Vulnerability Summary for the Week of August 3, 2015

50
SB15-222: Vulnerability Summary for the Week of August 3, 2015 Original release date: August 10, 2015 The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores: High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0 Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9 Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9 High Vulnerabilities Primary Vendor -- Product Description Publish ed CVSS Scor e Source & Patch Info chiyutw -- bf-660c Chiyu BF-660C fingerprint access-control devices allow remote attackers to bypass authentication and (1) read or (2) modify communication configuration settings via a request to net.htm, a different vulnerability than CVE-2015-5618. 2015- 07-31 7.5 CVE- 2015- 2871 CERT-VN

description

Vulnerability Summary for the Week of August 3, 2015

Transcript of Vulnerability Summary for the Week of August 3, 2015

Page 1: Vulnerability Summary for the Week of August 3, 2015

SB15-222: Vulnerability Summary for the Week of August 3, 2015

Original release date: August 10, 2015 

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

High  - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0 Medium  - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

Low  - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

High Vulnerabilities

PrimaryVendor -- Product

Description PublishedCVSS Score

Source & Patch Info

chiyutw -- bf-660c

Chiyu BF-660C fingerprint access-control devices allow remote attackers to bypass authentication and (1) read or (2) modify communication configuration settings via a request to net.htm, a different vulnerability than CVE-2015-5618.

2015-07-31

7.5CVE-2015-2871CERT-VN

chiyutw -- bf-630 Chiyu BF-630 and BF-630W fingerprint access-control devices allow remote attackers to bypass authentication and (1) read or (2) modify (a) Voice Time Set configuration settings via a request to voice.htm or (b)

2015-07-31

7.5 CVE-2015-5618CERT-VN

Page 2: Vulnerability Summary for the Week of August 3, 2015

PrimaryVendor -- Product

Description PublishedCVSS Score

Source & Patch Info

UniFinger configuration settings via a request to bf.htm, a different vulnerability than CVE-2015-2871.

cisco -- ios_xe

Cisco IOS XE 2.x before 2.4.3 and 2.5.x before 2.5.1 on ASR 1000 devices allows remote attackers to cause a denial of service (Embedded Services Processor crash) via a crafted series of fragmented (1) IPv4 or (2) IPv6 packets, aka Bug ID CSCtd72617.

2015-07-31

7.8CVE-2015-4291CISCO

dell -- bios

The BIOS implementation on Dell Latitude, OptiPlex, Precision Mobile Workstation, and Precision Workstation Client Solutions (CS) devices with model-dependent firmware before A21 does not enforce a BIOS_CNTL locking protection mechanism upon being woken from sleep, which allows local users to conduct EFI flash attacks by leveraging console access, a similar issue to CVE-2015-3692.

2015-07-31

7.2

CVE-2015-2890CONFIRMCERT-VN

garrettcom -- magnum_10k_firmware The firmware in MNS before 4.5.6 on Belden GarrettCom Magnum 6K and Magnum 10K switches has a hardcoded serial-console

2015-08-03

7.2 CVE-2015-3959MISCCONFIRM

Page 3: Vulnerability Summary for the Week of August 3, 2015

PrimaryVendor -- Product

Description PublishedCVSS Score

Source & Patch Info

password for a privileged account, which might allow physically proximate attackers to obtain access by establishing a console session to a nonstandard installation on which this account is enabled, and leveraging knowledge of this password.

gehealthcare -- entegra_p&r_firmware

GE Healthcare eNTEGRA P&R has a password of (1) entegra for the entegra user, (2) passme for the super user of the Polestar/Polestar-i Starlink 4 upgrade, (3) 0 for the entegra user of the Codonics printer FTP service, (4) eNTEGRA for the eNTEGRA P&R user account, (5) insite for the WinVNC Login, and possibly other accounts, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value.

2015-08-04

10.0

CVE-2001-1594MISCMISCCONFIRM

gehealthcare -- millennium_mg GE Healthcare Millennium MG, NC, and MyoSIGHT has a default password of (1) root.genie for the root user, (2) "service." for the service user, (3) admin.genie for

2015-08-04

10.0 CVE-2002-2445MISCMISCCONFIRM

Page 4: Vulnerability Summary for the Week of August 3, 2015

PrimaryVendor -- Product

Description PublishedCVSS Score

Source & Patch Info

the admin user, (4) reboot for the reboot user, and (5) shutdown for the shutdwon user, which has unspecified impact and attack vectors.

CONFIRM

gehealthcare -- millennium_mg_firmware

GE Healthcare Millennium MG, NC, and MyoSIGHT has a password of insite.genieacq for the insite account that cannot be changed without disabling product functionality for remote InSite support, which has unspecified impact and attack vectors.

