Weekly Vulnerabilities Reports > July 20 to 26, 2015
Overview
48 new vulnerabilities reported during this period, including 6 critical vulnerabilities and 7 high severity vulnerabilities. This weekly summary report vulnerabilities in 82 products from 27 vendors including IBM, Cisco, Opensuse, Rubyonrails, and Microsoft. Vulnerabilities are notably categorized as "Cross-site Scripting", "Information Exposure", "Improper Input Validation", "Improper Access Control", and "Resource Management Errors".
- 44 reported vulnerabilities are remotely exploitables.
- 1 reported vulnerabilities have public exploit available.
- 14 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 30 reported vulnerabilities are exploitable by an anonymous user.
- IBM has the most reported vulnerabilities, with 14 reported vulnerabilities.
- Cisco has the most reported critical vulnerabilities, with 2 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
6 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2015-07-24 | CVE-2015-4262 | Cisco | Credentials Management vulnerability in Cisco Unified Meetingplace web Conferencing The password-change feature in Cisco Unified MeetingPlace Web Conferencing before 8.5(5) MR3 and 8.6 before 8.6(2) does not check the session ID or require entry of the current password, which allows remote attackers to reset arbitrary passwords via a crafted HTTP request, aka Bug ID CSCuu51839. | 10.0 |
2015-07-20 | CVE-2015-5124 | Adobe Apple Microsoft Opensuse Linux | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler before 18.0.0.180 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-3117, CVE-2015-3123, CVE-2015-3130, CVE-2015-3133, CVE-2015-3134, and CVE-2015-4431. | 10.0 |
2015-07-23 | CVE-2015-1276 | Google Debian Redhat Opensuse | Use-after-free vulnerability in content/browser/indexed_db/indexed_db_backing_store.cc in the IndexedDB implementation in Google Chrome before 44.0.2403.89 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging an abort action before a certain write operation. | 9.8 |
2015-07-20 | CVE-2015-2426 | Microsoft | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft products Buffer underflow in atmfd.dll in the Windows Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a crafted OpenType font, aka "OpenType Font Driver Vulnerability." | 9.3 |
2015-07-20 | CVE-2014-9196 | Eaton | 7PK - Security Features vulnerability in Eaton Proview Eaton Cooper Power Systems ProView 4.0 and 5.0 before 5.0 11 on Form 6 controls and Idea and IdeaPLUS relays generates TCP initial sequence number (ISN) values linearly, which makes it easier for remote attackers to spoof TCP sessions by predicting an ISN value. | 9.3 |
2015-07-24 | CVE-2015-4235 | Cisco | Permissions, Privileges, and Access Controls vulnerability in Cisco products Cisco Application Policy Infrastructure Controller (APIC) devices with software before 1.0(3o) and 1.1 before 1.1(1j) and Nexus 9000 ACI devices with software before 11.0(4o) and 11.1 before 11.1(1j) do not properly restrict access to the APIC filesystem, which allows remote authenticated users to obtain root privileges via unspecified use of the APIC cluster-management configuration feature, aka Bug IDs CSCuu72094 and CSCuv11991. | 9.0 |
7 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2015-07-21 | CVE-2015-5611 | FCA | Remote Privilege Escalation vulnerability in FCA Uconnect 15.26.1 Unspecified vulnerability in Uconnect before 15.26.1, as used in certain Fiat Chrysler Automobiles (FCA) from 2013 to 2015 models, allows remote attackers in the same cellular network to control vehicle movement, cause human harm or physical damage, or modify dashboard settings via vectors related to modification of entertainment-system firmware and access of the CAN bus due to insufficient "Radio security protection," as demonstrated on a 2014 Jeep Cherokee Limited FWD. | 8.3 |
2015-07-20 | CVE-2015-1935 | IBM | Code vulnerability in IBM DB2 The scalar-function implementation in IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 before FP5, and 10.5 through FP5 on Linux, UNIX, and Windows allows remote attackers to cause a denial of service or execute arbitrary code via unspecified vectors. | 8.0 |
