Weekly Vulnerabilities Reports > December 21 to 27, 2015
Overview
52 new vulnerabilities reported during this period, including 6 critical vulnerabilities and 15 high severity vulnerabilities. This weekly summary report vulnerabilities in 73 products from 30 vendors including IBM, Ewon, Adcon, Ffmpeg, and RSI Video Technologies. Vulnerabilities are notably categorized as "Information Exposure", "Cross-site Scripting", "Permissions, Privileges, and Access Controls", "Improper Restriction of Operations within the Bounds of a Memory Buffer", and "Improper Input Validation".
- 49 reported vulnerabilities are remotely exploitables.
- 13 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 48 reported vulnerabilities are exploitable by an anonymous user.
- IBM has the most reported vulnerabilities, with 6 reported vulnerabilities.
- Google has the most reported critical vulnerabilities, with 1 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
6 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2015-12-24 | CVE-2015-7930 | Adcon | Multiple Security vulnerability in Adcon Telemetry A840 Telemetry Gateway ICSA-15-349-01 Adcon Telemetry A840 Telemetry Gateway Base Station has hardcoded credentials, which allows remote attackers to obtain administrative access via unspecified vectors. | 10.0 |
2015-12-23 | CVE-2015-7911 | Saia Burgess Controls | Credentials Management vulnerability in Saia Burgess Controls products Saia Burgess PCD1.M0xx0, PCD1.M2xx0, PCD2.M5xx0, PCD3.Mxx60, PCD3.Mxxx0, PCD7.D4xxD, PCD7.D4xxV, PCD7.D4xxWTPF, and PCD7.D4xxxT5F devices before 1.24.50 and PCD3.T665 and PCD3.T666 devices before 1.24.41 have hardcoded credentials, which allows remote attackers to obtain administrative access via an FTP session. | 10.0 |
2015-12-21 | CVE-2015-7906 | Loytec | Credentials Management vulnerability in Loytec L-Switch and L-Ip Firmware 6.0.1 LOYTEC LIP-3ECTB 6.0.1, LINX-100, LVIS-3E100, and LIP-ME201 devices allow remote attackers to read a password-hash backup file via unspecified vectors. | 10.0 |
2015-12-24 | CVE-2015-6792 | Unspecified vulnerability in Google Chrome The MIDI subsystem in Google Chrome before 47.0.2526.106 does not properly handle the sending of data, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors, related to midi_manager.cc, midi_manager_alsa.cc, and midi_manager_mac.cc, a different vulnerability than CVE-2015-8664. | 9.8 | |
2015-12-21 | CVE-2015-7908 | Honeywell | Information Exposure vulnerability in Honeywell Midas Black Firmware and Midas Firmware Honeywell Midas gas detectors before 1.13b3 and Midas Black gas detectors before 2.13b3 allow remote attackers to discover cleartext passwords by sniffing the network. | 9.3 |
2015-12-21 | CVE-2015-4545 | EMC | Permissions, Privileges, and Access Controls vulnerability in EMC Isilon Onefs EMC Isilon OneFS 7.1 before 7.1.1.8, 7.2.0 before 7.2.0.4, and 7.2.1 before 7.2.1.1 allows remote authenticated administrators to bypass a SmartLock root-login restriction by creating a root account and establishing a login session. | 9.0 |
15 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2015-12-24 | CVE-2015-8664 | Numeric Errors vulnerability in Google Chrome Integer overflow in the WebCursor::Deserialize function in content/common/cursors/webcursor.cc in Google Chrome before 47.0.2526.106 allows remote attackers to cause a denial of service or possibly have unspecified other impact via an RGBA pixel array with crafted dimensions, a different vulnerability than CVE-2015-6792. | 8.8 | |
2015-12-24 | CVE-2015-8663 | Ffmpeg | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Ffmpeg 2.8.3 The ff_get_buffer function in libavcodec/utils.c in FFmpeg before 2.8.4 preserves width and height values after a failure, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via a crafted .mov file. | 8.3 |