2015-08-04

10.0

CVE-2002-2446MISCMISCCONFIRMCONFIRM

gehealthcare -- discovery_vh

GE Healthcare Discovery VH has a default password of (1) interfile for the ftpclient user of the Interfile server or (2) "2" for the LOCAL user of the FTP server for the Codonics printer, which has unspecified impact and attack vectors.

2015-08-04

10.0

CVE-2003-1603MISCMISCCONFIRM

gehealthcare -- centricity_image_vault_firmware GE Healthcare Centricity Image Vault 3.x has a password of (1) gemnet for the administrator account, (2) webadmin for the webadmin administrator account of the ASACA DVD library, (3) an empty value for the gemsservice account of the Ultrasound

2015-08-04

10.0 CVE-2004-2777MISCMISCCONFIRM

Page 5: Vulnerability Summary for the Week of August 3, 2015

PrimaryVendor -- Product

Description PublishedCVSS Score

Source & Patch Info

Database, and possibly (4) gemnet2002 for the gemnet2002 account of the GEMNet license server, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value.

gehealthcare -- infinia_ii_firmware

GE Healthcare Infinia II has a default password of (1) infinia for the infinia user, (2) #bigguy1 for the acqservice user, (3) dont4get2 for the Administrator user, (4) #bigguy1 for the emergency user, and (5) 2Bfamous for the InfiniaAdmin user, which has unspecified impact and attack vectors.

2015-08-04

10.0

CVE-2006-7253MISCMISCCONFIRM

gehealthcare -- centricity_dms_firmware

GE Healthcare Centricity DMS 4.2, 4.1, and 4.0 has a password of Muse!Admin for the Museadmin user, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value.

2015-08-04

10.0

CVE-2007-6757MISCMISCCONFIRMCONFIRMCONFIRM

Page 6: Vulnerability Summary for the Week of August 3, 2015

PrimaryVendor -- Product

Description PublishedCVSS Score

Source & Patch Info

gehealthcare -- discovery_530c_firmware

GE Healthcare Discovery 530C has a password of #bigguy1 for the (1) acqservice user and (2) wsservice user of the Xeleris System, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value.

2015-08-04

10.0

CVE-2009-5143MISCMISCCONFIRM

gehealthcare -- optima_ct520_firmware

GE Healthcare Optima CT680, CT540, CT640, and CT520 has a default password of #bigguy for the root user, which has unspecified impact and attack vectors.

2015-08-04

10.0

CVE-2010-5306MISCMISCCONFIRMCONFIRMCONFIRM

gehealthcare -- optima_mr360_firmware The HIPAA configuration interface in GE Healthcare Optima MR360 has a password of (1) operator for the root account, (2) adw2.0 for the admin account, and (3) adw2.0 for the sdc account, which has unspecified impact and attack vectors. NOTE: it is not clear whether these passwords are default, hardcoded, or dependent on another system or product that

2015-08-04

10.0 CVE-2010-5307MISCMISCCONFIRM

Page 7: Vulnerability Summary for the Week of August 3, 2015

PrimaryVendor -- Product

Description PublishedCVSS Score

Source & Patch Info

requires a fixed value.

gehealthcare -- optima_mr360_firmware

GE Healthcare Optima MR360 does not require authentication for the HIPAA emergency login procedure, which allows physically proximate users to gain access via an arbitrary username in the Emergency Login screen. NOTE: this might not qualify for inclusion in CVE if unauthenticated emergency access is part of the intended security policy of the product, can be controlled by the system administrator, and is not enabled by default.

2015-08-04

10.0

CVE-2010-5308MISCMISCCONFIRM

gehealthcare -- cadstream_server_firmware

GE Healthcare CADStream Server has a default password of confirma for the admin user, which has unspecified impact and attack vectors.

2015-08-04

10.0

CVE-2010-5309MISCMISCCONFIRM

gehealthcare -- revolution_xq/i The Acquisition Workstation for the GE Healthcare Revolution XQ/i has a password of adw3.1 for the sdc user, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that

2015-08-04

10.0 CVE-2010-5310MISCMISCCONFIRM

Page 8: Vulnerability Summary for the Week of August 3, 2015

PrimaryVendor -- Product

Description PublishedCVSS Score

Source & Patch Info

requires a fixed value.

gehealthcare -- centricity_analytics_server

GE Healthcare Centricity Analytics Server 1.1 has a default password of (1) V0yag3r for the SQL Server sa user, (2) G3car3s for the analyst user, (3) G3car3s for the ccg user, (4) V0yag3r for the viewer user, and (5) geservice for the geservice user in the Webmin interface, which has unspecified impact and attack vectors.

