs, which makes it easier for physically proximate attackers to obtain sensitive information by reading a log file.

2.1
2015-04-10 CVE-2015-1108 Apple Information Exposure vulnerability in Apple Iphone OS

The Lock Screen component in Apple iOS before 8.3 does not properly enforce the limit on incorrect passcode-authentication attempts, which makes it easier for physically proximate attackers to obtain access by making many passcode guesses.

2.1
2015-04-10 CVE-2015-1106 Apple Information Exposure vulnerability in Apple Iphone OS

The QuickType feature in the Keyboards subsystem in Apple iOS before 8.3 allows physically proximate attackers to discover passcodes by reading the lock screen during use of a Bluetooth keyboard.

2.1
2015-04-10 CVE-2015-1087 Apple Path Traversal vulnerability in Apple Iphone OS

Directory traversal vulnerability in Backup in Apple iOS before 8.3 allows attackers to read arbitrary files via a crafted relative path.

2.1
2015-04-06 CVE-2015-1602 Siemens Information Exposure vulnerability in Siemens Simatic Step 7 12.0/13.0/5.5

Siemens SIMATIC STEP 7 (TIA Portal) 12 and 13 before 13 SP1 Upd1 improperly stores password data within project files, which makes it easier for local users to determine cleartext (1) protection-level passwords or (2) web-server passwords by leveraging the ability to read these files.

2.1
2015-04-10 CVE-2015-1146 Apple Cryptographic Issues vulnerability in Apple mac OS X

The Code Signing implementation in Apple OS X before 10.10.3 does not properly validate signatures, which allows local users to bypass intended access restrictions via a crafted bundle, a different vulnerability than CVE-2015-1145.

1.9
2015-04-10 CVE-2015-1145 Apple Cryptographic Issues vulnerability in Apple mac OS X

The Code Signing implementation in Apple OS X before 10.10.3 does not properly validate signatures, which allows local users to bypass intended access restrictions via a crafted bundle, a different vulnerability than CVE-2015-1146.

1.9
2015-04-10 CVE-2015-1114 Apple Information Exposure vulnerability in Apple Iphone OS and Tvos

The Sandbox Profiles component in Apple iOS before 8.3 and Apple TV before 7.2 allows attackers to discover hardware identifiers via a crafted app.

1.9
2015-04-10 CVE-2015-1113 Apple Information Exposure vulnerability in Apple Iphone OS

The Sandbox Profiles component in Apple iOS before 8.3 allows attackers to read the (1) telephone number or (2) e-mail address of a recent contact via a crafted app.

1.9
2015-04-10 CVE-2015-1107 Apple Multiple Security vulnerability in Apple iOS APPLE-SA-2015-04-08-3

The Lock Screen component in Apple iOS before 8.3 does not properly implement the erasure feature for incorrect passcode-authentication attempts, which makes it easier for physically proximate attackers to obtain access by making many passcode guesses.

1.9
2015-04-10 CVE-2015-1097 Apple Information Exposure vulnerability in Apple Iphone OS and Tvos

IOMobileFramebuffer in Apple iOS before 8.3 and Apple TV before 7.2 allows attackers to obtain sensitive information about kernel memory via a crafted app.

1.9
2015-04-10 CVE-2015-1096 Apple Information Exposure vulnerability in Apple Iphone OS, mac OS X and Tvos

IOHIDFamily in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to obtain sensitive information about kernel memory via a crafted app.

1.9
2015-04-10 CVE-2015-1094 Apple Information Exposure vulnerability in Apple Iphone OS and Tvos

IOAcceleratorFamily in Apple iOS before 8.3 and Apple TV before 7.2 allows attackers to obtain sensitive information about kernel memory via a crafted app.

1.9
2015-04-10 CVE-2015-1085 Apple Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS

AppleKeyStore in Apple iOS before 8.3 does not properly restrict a certain passcode-confirmation interface, which makes it easier for attackers to verify correct passcode guesses via a crafted app.

1.9
2015-04-08 CVE-2015-1798 NTP Code vulnerability in NTP

The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p2 requires a correct MAC only if the MAC field has a nonzero length, which makes it easier for man-in-the-middle attackers to spoof packets by omitting the MAC.

1.8