2015-07-23 | CVE-2015-4527 | EMC | Information Exposure vulnerability in EMC Avamar Server and Avamar Server Virtual Edition Directory traversal vulnerability in EMC Avamar Server 7.x before 7.1.2 and Avamar Virtual Addition (AVE) 7.x before 7.1.2 allows remote attackers to read arbitrary files by using the Avamar Desktop/Laptop client interface to send crafted parameters. | 7.8 |
2015-07-21 | CVE-2015-4283 | Cisco | Resource Management Errors vulnerability in Cisco Videoscape Policy Resource Manager 3.5.4 Cisco Videoscape Policy Resource Manager (PRM) 3.5.4 allows remote attackers to cause a denial of service (CPU and memory consumption, and TCP service outage) via (1) a SYN flood or (2) another type of TCP traffic flood, aka Bug IDs CSCuu35104 and CSCuu35128. | 7.8 |
2015-07-21 | CVE-2015-4554 | Tibco | Multiple Unspecified vulnerability in Multiple TIBCO Products Multiple unspecified vulnerabilities in TIBCO Spotfire Client and Spotfire Web Player Client in Spotfire Analyst before 5.5.2, 6.0.x before 6.0.3, 6.5.x before 6.5.3, and 7.0.x before 7.0.1; Spotfire Analytics Platform for AWS 6.5 and 7.0.x before 7.0.1; Spotfire Automation Services before 5.5.2, 6.0.x before 6.0.3, 6.5.x before 6.5.3, and 7.0.x before 7.0.1; Spotfire Deployment Kit before 5.5.2, 6.0.x before 6.0.3, 6.5.x before 6.5.3, and 7.0.x before 7.0.1; Spotfire Desktop before 6.5.2 and 7.0.x before 7.0.1; Spotfire Desktop Language Packs 7.0.x before 7.0.1; Spotfire Professional before 5.5.2, 6.0.x before 6.0.3, 6.5.x before 6.5.3, and 7.0.x before 7.0.1; Spotfire Web Player before 5.5.2, 6.0.x before 6.0.3, 6.5.x before 6.5.3, and 7.0.x before 7.0.1; and Silver Fabric Enabler for Spotfire Web Player before 2.1.1 allow remote attackers to execute arbitrary code or obtain sensitive information via unknown vectors. | 7.5 |
2015-07-20 | CVE-2015-4279 | Cisco | OS Command Injection vulnerability in Cisco Unified Computing System 2.2(3B) The Manager component in Cisco Unified Computing System (UCS) 2.2(3b) on B Blade Server devices allows local users to gain privileges for executing arbitrary CLI commands by leveraging access to the subordinate fabric interconnect, aka Bug ID CSCut32778. | 7.2 |
2015-07-24 | CVE-2015-0681 | Cisco | Resource Management Errors vulnerability in Cisco IOS and IOS XE The TFTP server in Cisco IOS 12.2(44)SQ1, 12.2(33)XN1, 12.4(25e)JAM1, 12.4(25e)JAO5m, 12.4(23)JY, 15.0(2)ED1, 15.0(2)EY3, 15.1(3)SVF4a, and 15.2(2)JB1 and IOS XE 2.5.x, 2.6.x, 3.1.xS, 3.2.xS, 3.3.xS, 3.4.xS, and 3.5.xS before 3.6.0S; 3.1.xSG, 3.2.xSG, and 3.3.xSG before 3.4.0SG; 3.2.xSE before 3.3.0SE; 3.2.xXO before 3.3.0XO; 3.2.xSQ; 3.3.xSQ; and 3.4.xSQ allows remote attackers to cause a denial of service (device hang or reload) via multiple requests that trigger improper memory management, aka Bug ID CSCts66733. | 7.1 |
28 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2015-07-20 | CVE-2015-2418 | Microsoft | Race Condition vulnerability in Microsoft Malicious Software Removal Tool Race condition in Microsoft Malicious Software Removal Tool (MSRT) before 5.26 allows local users to gain privileges via a crafted DLL, aka "MSRT Race Condition Vulnerability." | 6.9 |
2015-07-26 | CVE-2015-2848 | Honeywell | Cross-Site Request Forgery (CSRF) vulnerability in Honeywell Tuxedo Touch Cross-site request forgery (CSRF) vulnerability in Honeywell Tuxedo Touch before 5.2.19.0_VA allows remote attackers to hijack the authentication of arbitrary users for requests associated with home-automation commands, as demonstrated by a door-unlock command. | 6.8 |
2015-07-22 | CVE-2015-4281 | Cisco | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Webex Meetings Server 2.5(1) Cross-site request forgery (CSRF) vulnerability in Cisco WebEx Meetings Server 2.5 MR1 allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCus56150 and CSCus56146. | 6.8 |
