Weekly Vulnerabilities Reports > December 21 to 27, 2015

Overview

53 new vulnerabilities reported during this period, including 7 critical vulnerabilities and 14 high severity vulnerabilities. This weekly summary report vulnerabilities in 88 products from 33 vendors including IBM, Ewon, Adcon, Ffmpeg, and RSI Video Technologies. Vulnerabilities are notably categorized as "Information Exposure", "Cross-site Scripting", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Permissions, Privileges, and Access Controls", and "Improper Input Validation".

  • 50 reported vulnerabilities are remotely exploitables.
  • 13 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 49 reported vulnerabilities are exploitable by an anonymous user.
  • IBM has the most reported vulnerabilities, with 6 reported vulnerabilities.
  • Google has the most reported critical vulnerabilities, with 1 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

7 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2015-12-24 CVE-2015-6792 Google Remote Code Execution vulnerability in Google Chrome Prior to 47.0.2526.106

The MIDI subsystem in Google Chrome before 47.0.2526.106 does not properly handle the sending of data, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors, related to midi_manager.cc, midi_manager_alsa.cc, and midi_manager_mac.cc, a different vulnerability than CVE-2015-8664.

10.0
2015-12-24 CVE-2015-7930 Adcon Multiple Security vulnerability in Adcon Telemetry A840 Telemetry Gateway ICSA-15-349-01

Adcon Telemetry A840 Telemetry Gateway Base Station has hardcoded credentials, which allows remote attackers to obtain administrative access via unspecified vectors.

10.0
2015-12-23 CVE-2015-7911 Saia Burgess Controls Credentials Management vulnerability in Saia Burgess Controls products

Saia Burgess PCD1.M0xx0, PCD1.M2xx0, PCD2.M5xx0, PCD3.Mxx60, PCD3.Mxxx0, PCD7.D4xxD, PCD7.D4xxV, PCD7.D4xxWTPF, and PCD7.D4xxxT5F devices before 1.24.50 and PCD3.T665 and PCD3.T666 devices before 1.24.41 have hardcoded credentials, which allows remote attackers to obtain administrative access via an FTP session.

10.0
2015-12-21 CVE-2015-7937 Schneider Electric Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Schneider-Electric products

Stack-based buffer overflow in the GoAhead Web Server on Schneider Electric Modicon M340 PLC BMXNOx and BMXPx devices allows remote attackers to execute arbitrary code via a long password in HTTP Basic Authentication data.

10.0
2015-12-21 CVE-2015-7906 Loytec Credentials Management vulnerability in Loytec L-Switch and L-Ip Firmware 6.0.1

LOYTEC LIP-3ECTB 6.0.1, LINX-100, LVIS-3E100, and LIP-ME201 devices allow remote attackers to read a password-hash backup file via unspecified vectors.

10.0
2015-12-21 CVE-2015-7908 Honeywell Information Exposure vulnerability in Honeywell Midas Black Firmware and Midas Firmware

Honeywell Midas gas detectors before 1.13b3 and Midas Black gas detectors before 2.13b3 allow remote attackers to discover cleartext passwords by sniffing the network.

9.3
2015-12-21 CVE-2015-4545 EMC Permissions, Privileges, and Access Controls vulnerability in EMC Isilon Onefs

EMC Isilon OneFS 7.1 before 7.1.1.8, 7.2.0 before 7.2.0.4, and 7.2.1 before 7.2.1.1 allows remote authenticated administrators to bypass a SmartLock root-login restriction by creating a root account and establishing a login session.

9.0

14 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2015-12-27 CVE-2015-6538 Ephiphanyheathdata Unspecified vulnerability in Ephiphanyheathdata Cardio Server 3.3/4.0/4.1

The login page in Epiphany Cardio Server 3.3, 4.0, and 4.1 mishandles authentication requests, which allows remote attackers to conduct LDAP injection attacks, and consequently bypass intended access restrictions, via a crafted URL.

7.5
2015-12-27 CVE-2015-6537 Epiphanyhealthdata SQL Injection vulnerability in Epiphanyhealthdata Cardio Server 3.3

SQL injection vulnerability in the login page in Epiphany Cardio Server 3.3 allows remote attackers to execute arbitrary SQL commands via a crafted URL.

7.5
2015-12-24 CVE-2015-8664 Google Numeric Errors vulnerability in Google Chrome

Integer overflow in the WebCursor::Deserialize function in content/common/cursors/webcursor.cc in Google Chrome before 47.0.2526.106 allows remote attackers to cause a denial of service or possibly have unspecified other impact via an RGBA pixel array with crafted dimensions, a different vulnerability than CVE-2015-6792.

7.5
2015-12-24 CVE-2015-8663 Ffmpeg Buffer Errors vulnerability in Ffmpeg 2.8.3

The ff_get_buffer function in libavcodec/utils.c in FFmpeg before 2.8.4 preserves width and height values after a failure, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via a crafted .mov file.