2015-08-04

10.0

CVE-2011-5322MISCMISCCONFIRM

gehealthcare -- centricity_pacs-iw

GE Healthcare Centricity PACS-IW 3.7.3.7, 3.7.3.8, and possibly other versions has a password of A11enda1e for the sa SQL server user, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value.

2015-08-04

10.0

CVE-2011-5323MISCMISCCONFIRMCONFIRM

gehealthcare -- centricity_pacs-iw The TeraRecon server, as used in GE Healthcare Centricity PACS-IW 3.7.3.7, 3.7.3.8, and possibly other versions, has a password of (1) shared for the shared user and (2) scan for the scan user, which has unspecified

2015-08-04

10.0 CVE-2011-5324MISCMISCCONFIRMCONFIRM

Page 9: Vulnerability Summary for the Week of August 3, 2015

PrimaryVendor -- Product

Description PublishedCVSS Score

Source & Patch Info

impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value.

gehealthcare -- precision_mpi

GE Healthcare Precision MPi has a password of (1) orion for the serviceapp user, (2) orion for the clinical operator user, and (3) PlatinumOne for the administrator user, which has unspecified impact and attack vectors. NOTE: it is not clear whether these passwords are default, hardcoded, or dependent on another system or product that requires a fixed value.

2015-08-04

10.0

CVE-2012-6660MISCMISCCONFIRM

gehealthcare -- centricity_pacs_server

GE Healthcare Centricity PACS 4.0 Server has a default password of (1) nasro for the nasro (ReadOnly) user and (2) nasrw for the nasrw (Read/Write) user, which has unspecified impact and attack vectors.

2015-08-04

10.0

CVE-2012-6693MISCMISCCONFIRMCONFIRM

gehealthcare -- centricity_pacs_server GE Healthcare Centricity PACS Workstation 4.0 and 4.0.1, and Server 4.0, has a password of 2charGE for the geservice account, which has unspecified

2015-08-04

10.0 CVE-2012-6694MISCMISCCONFIRM

Page 10: Vulnerability Summary for the Week of August 3, 2015

PrimaryVendor -- Product

Description PublishedCVSS Score

Source & Patch Info

impact and attack vectors related to TimbuktuPro. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires it.

CONFIRM

gehealthcare -- centricity_pacs_workstation

GE Healthcare Centricity PACS Workstation 4.0 and 4.0.1 has a password of ddpadmin for the ddpadmin user, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value.

2015-08-04

10.0

CVE-2012-6695MISCMISCCONFIRMCONFIRM

gehealthcare -- discovery_nm_750b

GE Healthcare Discovery NM 750b has a password of 2getin for the insite account for (1) Telnet and (2) FTP, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value.

2015-08-04

10.0

CVE-2013-7404MISCMISCCONFIRM

gehealthcare -- centricity_dms The Ad Hoc Reporting feature in GE Healthcare Centricity DMS 4.2 has a password of Never!Mind for the Administrator user,

2015-08-04

10.0 CVE-2013-7405MISCMISC

Page 11: Vulnerability Summary for the Week of August 3, 2015

PrimaryVendor -- Product

Description PublishedCVSS Score

Source & Patch Info

which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value.

CONFIRM

gehealthcare -- centricity_pacs_workstation

GE Healthcare Centricity PACS Workstation 4.0 and 4.0.1 has a password of (1) CANal1 for the Administrator user and (2) iis for the IIS user, which has unspecified impact and attack vectors related to TimbuktuPro. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires it.

2015-08-04

10.0

CVE-2013-7442MISCMISCCONFIRMCONFIRM

gehealthcare -- discovery_xr656

GE Healthcare Discovery XR656 and XR656 G2 has a password of (1) 2getin for the insite user, (2) 4$xray for the xruser user, and (3) #superxr for the root user, which has unspecified impact and attack vectors. NOTE: it is not clear whether these passwords are default, hardcoded, or dependent on another system or product that requires a fixed value.

2015-08-04

10.0

CVE-2014-7232MISCMISCCONFIRMCONFIRM

gehealthcare -- precision_thunis-800+ GE Healthcare Precision 2015-08- 10.0 CVE-2014-

Page 12: Vulnerability Summary for the Week of August 3, 2015

PrimaryVendor -- Product

Description PublishedCVSS Score

Source & Patch Info

THUNIS-800+ has a default password of (1) 1973 for the factory default System Utilities menu, (2) TH8740 for installation using TH8740_122_Setup.exe, (3) hrml for "Setup and Activation" using DSASetup, and (4) an empty string for Shutter Configuration, which has unspecified impact and attack vectors. NOTE: since these passwords appear to be used to access functionality during installation, this issue might not cross privilege boundaries and might not be a vulnerability.