2015-07-20 | CVE-2015-4111 | Blackberry | Improper Input Validation vulnerability in Blackberry Link mc_demux_mp4_ds.ax in an unspecified third-party codec demux in BlackBerry Link before 1.2.3.53 with installer before 1.1.0.22 allows remote attackers to execute arbitrary code via a crafted MP4 file. | 6.8 |
2015-07-20 | CVE-2015-0157 | IBM | Improper Input Validation vulnerability in IBM DB2 IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 before FP5, and 10.5 through FP5 on Linux, UNIX, and Windows allows remote authenticated users to cause a denial of service (daemon crash) by leveraging an unspecified scalar function in a SQL statement. | 6.8 |
2015-07-21 | CVE-2015-2134 | HP | Cross-Site Request Forgery (CSRF) vulnerability in HP System Management Homepage Cross-site request forgery (CSRF) vulnerability in HP System Management Homepage (SMH) before 7.5.0 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors. | 6.0 |
2015-07-26 | CVE-2015-3227 | Opensuse Rubyonrails | XML Parsing Remote Denial of Service vulnerability in Ruby on Rails activesupport The (1) jdom.rb and (2) rexml.rb components in Active Support in Ruby on Rails before 4.1.11 and 4.2.x before 4.2.2, when JDOM or REXML is enabled, allow remote attackers to cause a denial of service (SystemStackError) via a large XML document depth. | 5.0 |
2015-07-26 | CVE-2015-3225 | Rack Project Opensuse Debian | Data Processing Errors vulnerability in multiple products lib/rack/utils.rb in Rack before 1.5.4 and 1.6.x before 1.6.2, as used with Ruby on Rails 3.x and 4.x and other products, allows remote attackers to cause a denial of service (SystemStackError) via a request with a large parameter depth. | 5.0 |
2015-07-26 | CVE-2015-1840 | Fedoraproject Rubyonrails Opensuse | Information Exposure vulnerability in multiple products jquery_ujs.js in jquery-rails before 3.1.3 and 4.x before 4.0.4 and rails.js in jquery-ujs before 1.0.4, as used with Ruby on Rails 3.x and 4.x, allow remote attackers to bypass the Same Origin Policy, and trigger transmission of a CSRF token to a different-domain web server, via a leading space character in a URL within an attribute value. | 5.0 |
2015-07-26 | CVE-2015-2847 | Honeywell | Improper Access Control vulnerability in Honeywell Tuxedo Touch Honeywell Tuxedo Touch before 5.2.19.0_VA relies on client-side authentication involving JavaScript, which allows remote attackers to bypass intended access restrictions by removing USERACCT requests from the client-server data stream. | 5.0 |
2015-07-26 | CVE-2015-4945 | IBM | Information Exposure vulnerability in IBM Maximo Anywhere 7.5.1.0/7.5.1.1/7.5.1.2 Unspecified vulnerability in the IBM Maximo Anywhere application 7.5.1 through 7.5.1.2 for Android allows attackers to bypass a passcode protection mechanism and obtain sensitive information via a crafted application. | 5.0 |
2015-07-26 | CVE-2015-2975 | Research Artisan | Authentication Bypass vulnerability in Research Artisan Lite Research Artisan Lite before 1.18 does not ensure that a user has authenticated, which allows remote attackers to perform unspecified actions via unknown vectors. | 5.0 |
2015-07-23 | CVE-2015-4285 | Cisco | Resource Management Errors vulnerability in Cisco IOS XR The Local Packet Transport Services (LPTS) implementation in Cisco IOS XR 5.1.2, 5.1.3, 5.2.1, and 5.2.2 on ASR9k devices makes incorrect decisions about the opening of TCP and UDP ports during the processing of flow base entries, which allows remote attackers to cause a denial of service (resource consumption) by sending traffic to these ports continuously, aka Bug ID CSCur88273. | 5.0 |
2015-07-22 | CVE-2015-4284 | Cisco | Improper Input Validation vulnerability in Cisco IOS XR 5.3.0 The Concurrent Data Management Replication process in Cisco IOS XR 5.3.0 on ASR 9000 devices allows remote attackers to cause a denial of service (BGP process reload) via malformed BGPv4 packets, aka Bug ID CSCur70670. | 5.0 |