7.5
2015-12-24 CVE-2015-8662 Ffmpeg Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Ffmpeg

The ff_dwt_decode function in libavcodec/jpeg2000dwt.c in FFmpeg before 2.8.4 does not validate the number of decomposition levels before proceeding with Discrete Wavelet Transform decoding, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JPEG 2000 data.

7.5
2015-12-24 CVE-2015-8661 Ffmpeg Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Ffmpeg

The h264_slice_header_init function in libavcodec/h264_slice.c in FFmpeg before 2.8.3 does not validate the relationship between the number of threads and the number of slices, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted H.264 data.

7.5
2015-12-24 CVE-2015-8267 Dovestones Permissions, Privileges, and Access Controls vulnerability in Dovestones AD Self Password Reset 3.0.3.0

The PasswordReset.Controllers.ResetController.ChangePasswordIndex method in PasswordReset.dll in Dovestones AD Self Password Reset before 3.0.4.0 allows remote attackers to reset arbitrary passwords via a crafted request with a valid username.

7.5
2015-12-23 CVE-2015-7924 Ewon Multiple Security vulnerability in Ewon Firmware 10.0S0

eWON devices with firmware before 10.1s0 do not trigger the discarding of browser session data in response to a log-off action, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation.

7.5
2015-12-21 CVE-2015-6481 Moxa Unspecified vulnerability in Moxa Oncell Central Manager 2.0

The login function in the RequestController class in Moxa OnCell Central Manager before 2.2 has a hardcoded root password, which allows remote attackers to obtain administrative access via a login session.

7.5
2015-12-21 CVE-2015-6480 Moxa Improper Authentication vulnerability in Moxa Oncell Central Manager 2.0

The MessageBrokerServlet servlet in Moxa OnCell Central Manager before 2.2 does not require authentication, which allows remote attackers to obtain administrative access via a command, as demonstrated by the addUserAndGroup action.

7.5
2015-12-21 CVE-2015-1836 IBM
Apache
Improper Access Control vulnerability in multiple products

Apache HBase 0.98 before 0.98.12.1, 1.0 before 1.0.1.1, and 1.1 before 1.1.0.1, as used in IBM InfoSphere BigInsights 3.0, 3.0.0.1, and 3.0.0.2 and other products, uses incorrect ACLs for ZooKeeper coordination state, which allows remote attackers to cause a denial of service (daemon outage), obtain sensitive information, or modify data via unspecified client traffic.

7.5
2015-12-21 CVE-2015-6934 Vmware Improper Input Validation vulnerability in VMWare Vcenter Orchestrator and Vrealize Orchestrator

Serialized-object interfaces in VMware vRealize Orchestrator 6.x, vCenter Orchestrator 5.x, vRealize Operations 6.x, vCenter Operations 5.x, and vCenter Application Discovery Manager (vADM) 7.x allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.

7.5
2015-12-23 CVE-2015-6851 RSA Improper Access Control vulnerability in RSA Securid web Agent

EMC RSA SecurID Web Agent before 8.0 allows physically proximate attackers to bypass the privacy-screen protection mechanism by leveraging an unattended workstation and running DOM Inspector.

7.2
2015-12-22 CVE-2015-8373 ISC Improper Input Validation vulnerability in ISC KEA 0.9.2/1.0.0

The kea-dhcp4 and kea-dhcp6 servers 0.9.2 and 1.0.0-beta in ISC Kea, when certain debugging settings are used, allow remote attackers to cause a denial of service (daemon crash) via a malformed packet.

7.1

31 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2015-12-23 CVE-2015-7917 Opcsystems DLL Loading Local Privilege Escalation vulnerability in Opcsystems OPC Systems.Net 8.00.0023

Untrusted search path vulnerability in Open Automation OPC Systems.NET 8.00.0023 and earlier allows local users to gain privileges via a Trojan horse DLL in an unspecified directory.

6.9
2015-12-23 CVE-2015-7925 Ewon Cross-Site Request Forgery (CSRF) vulnerability in Ewon Firmware 10.0S0

Cross-site request forgery (CSRF) vulnerability on eWON devices with firmware through 10.1s0 allows remote attackers to hijack the authentication of administrators for requests that trigger firmware upload, removal of configuration data, or a reboot.

6.8
2015-12-23 CVE-2015-7936 Motorola Cross-Site Request Forgery (CSRF) vulnerability in Motorola Moscad IP Gateway Firmware

Cross-site request forgery (CSRF) vulnerability in Motorola Solutions MOSCAD IP Gateway allows remote attackers to hijack the authentication of administrators for requests that modify a password.