2015-12-24 | CVE-2015-8661 | Ffmpeg | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Ffmpeg The h264_slice_header_init function in libavcodec/h264_slice.c in FFmpeg before 2.8.3 does not validate the relationship between the number of threads and the number of slices, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted H.264 data. | 8.3 |
2015-12-27 | CVE-2015-6538 | Ephiphanyheathdata | Unspecified vulnerability in Ephiphanyheathdata Cardio Server 3.3/4.0/4.1 The login page in Epiphany Cardio Server 3.3, 4.0, and 4.1 mishandles authentication requests, which allows remote attackers to conduct LDAP injection attacks, and consequently bypass intended access restrictions, via a crafted URL. | 7.5 |
2015-12-27 | CVE-2015-6537 | Epiphanyhealthdata | SQL Injection vulnerability in Epiphanyhealthdata Cardio Server 3.3 SQL injection vulnerability in the login page in Epiphany Cardio Server 3.3 allows remote attackers to execute arbitrary SQL commands via a crafted URL. | 7.5 |
2015-12-24 | CVE-2015-8267 | Dovestones | Permissions, Privileges, and Access Controls vulnerability in Dovestones AD Self Password Reset 3.0.3.0 The PasswordReset.Controllers.ResetController.ChangePasswordIndex method in PasswordReset.dll in Dovestones AD Self Password Reset before 3.0.4.0 allows remote attackers to reset arbitrary passwords via a crafted request with a valid username. | 7.5 |
2015-12-23 | CVE-2015-7924 | Ewon | Multiple Security vulnerability in Ewon Firmware 10.0S0 eWON devices with firmware before 10.1s0 do not trigger the discarding of browser session data in response to a log-off action, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation. | 7.5 |
2015-12-21 | CVE-2015-6481 | Moxa | Unspecified vulnerability in Moxa Oncell Central Manager 2.0 The login function in the RequestController class in Moxa OnCell Central Manager before 2.2 has a hardcoded root password, which allows remote attackers to obtain administrative access via a login session. | 7.5 |
2015-12-21 | CVE-2015-6480 | Moxa | Improper Authentication vulnerability in Moxa Oncell Central Manager 2.0 The MessageBrokerServlet servlet in Moxa OnCell Central Manager before 2.2 does not require authentication, which allows remote attackers to obtain administrative access via a command, as demonstrated by the addUserAndGroup action. | 7.5 |
2015-12-21 | CVE-2015-6934 | Vmware | Improper Input Validation vulnerability in VMWare Vcenter Orchestrator and Vrealize Orchestrator Serialized-object interfaces in VMware vRealize Orchestrator 6.x, vCenter Orchestrator 5.x, vRealize Operations 6.x, vCenter Operations 5.x, and vCenter Application Discovery Manager (vADM) 7.x allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library. | 7.5 |
2015-12-24 | CVE-2015-8662 | Ffmpeg | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Ffmpeg The ff_dwt_decode function in libavcodec/jpeg2000dwt.c in FFmpeg before 2.8.4 does not validate the number of decomposition levels before proceeding with Discrete Wavelet Transform decoding, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JPEG 2000 data. | 7.3 |
2015-12-21 | CVE-2015-1836 | IBM Apache | Improper Access Control vulnerability in multiple products Apache HBase 0.98 before 0.98.12.1, 1.0 before 1.0.1.1, and 1.1 before 1.1.0.1, as used in IBM InfoSphere BigInsights 3.0, 3.0.0.1, and 3.0.0.2 and other products, uses incorrect ACLs for ZooKeeper coordination state, which allows remote attackers to cause a denial of service (daemon outage), obtain sensitive information, or modify data via unspecified client traffic. | 7.3 |