04

7233MISCMISCCONFIRM

gehealthcare -- centricity_clinical_archive_audit_trail_repository

GE Healthcare Centricity Clinical Archive Audit Trail Repository has a default password of initinit for the (1) SSL key manager and (2) server keystore; (3) keystore_password for the server truststore; and atna for the (4) primary storage database and (5) archive storage database, which has unspecified impact and attack vectors.

2015-08-04

10.0

CVE-2014-9736MISCMISCCONFIRM

ibm -- websphere_mq_light IBM MQ Light before 1.0.0.2 allows remote attackers to cause a denial of service (CPU

2015-08-03

7.8 CVE-2015-1955CONFIRM

Page 13: Vulnerability Summary for the Week of August 3, 2015

PrimaryVendor -- Product

Description PublishedCVSS Score

Source & Patch Info

consumption) via a crafted byte sequence in authentication data.

ibm -- websphere_mq_light

IBM MQ Light before 1.0.0.2 allows remote attackers to cause a denial of service (disk consumption) via a crafted byte sequence in authentication data, a different vulnerability than CVE-2015-1958 and CVE-2015-1987.

2015-08-03

7.8CVE-2015-1956CONFIRM

ibm -- websphere_mq_light

IBM MQ Light before 1.0.0.2 allows remote attackers to cause a denial of service (disk consumption) via a crafted byte sequence in authentication data, a different vulnerability than CVE-2015-1956 and CVE-2015-1987.

2015-08-03

7.8CVE-2015-1958CONFIRM

ibm -- websphere_mq_light

IBM MQ Light before 1.0.0.2 allows remote attackers to cause a denial of service (disk consumption) via a crafted byte sequence in authentication data, a different vulnerability than CVE-2015-1956 and CVE-2015-1958.

2015-08-03

7.8CVE-2015-1987CONFIRM

ibm -- tivoli_storage_manager_fastback Stack-based buffer overflow in the server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12.1 allows remote attackers to execute arbitrary code via a crafted packet, a different

2015-08-03

10.0 CVE-2015-4931CONFIRM

Page 14: Vulnerability Summary for the Week of August 3, 2015

PrimaryVendor -- Product

Description PublishedCVSS Score

Source & Patch Info

vulnerability than CVE-2015-4932, CVE-2015-4933, CVE-2015-4934, and CVE-2015-4935.

ibm -- tivoli_storage_manager_fastback

Stack-based buffer overflow in the server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12.1 allows remote attackers to execute arbitrary code via a crafted packet, a different vulnerability than CVE-2015-4931, CVE-2015-4933, CVE-2015-4934, and CVE-2015-4935.

2015-08-03

10.0CVE-2015-4932CONFIRM

ibm -- tivoli_storage_manager_fastback

Stack-based buffer overflow in the server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12.1 allows remote attackers to execute arbitrary code via a crafted packet, a different vulnerability than CVE-2015-4931, CVE-2015-4932, CVE-2015-4934, and CVE-2015-4935.

2015-08-03

10.0CVE-2015-4933CONFIRM

ibm -- tivoli_storage_manager_fastback

Stack-based buffer overflow in the server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12.1 allows remote attackers to execute arbitrary code via a crafted packet, a different vulnerability than CVE-2015-4931, CVE-2015-4932, CVE-2015-4933, and CVE-2015-4935.

2015-08-03

10.0CVE-2015-4934CONFIRM

Page 15: Vulnerability Summary for the Week of August 3, 2015

PrimaryVendor -- Product

Description PublishedCVSS Score

Source & Patch Info

ibm -- tivoli_storage_manager_fastback

Stack-based buffer overflow in the server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12.1 allows remote attackers to execute arbitrary code via a crafted packet, a different vulnerability than CVE-2015-4931, CVE-2015-4932, CVE-2015-4933, and CVE-2015-4934.

2015-08-03

10.0CVE-2015-4935CONFIRM

openbsd -- openssh

The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH through 6.9 does not properly restrict the processing of keyboard-interactive devices within a single connection, which makes it easier for remote attackers to conduct brute-force attacks or cause a denial of service (CPU consumption) via a long and duplicative list in the ssh -oKbdInteractiveDevices option, as demonstrated by a modified client that provides a different password for each pam element on this list.

