Vulnerability Summary for the Week of May 04, 2015

Released
May 11, 2015
Document ID
SB15-131

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis. 

High Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
alienvault -- unified_security_managementThe Framework Daemon in AlienVault Unified Security Management before 4.15 allows remote attackers to execute arbitrary Python code via a crafted plugin configuration file (.cfg).2015-05-019.3CVE-2015-3446
CONFIRM
MISC
cisco -- unified_computing_system_central_softwareCisco UCS Central Software 1.2 and earlier allows remote attackers to execute arbitrary commands via a crafted HTTP request, aka Bug ID CSCut46961.2015-05-0610.0CVE-2015-0701
CISCO
emc -- autostartftagent.exe in EMC AutoStart 5.4.x and 5.5.x before 5.5.0.508 HF4 allows remote attackers to execute arbitrary commands via crafted packets.2015-05-069.3CVE-2015-0538
CERT-VN
BUGTRAQ
google -- chromeMultiple unspecified vulnerabilities in Google Chrome before 42.0.2311.135 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.2015-05-017.5CVE-2015-1250
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
realtek -- realtek_sdkThe miniigd SOAP service in Realtek SDK allows remote attackers to execute arbitrary code via a crafted NewInternalClient request.2015-05-0110.0CVE-2014-8361
MISC
CONFIRM
samsung -- samsung_security_managerSamsung Security Manager (SSM) before 1.31 allows remote attackers to execute arbitrary code by uploading a file with an HTTP (1) PUT or (2) MOVE request.2015-05-0110.0CVE-2015-3435
MISC
MISC

Back to top

Medium Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
apple -- safariWebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-1153 and CVE-2015-1154.2015-05-076.8CVE-2015-1152
CONFIRM
APPLE
apple -- safariWebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-1152 and CVE-2015-1154.2015-05-076.8CVE-2015-1153
CONFIRM
APPLE
apple -- safariWebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-1152 and CVE-2015-1153.2015-05-076.8CVE-2015-1154
CONFIRM
APPLE
apple -- safariThe history implementation in WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to bypass the Same Origin Policy and read arbitrary files via a crafted web site.2015-05-074.3CVE-2015-1155
CONFIRM
APPLE
apple -- safariThe page-loading implementation in WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, does not properly handle the rel attribute in an A element, which allows remote attackers to bypass the Same Origin Policy for a link's target, and spoof the user interface, via a crafted web site.2015-05-074.3CVE-2015-1156
CONFIRM
APPLE
cisco -- finesseMultiple cross-site scripting (XSS) vulnerabilities in Cisco Finesse Server 10.0(1), 10.5(1), 10.6(1), and 11.0(1) allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCut53595.2015-05-024.3CVE-2015-0714
CISCO
cisco -- unity_connectionSQL injection vulnerability in the administrative web interface in Cisco Unified Communications Manager 11.0(0.98000.225) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug IDs CSCut33447 and CSCut33608.2015-05-066.5CVE-2015-0715
CISCO
cisco -- unity_connectionCross-site request forgery (CSRF) vulnerability in the CUCReports page in Cisco Unity Connection 11.0(0.98000.225) and 11.0(0.98000.332) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCut33659.2015-05-066.8CVE-2015-0716
CISCO
dell -- sonicwall_secure_remote_access_firmwareCross-site request forgery (CSRF) vulnerability in the user portal in Dell SonicWALL Secure Remote Access (SRA) products with firmware before 7.5.1.0-38sv and 8.x before 8.0.0.1-16sv allows remote attackers to hijack the authentication of users for requests that create bookmarks via a crafted request to cgi-bin/editBookmark.2015-05-016.8CVE-2015-2248
CONFIRM
MISC
elasticsearch -- elasticsearchDirectory traversal vulnerability in Elasticsearch before 1.4.5 and 1.5.x before 1.5.2, when a site plugin is enabled, allows remote attackers to read arbitrary files via unspecified vectors.2015-05-014.3CVE-2015-3337
CONFIRM
BUGTRAQ
DEBIAN
emc -- sourceone_email_managementEMC SourceOne Email Management before 7.2 does not have a lockout mechanism for invalid login attempts, which makes it easier for remote attackers to obtain access via a brute-force attack.2015-05-065.0CVE-2015-0531
BUGTRAQ
foxitsoftware -- enterprise_readerFoxit Reader, Enterprise Reader, and PhantomPDF before 7.1.5 allow remote attackers to cause a denial of service (memory corruption and crash) via a crafted GIF in a PDF file.2015-05-014.3CVE-2015-3632
EXPLOIT-DB
CONFIRM
MISC
MISC
foxitsoftware -- enterprise_readerFoxit Reader, Enterprise Reader, and PhantomPDF before 7.1.5 allow remote attackers to cause a denial of service (memory corruption and crash) via vectors related to digital signatures.2015-05-015.0CVE-2015-3633
CONFIRM
haxx -- curlThe default configuration for cURL and libcurl before 7.42.1 sends custom HTTP headers to both the proxy and destination server, which might allow remote proxy servers to obtain sensitive information by reading the header contents.2015-05-015.0CVE-2015-3153
UBUNTU
DEBIAN
CONFIRM
ibm -- db2IBM DB2 9.5 through 10.5 on Linux, UNIX, and Windows stores passwords during the processing of certain SQL statements by the monitoring and audit facilities, which allows remote authenticated users to obtain sensitive information via commands associated with these facilities.2015-05-074.0CVE-2014-0919
CONFIRM
AIXAPAR
AIXAPAR
AIXAPAR
AIXAPAR
AIXAPAR
ibm -- rational_license_key_serverThe Administration and Reporting Tool in IBM Rational License Key Server (RLKS) 8.1.4 before 8.1.4.7 allows remote authenticated users to read cookies via unspecified vectors.2015-05-074.0CVE-2015-1907
CONFIRM
python -- pillowThe Jpeg2KImagePlugin plugin in Pillow before 2.5.3 allows remote attackers to cause a denial of service via a crafted image.2015-05-015.0CVE-2014-3598
CONFIRM
SUSE
redhat -- enterprise_virtualization_managerRed Hat Enterprise Virtualization (RHEV) Manager before 3.5.1 ignores the permission to deny snapshot creation during live storage migration between domains, which allows remote authenticated users to cause a denial of service (prevent host start) by creating a long snapshot chain.2015-05-016.8CVE-2015-0237
REDHAT
siemens -- homecontrol_for_room_automationThe Siemens HomeControl for Room Automation application before 2.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information or modify data via a crafted certificate.2015-05-075.4CVE-2015-3610
CONFIRM

Back to top

Low Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
kozos -- easyctfCross-site scripting (XSS) vulnerability in EasyCTF before 1.4 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.2015-05-013.5CVE-2015-0913
JVNDB
JVN
CONFIRM
redhat -- enterprise_virtualization_managerRed Hat Enterprise Virtualization (RHEV) Manager before 3.5.1 uses weak permissions on the directories shared by the ovirt-engine-dwhd service and a plugin during service startup, which allows local users to obtain sensitive information by reading files in the directory.2015-05-012.1CVE-2015-0257
REDHAT

Back to top

Please share your thoughts

We recently updated our anonymous product survey; we’d welcome your feedback.