2015-12-21 | CVE-2015-1772 | IBM Apache | Improper Authentication vulnerability in multiple products The LDAP implementation in HiveServer2 in Apache Hive before 1.0.1 and 1.1.x before 1.1.1, as used in IBM InfoSphere BigInsights 3.0, 3.0.0.1, and 3.0.0.2 and other products, mishandles simple unauthenticated and anonymous bind configurations, which allows remote attackers to bypass authentication via a crafted LDAP request. | 7.3 |
2015-12-23 | CVE-2015-6851 | RSA | Improper Access Control vulnerability in RSA Securid web Agent EMC RSA SecurID Web Agent before 8.0 allows physically proximate attackers to bypass the privacy-screen protection mechanism by leveraging an unattended workstation and running DOM Inspector. | 7.2 |
2015-12-22 | CVE-2015-8373 | ISC | Improper Input Validation vulnerability in ISC KEA 0.9.2/1.0.0 The kea-dhcp4 and kea-dhcp6 servers 0.9.2 and 1.0.0-beta in ISC Kea, when certain debugging settings are used, allow remote attackers to cause a denial of service (daemon crash) via a malformed packet. | 7.1 |
31 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2015-12-27 | CVE-2015-6005 | Progress | Cross-site Scripting vulnerability in Progress Whatsup Gold Multiple cross-site scripting (XSS) vulnerabilities in IPSwitch WhatsUp Gold before 16.4 allow remote attackers to inject arbitrary web script or HTML via (1) an SNMP OID object, (2) an SNMP trap message, (3) the View Names field, (4) the Group Names field, (5) the Flow Monitor Credentials field, (6) the Flow Monitor Threshold Name field, (7) the Task Library Name field, (8) the Task Library Description field, (9) the Policy Library Name field, (10) the Policy Library Description field, (11) the Template Library Name field, (12) the Template Library Description field, (13) the System Script Library Name field, (14) the System Script Library Description field, or (15) the CLI Settings Library Description field. | 6.9 |
2015-12-23 | CVE-2015-7917 | Opcsystems | DLL Loading Local Privilege Escalation vulnerability in Opcsystems OPC Systems.Net 8.00.0023 Untrusted search path vulnerability in Open Automation OPC Systems.NET 8.00.0023 and earlier allows local users to gain privileges via a Trojan horse DLL in an unspecified directory. | 6.9 |
2015-12-23 | CVE-2015-7925 | Ewon | Cross-Site Request Forgery (CSRF) vulnerability in Ewon Firmware 10.0S0 Cross-site request forgery (CSRF) vulnerability on eWON devices with firmware through 10.1s0 allows remote attackers to hijack the authentication of administrators for requests that trigger firmware upload, removal of configuration data, or a reboot. | 6.8 |
2015-12-23 | CVE-2015-7936 | Motorola | Cross-Site Request Forgery (CSRF) vulnerability in Motorola Moscad IP Gateway Firmware Cross-site request forgery (CSRF) vulnerability in Motorola Solutions MOSCAD IP Gateway allows remote attackers to hijack the authentication of administrators for requests that modify a password. | 6.8 |
2015-12-21 | CVE-2015-8458 | Adobe | Out-of-bounds Write vulnerability in Adobe products Heap-based buffer overflow in AGM.dll in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allows attackers to execute arbitrary code via a multiple-layer PDF document, a different vulnerability than CVE-2015-6696 and CVE-2015-6698. | 6.8 |
2015-12-21 | CVE-2015-5001 | IBM | Resource Management Errors vulnerability in IBM Websphere Portal IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF19, and 8.5.0 before CF08 allows remote authenticated users to cause a denial of service (memory consumption) via a crafted document. | 6.8 |
2015-12-27 | CVE-2015-6004 | Progress | SQL Injection vulnerability in Progress Whatsup Gold Multiple SQL injection vulnerabilities in IPSwitch WhatsUp Gold before 16.4 allow remote attackers to execute arbitrary SQL commands via (1) the UniqueID (aka sUniqueID) parameter to WrFreeFormText.asp in the Reports component or (2) the Find Device parameter. | 6.5 |
