Weekly Vulnerabilities Reports > November 23 to 29, 2015
Overview
41 new vulnerabilities reported during this period, including 3 critical vulnerabilities and 12 high severity vulnerabilities. This weekly summary report vulnerabilities in 58 products from 21 vendors including Redhat, Jenkins, Nvidia, Microsoft, and CSL Dualcom. Vulnerabilities are notably categorized as "Permissions, Privileges, and Access Controls", "Information Exposure", "Improper Access Control", "Improper Input Validation", and "Resource Management Errors".
- 32 reported vulnerabilities are remotely exploitables.
- 3 reported vulnerabilities have public exploit available.
- 10 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 33 reported vulnerabilities are exploitable by an anonymous user.
- Redhat has the most reported vulnerabilities, with 14 reported vulnerabilities.
- Siemens has the most reported critical vulnerabilities, with 1 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
3 Critical Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2015-11-24 | CVE-2015-5053 | Nvidia | Improper Access Control vulnerability in Nvidia GPU Driver The host memory mapping path feature in the NVIDIA GPU graphics driver R346 before 346.87 and R352 before 352.41 for Linux and R352 before 352.46 for GRID vGPU and vSGA does not properly restrict access to third-party device IO memory, which allows attackers to gain privileges, cause a denial of service (resource consumption), or possibly have unspecified other impact via unknown vectors related to the follow_pfn kernel-mode API call. | 10.0 |
| 2015-11-25 | CVE-2015-8103 | Redhat Jenkins | Deserialization of Untrusted Data vulnerability in multiple products The Jenkins CLI subsystem in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to execute arbitrary code via a crafted serialized Java object, related to a problematic webapps/ROOT/WEB-INF/lib/commons-collections-*.jar file and the "Groovy variant in 'ysoserial'". | 9.8 |
| 2015-11-27 | CVE-2015-8214 | Siemens | Permissions, Privileges, and Access Controls vulnerability in Siemens products Siemens SIMATIC CP 343-1 Advanced devices before 3.0.44, CP 343-1 Lean devices, CP 343-1 devices, TIM 3V-IE devices, TIM 3V-IE Advanced devices, TIM 3V-IE DNP3 devices, TIM 4R-IE devices, TIM 4R-IE DNP3 devices, CP 443-1 devices, and CP 443-1 Advanced devices might allow remote attackers to obtain administrative access via a session on TCP port 102. | 9.7 |
12 High Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2015-11-27 | CVE-2015-6848 | EMC | Improper Access Control vulnerability in EMC Isilon Onefs EMC Isilon OneFS 7.1.x before 7.1.1.5, 7.2.0.x before 7.2.0.3, and 7.2.1.x before 7.2.1.1, when the RFC 2307 feature is configured but SFU is not universally present, allows remote authenticated AD users to obtain root privileges via unspecified vectors. | 8.5 |
| 2015-11-24 | CVE-2015-8227 | Huawei | Improper Input Validation vulnerability in Huawei VP 9660 Firmware V200R001C01/V200R001C02 The built-in web server in Huawei VP9660 multi-point control unit with software before V200R001C30SPC700 allows remote administrators to obtain sensitive information or cause a denial of service via a crafted message. | 8.5 |
| 2015-11-24 | CVE-2015-8330 | SAP | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in SAP Plant Connectivity The PCo agent in SAP Plant Connectivity (PCo) allows remote attackers to cause a denial of service (memory corruption and agent crash) via crafted xMII requests, aka SAP Security Note 2238619. | 7.8 |
| 2015-11-24 | CVE-2015-6377 | Cisco | Resource Management Errors vulnerability in Cisco Virtual Topology System 2.0(0)/2.0(1) Cisco Virtual Topology System (VTS) 2.0(0) and 2.0(1) allows remote attackers to cause a denial of service (CPU and memory consumption, and TCP port outage) via a flood of crafted TCP packets, aka Bug ID CSCux13379. | 7.8 |