6.8
2015-12-21 CVE-2015-8458 Adobe
Apple
Microsoft
Out-Of-Bounds Write vulnerability in Adobe products

Heap-based buffer overflow in AGM.dll in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allows attackers to execute arbitrary code via a multiple-layer PDF document, a different vulnerability than CVE-2015-6696 and CVE-2015-6698.

6.8
2015-12-21 CVE-2015-5001 IBM Resource Management Errors vulnerability in IBM Websphere Portal

IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF19, and 8.5.0 before CF08 allows remote authenticated users to cause a denial of service (memory consumption) via a crafted document.

6.8
2015-12-27 CVE-2015-6004 Ipswitch SQL Injection vulnerability in Ipswitch Whatsup Gold

Multiple SQL injection vulnerabilities in IPSwitch WhatsUp Gold before 16.4 allow remote attackers to execute arbitrary SQL commands via (1) the UniqueID (aka sUniqueID) parameter to WrFreeFormText.asp in the Reports component or (2) the Find Device parameter.

6.5
2015-12-21 CVE-2015-7919 Searchblox Permissions, Privileges, and Access Controls vulnerability in Searchblox 8.3.0

SearchBlox 8.3 before 8.3.1 allows remote attackers to write to the config file, and consequently cause a denial of service (application crash), via unspecified vectors.

6.4
2015-12-21 CVE-2015-7907 Honeywell Path Traversal vulnerability in Honeywell Midas Black Firmware and Midas Firmware

Directory traversal vulnerability in the web server on Honeywell Midas gas detectors before 1.13b3 and Midas Black gas detectors before 2.13b3 allows remote attackers to bypass authentication, and write to a configuration file or trigger a calibration or test, via unspecified vectors.

6.4
2015-12-23 CVE-2015-6431 Cisco Resource Management Errors vulnerability in Cisco IOS XE 16.1.1

Cisco IOS XE 16.1.1 allows remote attackers to cause a denial of service (device reload) via a packet with the 00-00-00-00-00-00 source MAC address, aka Bug ID CSCux48405.

6.1
2015-12-24 CVE-2015-7931 Adcon Improper Input Validation vulnerability in Adcon A840 Telemetry Gateway Base Station Firmware

The Java client in Adcon Telemetry A840 Telemetry Gateway Base Station does not authenticate the station device, which allows man-in-the-middle attackers to spoof devices and obtain sensitive information by reading cleartext packet data, related to the lack of SSL support.

5.8
2015-12-27 CVE-2015-7665 Tails Project Information Exposure vulnerability in Tails Project Tails 1.6

Tails before 1.7 includes the wget program but does not prevent automatic fallback from passive FTP to active FTP, which allows remote FTP servers to discover the Tor client IP address by reading a (1) PORT or (2) EPRT command.

5.0
2015-12-27 CVE-2015-8263 Netgear Security Bypass vulnerability in Netgear G54/N150 WNR1000v3 Router

NETGEAR WNR1000v3 devices with firmware 1.0.2.68 use the same source port number for every DNS query, which makes it easier for remote attackers to spoof responses by selecting that number for the destination port.

5.0
2015-12-27 CVE-2015-8262 Buffalotech Security Bypass vulnerability in Buffalotech products

Buffalo WZR-600DHP2 devices with firmware 2.09, 2.13, and 2.16 use an improper algorithm for selecting the ID value in the header of a DNS query, which makes it easier for remote attackers to spoof responses by predicting this value.

5.0
2015-12-26 CVE-2015-8669 Phpmyadmin Information Exposure vulnerability in PHPmyadmin

libraries/config/messages.inc.php in phpMyAdmin 4.0.x before 4.0.10.12, 4.4.x before 4.4.15.2, and 4.5.x before 4.5.3.1 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error message.

5.0
2015-12-24 CVE-2015-7934 Adcon Information Exposure vulnerability in Adcon A840 Telemetry Gateway Base Station Firmware

The Java client in Adcon Telemetry A840 Telemetry Gateway Base Station allows remote attackers to discover log-file pathnames via unspecified vectors.

5.0
2015-12-24 CVE-2015-7932 Adcon Information Exposure vulnerability in Adcon A840 Telemetry Gateway Base Station Firmware

Adcon Telemetry A840 Telemetry Gateway Base Station allows remote attackers to obtain sensitive information by sniffing the network.

5.0
2015-12-23 CVE-2015-7929 Ewon Information Exposure vulnerability in Ewon Firmware 10.0S0

eWON devices with firmware through 10.1s0 support unspecified GET requests, which might allow remote attackers to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history.

5.0
2015-12-23 CVE-2015-7928 Ewon Information Exposure vulnerability in Ewon Firmware 10.0S0

eWON devices with firmware before 10.1s0 do not have an off autocomplete attribute for a password field, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation.