2015-12-21 | CVE-2015-7919 | Searchblox | Permissions, Privileges, and Access Controls vulnerability in Searchblox 8.3.0 SearchBlox 8.3 before 8.3.1 allows remote attackers to write to the config file, and consequently cause a denial of service (application crash), via unspecified vectors. | 6.4 |
2015-12-21 | CVE-2015-7907 | Honeywell | Path Traversal vulnerability in Honeywell Midas Black Firmware and Midas Firmware Directory traversal vulnerability in the web server on Honeywell Midas gas detectors before 1.13b3 and Midas Black gas detectors before 2.13b3 allows remote attackers to bypass authentication, and write to a configuration file or trigger a calibration or test, via unspecified vectors. | 6.4 |
2015-12-23 | CVE-2015-6431 | Cisco | Resource Management Errors vulnerability in Cisco IOS XE 16.1.1 Cisco IOS XE 16.1.1 allows remote attackers to cause a denial of service (device reload) via a packet with the 00-00-00-00-00-00 source MAC address, aka Bug ID CSCux48405. | 6.1 |
2015-12-24 | CVE-2015-7931 | Adcon | Improper Input Validation vulnerability in Adcon A840 Telemetry Gateway Base Station Firmware The Java client in Adcon Telemetry A840 Telemetry Gateway Base Station does not authenticate the station device, which allows man-in-the-middle attackers to spoof devices and obtain sensitive information by reading cleartext packet data, related to the lack of SSL support. | 5.8 |
2015-12-27 | CVE-2015-7665 | Tails Project | Information Exposure vulnerability in Tails Project Tails 1.6 Tails before 1.7 includes the wget program but does not prevent automatic fallback from passive FTP to active FTP, which allows remote FTP servers to discover the Tor client IP address by reading a (1) PORT or (2) EPRT command. | 5.0 |
2015-12-27 | CVE-2015-8263 | Netgear | Security Bypass vulnerability in Netgear G54/N150 WNR1000v3 Router NETGEAR WNR1000v3 devices with firmware 1.0.2.68 use the same source port number for every DNS query, which makes it easier for remote attackers to spoof responses by selecting that number for the destination port. | 5.0 |
2015-12-27 | CVE-2015-8262 | Buffalotech | Security Bypass vulnerability in Buffalotech products Buffalo WZR-600DHP2 devices with firmware 2.09, 2.13, and 2.16 use an improper algorithm for selecting the ID value in the header of a DNS query, which makes it easier for remote attackers to spoof responses by predicting this value. | 5.0 |
2015-12-26 | CVE-2015-8669 | Phpmyadmin | Information Exposure vulnerability in PHPmyadmin libraries/config/messages.inc.php in phpMyAdmin 4.0.x before 4.0.10.12, 4.4.x before 4.4.15.2, and 4.5.x before 4.5.3.1 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error message. | 5.0 |
2015-12-24 | CVE-2015-7934 | Adcon | Information Exposure vulnerability in Adcon A840 Telemetry Gateway Base Station Firmware The Java client in Adcon Telemetry A840 Telemetry Gateway Base Station allows remote attackers to discover log-file pathnames via unspecified vectors. | 5.0 |
2015-12-24 | CVE-2015-7932 | Adcon | Information Exposure vulnerability in Adcon A840 Telemetry Gateway Base Station Firmware Adcon Telemetry A840 Telemetry Gateway Base Station allows remote attackers to obtain sensitive information by sniffing the network. | 5.0 |
2015-12-23 | CVE-2015-7929 | Ewon | Information Exposure vulnerability in Ewon Firmware 10.0S0 eWON devices with firmware through 10.1s0 support unspecified GET requests, which might allow remote attackers to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history. | 5.0 |
2015-12-23 | CVE-2015-7928 | Ewon | Information Exposure vulnerability in Ewon Firmware 10.0S0 eWON devices with firmware before 10.1s0 do not have an off autocomplete attribute for a password field, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation. | 5.0 |