| 2015-11-24 | CVE-2015-7865 | Nvidia Microsoft | Improper Access Control vulnerability in Nvidia GPU Driver nvSCPAPISvr.exe in the Stereoscopic 3D Driver Service in the NVIDIA GPU graphics driver R340 before 341.92, R352 before 354.35, and R358 before 358.87 on Windows does not properly restrict access to the stereosvrpipe named pipe, which allows local users to gain privileges via a commandline in a number 2 command, which is stored in the HKEY_LOCAL_MACHINE explorer Run registry key, a different vulnerability than CVE-2011-4784. | 7.7 |
| 2015-11-25 | CVE-2015-5325 | Redhat Jenkins | Improper Access Control vulnerability in multiple products Jenkins before 1.638 and LTS before 1.625.2 allow attackers to bypass intended slave-to-master access restrictions by leveraging a JNLP slave. | 7.5 |
| 2015-11-25 | CVE-2015-7287 | CSL Dualcom | Credentials Management vulnerability in CSL Dualcom Gprs Cs2300-R Firmware 1.25/3.53 CSL DualCom GPRS CS2300-R devices with firmware 1.25 through 3.53 use the same 001984 default PIN across different customers' installations, which allows remote attackers to execute commands by leveraging knowledge of this PIN and including it in an SMS message. | 7.5 |
| 2015-11-24 | CVE-2015-7808 | Vbulletin | Improper Input Validation vulnerability in Vbulletin The vB_Api_Hook::decodeArguments method in vBulletin 5 Connect 5.1.2 through 5.1.9 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object in the arguments parameter to ajax/api/hook/decodeArguments. | 7.5 |
| 2015-11-26 | CVE-2015-6857 | HP | Local Code Execution vulnerability in HP Loadrunner and Performance Center Unspecified vulnerability in Virtual Table Server (VTS) in HP LoadRunner 11.52, 12.00, 12.01, 12.02, and 12.50 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-3138. | 7.2 |
| 2015-11-24 | CVE-2015-7985 | Valvesoftware | Incorrect Default Permissions vulnerability in Valvesoftware Steam Client 2.10.91.91 Valve Steam 2.10.91.91 uses weak permissions (Users: read and write) for the Install folder, which allows local users to gain privileges via a Trojan horse steam.exe file. | 7.2 |
| 2015-11-24 | CVE-2015-7866 | Nvidia Microsoft | Unspecified vulnerability in Nvidia GPU Driver Unquoted Windows search path vulnerability in the Smart Maximize Helper (nvSmartMaxApp.exe) in the Control Panel in the NVIDIA GPU graphics driver R340 before 341.92, R352 before 354.35, and R358 before 358.87 on Windows allows local users to gain privileges via a Trojan horse application, as demonstrated by C:\Program.exe. | 7.2 |
| 2015-11-24 | CVE-2015-7496 | Fedoraproject Gnome | Permissions, Privileges, and Access Controls vulnerability in multiple products GNOME Display Manager (gdm) before 3.18.2 allows physically proximate attackers to bypass the lock screen by holding the Escape key. | 7.2 |
25 Medium Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2015-11-25 | CVE-2015-5318 | Jenkins Redhat | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Jenkins before 1.638 and LTS before 1.625.2 uses a publicly accessible salt to generate CSRF protection tokens, which makes it easier for remote attackers to bypass the CSRF protection mechanism via a brute force attack. | 6.8 |
| 2015-11-23 | CVE-2015-5451 | HP | Cross-Site Request Forgery (CSRF) vulnerability in HP Operations Orchestration Cross-site request forgery (CSRF) vulnerability in HP Operations Orchestration Central 10.x before 10.22.001 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | 6.8 |
| 2015-11-24 | CVE-2015-8328 | Nvidia Microsoft | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Nvidia GPU Driver Unspecified vulnerability in the NVAPI support layer in the NVIDIA GPU graphics driver R340 before 341.92, R352 before 354.35, and R358 before 358.87 on Windows allows local users to obtain sensitive information, cause a denial of service (crash), or possibly gain privileges via unknown vectors. | 6.6 |
| 2015-11-24 | CVE-2015-7869 | Canonical Nvidia Linux Microsoft | Numeric Errors vulnerability in multiple products Multiple integer overflows in the kernel mode driver for the NVIDIA GPU graphics driver R340 before 341.92, R352 before 354.35, and R358 before 358.87 on Windows and R304 before 304.131, R340 before 340.96, R352 before 352.63, and R358 before 358.16 on Linux allow local users to obtain sensitive information, cause a denial of service (crash), or possibly gain privileges via unknown vectors, which trigger uninitialized or out of bounds memory access. | 6.6 |