2015-07-21 | CVE-2015-2869 | Ghisler | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Ghisler Total Commander The FileInfo plugin before 2.22 for Ghisler Total Commander allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via (1) a large Size value in the Archive Member Header of a COFF Archive Library file, (2) a large Number Of Symbols value in the 1st Linker Member of a COFF Archive Library file, (3) a large Resource Table Count value in the LE Header of a Linear Executable file, or (4) a large value in a certain Object field in a Resource Table Entry in a Linear Executable file. | 5.0 |
2015-07-26 | CVE-2015-3226 | Rubyonrails | Cross-site Scripting vulnerability in Rubyonrails Rails and Ruby ON Rails Cross-site scripting (XSS) vulnerability in json/encoding.rb in Active Support in Ruby on Rails 3.x and 4.1.x before 4.1.11 and 4.2.x before 4.2.2 allows remote attackers to inject arbitrary web script or HTML via a crafted Hash that is mishandled during JSON encoding. | 4.3 |
2015-07-26 | CVE-2015-3224 | Rubyonrails | Improper Access Control vulnerability in Rubyonrails web Console 2.1.2 request.rb in Web Console before 2.1.3, as used with Ruby on Rails 3.x and 4.x, does not properly restrict the use of X-Forwarded-For headers in determining a client's IP address, which allows remote attackers to bypass the whitelisted_ips protection mechanism via a crafted request. | 4.3 |
2015-07-25 | CVE-2015-2976 | Research Artisan | Cross-site Scripting vulnerability in Research-Artisan Research Artisan Lite Multiple cross-site scripting (XSS) vulnerabilities in Research Artisan Lite before 1.18 allow remote attackers to inject arbitrary web script or HTML via (1) a crafted HTML document or (2) a crafted URL that is mishandled during access-log analysis. | 4.3 |
2015-07-24 | CVE-2015-2973 | Collne | Cross-site Scripting vulnerability in Collne Welcart Multiple cross-site scripting (XSS) vulnerabilities in the Welcart plugin before 1.4.18 for WordPress allow remote attackers to inject arbitrary web script or HTML via the usces_referer parameter to (1) classes/usceshop.class.php, (2) includes/edit-form-advanced.php, (3) includes/edit-form-advanced30.php, (4) includes/edit-form-advanced34.php, (5) includes/member_edit_form.php, (6) includes/order_edit_form.php, (7) includes/order_list.php, or (8) includes/usces_item_master_list.php, related to admin.php. | 4.3 |
2015-07-22 | CVE-2014-0611 | Novell | Cross-site Scripting vulnerability in Novell Groupwise Multiple cross-site scripting (XSS) vulnerabilities in WebAccess in Novell GroupWise 2012 before Support Pack 4 and 2014 before Support Pack 2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2015-07-20 | CVE-2015-2863 | Kaseya | Open Redirection vulnerability in Kaseya Virtual System Administrator Open redirect vulnerability in Kaseya Virtual System Administrator (VSA) 7.x before 7.0.0.29, 8.x before 8.0.0.18, 9.0 before 9.0.0.14, and 9.1 before 9.1.0.4 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | 4.3 |
2015-07-21 | CVE-2015-1905 | IBM | Permissions, Privileges, and Access Controls vulnerability in IBM Business Process Manager The REST API in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, 8.5.5 through 8.5.5.0, and 8.5.6 through 8.5.6.0 allows remote authenticated users to bypass intended access restrictions on task-variable value changes via unspecified vectors. | 4.0 |
2015-07-21 | CVE-2015-5610 | Solarwinds | Information Exposure vulnerability in Solarwinds N-Able N-Central The RSM (aka RSMWinService) service in SolarWinds N-Able N-Central before 9.5.1.4514 uses the same password decryption key across different customers' installations, which makes it easier for remote authenticated users to obtain the cleartext domain-administrator password by locating the encrypted password within HTML source code and then leveraging knowledge of this key from another installation. | 4.0 |
2015-07-20 | CVE-2015-2862 | Kaseya | Path Traversal vulnerability in Kaseya Virtual System Administrator Directory traversal vulnerability in Kaseya Virtual System Administrator (VSA) 7.x before 7.0.0.29, 8.x before 8.0.0.18, 9.0 before 9.0.0.14, and 9.1 before 9.1.0.4 allows remote authenticated users to read arbitrary files via a crafted HTTP request. | 4.0 |