2015-12-23 | CVE-2015-7926 | Ewon | Information Exposure vulnerability in Ewon Firmware 10.0S0 eWON devices with firmware before 10.1s0 omit RBAC for I/O server information and status requests, which allows remote attackers to obtain sensitive information via an unspecified URL. | 5.0 |
2015-12-23 | CVE-2015-7935 | Motorola | Information Exposure vulnerability in Motorola Moscad IP Gateway Firmware Motorola Solutions MOSCAD IP Gateway allows remote attackers to read arbitrary files via unspecified vectors. | 5.0 |
2015-12-27 | CVE-2015-7783 | LET S PHP | Cross-site Scripting vulnerability in Let'S PHP! Pbbs 4.05 Cross-site scripting (XSS) vulnerability in Let's PHP! p++BBS before 4.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2015-12-27 | CVE-2015-8254 | RSI Video Technologies | Insufficient Verification of Data Authenticity vulnerability in RSI Video Technologies Frontel Protocol 2.0 The Frontel protocol before 3 on RSI Video Technologies Videofied devices does not use integrity protection, which makes it easier for man-in-the-middle attackers to (1) initiate a false alarm or (2) deactivate an alarm by modifying the client-server data stream. | 4.3 |
2015-12-27 | CVE-2015-8253 | RSI Video Technologies | Information Exposure vulnerability in RSI Video Technologies Frontel Protocol 2.0 The Frontel protocol before 3 on RSI Video Technologies Videofied devices sets up AES encryption but sends all traffic in cleartext, which allows remote attackers to obtain sensitive (1) message or (2) MJPEG video data by sniffing the network. | 4.3 |
2015-12-27 | CVE-2015-8252 | RSI Video Technologies | Information Exposure vulnerability in RSI Video Technologies Frontel Protocol 2.0 The Frontel protocol before 3 on RSI Video Technologies Videofied devices sends a cleartext serial number, which allows remote attackers to determine a hardcoded key by sniffing the network and performing a "jumbled up" calculation with this number. | 4.3 |
2015-12-26 | CVE-2015-6409 | Cisco | Information Exposure vulnerability in Cisco Jabber 10.6(2) Cisco Jabber 10.6.x, 11.0.x, and 11.1.x on Windows allows man-in-the-middle attackers to conduct STARTTLS downgrade attacks and trigger cleartext XMPP sessions via unspecified vectors, aka Bug ID CSCuw87419. | 4.3 |
2015-12-23 | CVE-2015-7927 | Ewon | Cross-site Scripting vulnerability in Ewon Firmware 10.0S0 Cross-site scripting (XSS) vulnerability on eWON devices with firmware through 10.1s0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2015-12-23 | CVE-2015-6471 | Eaton | Information Exposure vulnerability in Eaton Proview Eaton Cooper Power Systems ProView 4.x and 5.x before 5.1 on Form 6 controls and Idea and IdeaPLUS relays does not properly initialize padding fields in Ethernet packets, which allows remote attackers to obtain sensitive information by reading packet data. | 4.3 |
2015-12-21 | CVE-2015-7413 | IBM | Cross-site Scripting vulnerability in IBM Websphere Portal 8.0.0.0/8.0.0.1/8.5.0.0 Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.0.0 before 8.0.0.1 CF19 and 8.5.0 through CF08 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | 4.3 |
2015-12-21 | CVE-2015-4998 | IBM | Cross-site Scripting vulnerability in IBM Websphere Portal Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF19, and 8.5.0 before CF08 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2015-4993. | 4.3 |
2015-12-21 | CVE-2015-4993 | IBM | Cross-site Scripting vulnerability in IBM Websphere Portal Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF19, and 8.5.0 before CF08 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2015-4998. | 4.3 |
0 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|