| 2015-11-25 | CVE-2015-5323 | Redhat Jenkins | Permissions, Privileges, and Access Controls vulnerability in multiple products Jenkins before 1.638 and LTS before 1.625.2 do not properly restrict access to API tokens which might allow remote administrators to gain privileges and run scripts by using an API token of another user. | 6.5 |
| 2015-11-24 | CVE-2015-6380 | Cisco | OS Command Injection vulnerability in Cisco Firepower Extensible Operating System 1.1(1.160) An unspecified script in the web interface in Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower 9000 devices allows remote authenticated users to execute arbitrary OS commands via crafted parameters, aka Bug ID CSCux10622. | 6.5 |
| 2015-11-25 | CVE-2015-7286 | CSL Dualcom | Cryptographic Issues vulnerability in CSL Dualcom Gprs Cs2300-R Firmware 1.25/3.53 CSL DualCom GPRS CS2300-R devices with firmware 1.25 through 3.53 rely on a polyalphabetic substitution cipher with hardcoded keys, which makes it easier for remote attackers to defeat a cryptographic protection mechanism by capturing IP or V.22bis PSTN protocol traffic. | 6.4 |
| 2015-11-25 | CVE-2015-5242 | Redhat | Code Injection vulnerability in Redhat Gluster Storage 3.1 OpenStack Swift-on-File (aka Swiftonfile) does not properly restrict use of the pickle Python module when loading metadata, which allows remote authenticated users to execute arbitrary code via a crafted extended attribute (xattrs). | 6.0 |
| 2015-11-25 | CVE-2015-7285 | CSL Dualcom | Improper Authentication vulnerability in CSL Dualcom Gprs Cs2300-R Firmware 1.25/3.53 CSL DualCom GPRS CS2300-R devices with firmware 1.25 through 3.53 do not require authentication from Alarm Receiving Center (ARC) servers, which allows man-in-the-middle attackers to bypass intended access restrictions via a spoofed HSxx response. | 5.8 |
| 2015-11-26 | CVE-2015-6382 | Cisco | Resource Management Errors vulnerability in Cisco ASR 5000 Series Software 16.0(900) Cisco ASR 5000 devices with software 16.0(900) allow remote attackers to cause a denial of service (telnetd process restart) via a TELNET connection, aka Bug ID CSCuv25815. | 5.0 |
| 2015-11-25 | CVE-2015-5324 | Jenkins Redhat | Permissions, Privileges, and Access Controls vulnerability in multiple products Jenkins before 1.638 and LTS before 1.625.2 allow remote attackers to obtain sensitive information via a direct request to queue/api. | 5.0 |
| 2015-11-25 | CVE-2015-5322 | Redhat Jenkins | Path Traversal vulnerability in multiple products Directory traversal vulnerability in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to list directory contents and read arbitrary files in the Jenkins servlet resources via directory traversal sequences in a request to jnlpJars/. | 5.0 |
| 2015-11-25 | CVE-2015-5321 | Redhat Jenkins | Information Exposure vulnerability in multiple products The sidepanel widgets in the CLI command overview and help pages in Jenkins before 1.638 and LTS before 1.625.2 allow remote attackers to obtain sensitive information via a direct request to the pages. | 5.0 |
| 2015-11-25 | CVE-2015-5320 | Redhat Jenkins | Information Exposure vulnerability in multiple products Jenkins before 1.638 and LTS before 1.625.2 do not properly verify the shared secret used in JNLP slave connections, which allows remote attackers to connect as slaves and obtain sensitive information or possibly gain administrative access by leveraging knowledge of the name of a slave. | 5.0 |
| 2015-11-25 | CVE-2015-5319 | Redhat Jenkins | XML external entity (XXE) vulnerability in the create-job CLI command in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to read arbitrary files via a crafted job configuration that is then used in an "XML-aware tool," as demonstrated by get-job and update-job. | 5.0 |