2015-07-20 | CVE-2015-1984 | IBM | Permissions, Privileges, and Access Controls vulnerability in IBM Infosphere Master Data Management IBM InfoSphere Master Data Management Collaborative Edition 9.1, 10.1, 11.0, 11.3, and 11.4 before FP03 allows remote authenticated users to bypass intended access restrictions and read arbitrary profiles via unspecified vectors, as demonstrated by discovering usernames for use in brute-force attacks. | 4.0 |
2015-07-20 | CVE-2015-1982 | IBM | Information Exposure vulnerability in IBM Infosphere Master Data Management IBM InfoSphere Master Data Management Collaborative Edition 9.1, 10.1, 11.0, 11.3, and 11.4 before FP03 allows remote authenticated users to obtain sensitive information via a crafted request, which reveals the full path in an error message. | 4.0 |
2015-07-20 | CVE-2015-1883 | IBM | Information Exposure vulnerability in IBM DB2 IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 before FP5, and 10.5 through FP5 on Linux, UNIX, and Windows allows remote authenticated users to read certain administrative files via crafted use of an automated-maintenance policy stored procedure. | 4.0 |
2015-07-20 | CVE-2014-8910 | IBM | Injection vulnerability in IBM DB2 IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 before FP5, and 10.5 through FP5 on Linux, UNIX, and Windows allows remote authenticated users to read arbitrary text files via a crafted XML/XSLT function in a SELECT statement. | 4.0 |
7 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2015-07-21 | CVE-2015-1906 | IBM | Cross-site Scripting vulnerability in IBM Business Process Manager Cross-site scripting (XSS) vulnerability in the REST API in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, 8.5.5 through 8.5.5.0, and 8.5.6 through 8.5.6.0 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | 3.5 |
2015-07-20 | CVE-2015-1980 | IBM | Improper Input Validation vulnerability in IBM Infosphere Master Data Management IBM InfoSphere Master Data Management Collaborative Edition 9.1, 10.1, 11.0, 11.3, and 11.4 before FP03 allows remote authenticated users to conduct clickjacking attacks via unspecified vectors. | 3.5 |
2015-07-20 | CVE-2015-1979 | IBM | Cross-site Scripting vulnerability in IBM Case Manager 5.2.1/5.2.1.1 Multiple cross-site scripting (XSS) vulnerabilities in the Error dialog in IBM Case Manager 5.2.1 before 5.2.1.2 allow remote authenticated users to inject arbitrary web script or HTML via crafted input to the (1) addressability or (2) comments component. | 3.5 |
2015-07-20 | CVE-2015-1968 | IBM | Cross-site Scripting vulnerability in IBM Infosphere Master Data Management Cross-site scripting (XSS) vulnerability in IBM InfoSphere Master Data Management Collaborative Edition 9.1, 10.1, 11.0, 11.3, and 11.4 before FP03 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | 3.5 |
2015-07-20 | CVE-2015-1922 | IBM | Improper Access Control vulnerability in IBM DB2 The Data Movement implementation in IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 before FP5, and 10.5 through FP5 on Linux, UNIX, and Windows allows remote authenticated users to bypass intended access restrictions and delete table rows via unspecified vectors. | 3.5 |
2015-07-20 | CVE-2015-0130 | IBM | Cross-site Scripting vulnerability in IBM products Cross-site scripting (XSS) vulnerability in Jazz Team Server in Jazz Foundation in IBM Rational Collaborative Lifecycle Management (CLM) 4.x before 4.0.7 IF6 and 5.x before 5.0.2 IF5; Rational Quality Manager (RQM) 4.x before 4.0.7 IF6 and 5.x before 5.0.2 IF5; Rational Team Concert (RTC) 4.x before 4.0.7 IF6 and 5.x before 5.0.2 IF5; Rational Requirements Composer (RRC) 4.x through 4.0.7; and Rational DOORS Next Generation (RDNG) 4.x before 4.0.7 IF6 and 5.x before 5.0.2 IF5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | 3.5 |
2015-07-22 | CVE-2015-5464 | Gemalto | Improper Access Control vulnerability in Gemalto products The Gemalto SafeNet Luna HSM allows remote authenticated users to bypass intended key-export restrictions by leveraging (1) crypto-user or (2) crypto-officer access to an HSM partition. | 1.3 |