5.0
2015-12-23 CVE-2015-7926 Ewon Information Exposure vulnerability in Ewon Firmware 10.0S0

eWON devices with firmware before 10.1s0 omit RBAC for I/O server information and status requests, which allows remote attackers to obtain sensitive information via an unspecified URL.

5.0
2015-12-23 CVE-2015-7935 Motorola Information Exposure vulnerability in Motorola Moscad IP Gateway Firmware

Motorola Solutions MOSCAD IP Gateway allows remote attackers to read arbitrary files via unspecified vectors.

5.0
2015-12-27 CVE-2015-7783 LET S PHP Cross-Site Scripting vulnerability in Let'S PHP! Pbbs 4.05

Cross-site scripting (XSS) vulnerability in Let's PHP! p++BBS before 4.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2015-12-27 CVE-2015-8254 RSI Video Technologies Insufficient Verification of Data Authenticity vulnerability in RSI Video Technologies Frontel Protocol 2.0

The Frontel protocol before 3 on RSI Video Technologies Videofied devices does not use integrity protection, which makes it easier for man-in-the-middle attackers to (1) initiate a false alarm or (2) deactivate an alarm by modifying the client-server data stream.

4.3
2015-12-27 CVE-2015-8253 RSI Video Technologies Information Exposure vulnerability in RSI Video Technologies Frontel Protocol 2.0

The Frontel protocol before 3 on RSI Video Technologies Videofied devices sets up AES encryption but sends all traffic in cleartext, which allows remote attackers to obtain sensitive (1) message or (2) MJPEG video data by sniffing the network.

4.3
2015-12-27 CVE-2015-8252 RSI Video Technologies Information Exposure vulnerability in RSI Video Technologies Frontel Protocol 2.0

The Frontel protocol before 3 on RSI Video Technologies Videofied devices sends a cleartext serial number, which allows remote attackers to determine a hardcoded key by sniffing the network and performing a "jumbled up" calculation with this number.

4.3
2015-12-26 CVE-2015-6409 Cisco Information Exposure vulnerability in Cisco Jabber 10.6(2)

Cisco Jabber 10.6.x, 11.0.x, and 11.1.x on Windows allows man-in-the-middle attackers to conduct STARTTLS downgrade attacks and trigger cleartext XMPP sessions via unspecified vectors, aka Bug ID CSCuw87419.

4.3
2015-12-23 CVE-2015-7927 Ewon Cross-Site Scripting vulnerability in Ewon Firmware 10.0S0

Cross-site scripting (XSS) vulnerability on eWON devices with firmware through 10.1s0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2015-12-23 CVE-2015-6471 Eaton Information Exposure vulnerability in Eaton Proview

Eaton Cooper Power Systems ProView 4.x and 5.x before 5.1 on Form 6 controls and Idea and IdeaPLUS relays does not properly initialize padding fields in Ethernet packets, which allows remote attackers to obtain sensitive information by reading packet data.

4.3
2015-12-21 CVE-2015-7413 IBM Cross-Site Scripting vulnerability in IBM Websphere Portal 8.0.0.0/8.0.0.1/8.5.0.0

Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.0.0 before 8.0.0.1 CF19 and 8.5.0 through CF08 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

4.3
2015-12-21 CVE-2015-4998 IBM Cross-Site Scripting vulnerability in IBM Websphere Portal

Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF19, and 8.5.0 before CF08 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2015-4993.

4.3
2015-12-21 CVE-2015-4993 IBM Cross-Site Scripting vulnerability in IBM Websphere Portal

Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF19, and 8.5.0 before CF08 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2015-4998.

4.3
2015-12-21 CVE-2015-1772 IBM
Apache
Improper Authentication vulnerability in multiple products

The LDAP implementation in HiveServer2 in Apache Hive before 1.0.1 and 1.1.x before 1.1.1, as used in IBM InfoSphere BigInsights 3.0, 3.0.0.1, and 3.0.0.2 and other products, mishandles simple unauthenticated and anonymous bind configurations, which allows remote attackers to bypass authentication via a crafted LDAP request.

4.3

1 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2015-12-27 CVE-2015-6005 Ipswitch Cross-Site Scripting vulnerability in Ipswitch Whatsup Gold

Multiple cross-site scripting (XSS) vulnerabilities in IPSwitch WhatsUp Gold before 16.4 allow remote attackers to inject arbitrary web script or HTML via (1) an SNMP OID object, (2) an SNMP trap message, (3) the View Names field, (4) the Group Names field, (5) the Flow Monitor Credentials field, (6) the Flow Monitor Threshold Name field, (7) the Task Library Name field, (8) the Task Library Description field, (9) the Policy Library Name field, (10) the Policy Library Description field, (11) the Template Library Name field, (12) the Template Library Description field, (13) the System Script Library Name field, (14) the System Script Library Description field, or (15) the CLI Settings Library Description field.

3.5