| 2015-11-25 | CVE-2015-5317 | Jenkins Redhat | Information Exposure vulnerability in Jenkins The Fingerprints pages in Jenkins before 1.638 and LTS before 1.625.2 might allow remote attackers to obtain sensitive job and build name information via a direct request. | 5.0 |
| 2015-11-24 | CVE-2015-8329 | SAP | Cryptographic Issues vulnerability in SAP Manufacturing Integration and Intelligence 12.2/14.0/15.0 SAP Manufacturing Integration and Intelligence (aka MII, formerly xMII) uses weak encryption (Base64 and DES), which allows attackers to conduct downgrade attacks and decrypt passwords via unspecified vectors, aka SAP Security Note 2240274. | 5.0 |
| 2015-11-24 | CVE-2015-7981 | Canonical Debian Redhat Libpng | Information Exposure vulnerability in multiple products The png_convert_to_rfc1123 function in png.c in libpng 1.0.x before 1.0.64, 1.2.x before 1.2.54, and 1.4.x before 1.4.17 allows remote attackers to obtain sensitive process memory information via crafted tIME chunk data in an image file, which triggers an out-of-bounds read. | 5.0 |
| 2015-11-23 | CVE-2015-8320 | Apache | Weak Randomization Security Bypass vulnerability in Apache Cordova For Android Apache Cordova-Android before 3.7.0 improperly generates random values for BridgeSecret data, which makes it easier for attackers to conduct bridge hijacking attacks by predicting a value. | 5.0 |
| 2015-11-24 | CVE-2015-0856 | Fedoraproject Sddm Project | Permissions, Privileges, and Access Controls vulnerability in multiple products daemon/Greeter.cpp in sddm before 0.13.0 does not properly disable the KDE crash handler, which allows local users to gain privileges by crashing a greeter when using certain themes, as demonstrated by the plasma-workspace breeze theme. | 4.6 |
| 2015-11-25 | CVE-2015-5326 | Jenkins Redhat | Cross-site Scripting vulnerability in Jenkins Cross-site scripting (XSS) vulnerability in the slave overview page in Jenkins before 1.638 and LTS before 1.625.2 allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via the slave offline status message. | 4.3 |
| 2015-11-25 | CVE-2015-7288 | CSL Dualcom | 7PK - Security Features vulnerability in CSL Dualcom Gprs Cs2300-R Firmware 1.25/3.53 CSL DualCom GPRS CS2300-R devices with firmware 1.25 through 3.53 allow remote attackers to modify the configuration via a command in an SMS message, as demonstrated by a "4 2" command. | 4.3 |
| 2015-11-23 | CVE-2015-5256 | Apache | Permissions, Privileges, and Access Controls vulnerability in Apache Cordova Apache Cordova-Android before 4.1.0, when an application relies on a remote server, improperly implements a JavaScript whitelist protection mechanism, which allows attackers to bypass intended access restrictions via a crafted URI. | 4.3 |
| 2015-11-24 | CVE-2015-8229 | Huawei | Improper Input Validation vulnerability in Huawei Espace Firmware Huawei eSpace U2980 unified gateway with software before V100R001C10 and U2990 with software before V200R001C10 allow remote authenticated users to cause a denial of service via crafted signaling packets from a registered device. | 4.0 |
| 2015-11-24 | CVE-2015-8228 | Huawei | Path Traversal vulnerability in Huawei AR Firmware Directory traversal vulnerability in the SFTP server in Huawei AR 120, 150, 160, 200, 500, 1200, 2200, 3200, and 3600 routers with software before V200R006SPH003 allows remote authenticated users to access arbitrary directories via unspecified vectors. | 4.0 |
1 Low Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2015-11-24 | CVE-2015-5281 | Redhat | Permissions, Privileges, and Access Controls vulnerability in Redhat Enterprise Linux 7.0 The grub2 package before 2.02-0.29 in Red Hat Enterprise Linux (RHEL) 7, when used on UEFI systems, allows local users to bypass intended Secure Boot restrictions and execute non-verified code via a crafted (1) multiboot or (2) multiboot2 module in the configuration file or physically proximate attackers to bypass intended Secure Boot restrictions and execute non-verified code via the (3) boot menu. | 2.6 |