2015-08-02

8.5

CVE-2015-5600FULLDISCMLISTCONFIRMCONFIRM

symantec -- endpoint_protection_manager The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote attackers to bypass

2015-07-31

7.5 CVE-2015-1486CONFIRMBID

Page 16: Vulnerability Summary for the Week of August 3, 2015

PrimaryVendor -- Product

Description PublishedCVSS Score

Source & Patch Info

authentication via a crafted password-reset action that triggers a new administrative session.

symantec -- endpoint_protection_manager

The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to gain privileges via unspecified vectors.

2015-07-31

8.5

CVE-2015-1489CONFIRMBID

symantec -- endpoint_protection_manager

Untrusted search path vulnerability in the client in Symantec Endpoint Protection 12.1 before 12.1-RU6-MP1 allows local users to gain privileges via a Trojan horse DLL in a client install package.

2015-07-31

8.5

CVE-2015-1492CONFIRMBID

timedoctor -- timedoctor

The autoupdate implementation in TimeDoctor Pro 1.4.72.3 on Windows relies on unsigned installer files that are retrieved without use of SSL, which makes it easier for man-in-the-middle attackers to execute arbitrary code via a crafted file.

2015-08-06

9.3CVE-2015-4674FULLDISC

Back to top

Medium Vulnerabilities

Page 17: Vulnerability Summary for the Week of August 3, 2015

PrimaryVendor -- Product

Description PublishedCVSS Score

Source & Patch Info

chiyutw -- bf-630

Cross-site scripting (XSS) vulnerability on Chiyu BF-630, BF-630W, and BF-660C fingerprint access-control devices allows remote attackers to inject arbitrary web script or HTML via a SCRIPT element.

2015-07-31

4.3CVE-2015-2870CERT-VN

cisco -- anyconnect_secure_mobility_client

Directory traversal vulnerability in Cisco AnyConnect Secure Mobility Client 4.0(2049) allows remote head-end systems to write to arbitrary files via a crafted configuration attribute, aka Bug ID CSCut93920.

2015-07-31

6.4CVE-2015-4289CISCO

cisco -- prime_central_for_hosted_collaboration_solution_assurance

Cross-site scripting (XSS) vulnerability in the management interface in Cisco Prime Central for Hosted Collaboration

2015-07-31

4.3 CVE-2015-4292CISCO

Page 18: Vulnerability Summary for the Week of August 3, 2015

PrimaryVendor -- Product

Description PublishedCVSS Score

Source & Patch Info

Solution (PC4HCS) 10.6(2) allows remote attackers to inject arbitrary web script or HTML via an unspecified value, aka Bug ID CSCuv45818.

cisco -- unified_communications_manager_im_and_presence_service

Cross-site scripting (XSS) vulnerability in Cisco IM and Presence Service before 10.5 MR1 allows remote attackers to inject arbitrary web script or HTML by constructing a crafted URL that leverages incomplete filtering of HTML elements, aka Bug ID CSCut41766.

2015-07-31

4.3CVE-2015-4294CISCO

cisco -- unified_communications_manager The Prime Collaboration Deployment component in Cisco Unified Communications

2015-07-31

4.0 CVE-2015-4295CISCO

Page 19: Vulnerability Summary for the Week of August 3, 2015

PrimaryVendor -- Product

Description PublishedCVSS Score

Source & Patch Info

Manager 10.5(3.10000.9) allows remote authenticated users to discover root credentials via a direct request to an unspecified URL, aka Bug ID CSCuv21819.

garrettcom -- magnum_10k_firmware

Multiple cross-site scripting (XSS) vulnerabilities in the web-server component in MNS before 4.5.6 on Belden GarrettCom Magnum 6K and Magnum 10K switches allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

2015-08-03

4.3

CVE-2015-3942MISCCONFIRM

garrettcom -- magnum_10k_firmware The firmware in MNS before 4.5.6 on Belden GarrettCom Magnum 6K and Magnum 10K

2015-08-03

4.3 CVE-2015-3960MISCCONFIRM

Page 20: Vulnerability Summary for the Week of August 3, 2015

PrimaryVendor -- Product

Description PublishedCVSS Score

Source & Patch Info

switches uses hardcoded RSA private keys and certificates across different customers' installations, which makes it easier for remote attackers to defeat cryptographic protection mechanisms for HTTPS sessions by leveraging knowledge of a private key from another installation.

ibm -- websphere_extreme_scale

Unspecified vulnerability in IBM WebSphere eXtreme Scale 8.6 through 8.6.0.8 allows remote attackers to cause a denial of service via unknown vectors.

2015-08-03

5.0

CVE-2015-4936CONFIRMAIXAPAR

linux -- linux_kernel The ping_unhash function in net/ipv4/ping.c in the Linux kernel before 4.0.3 does

2015-08-05

4.9 CVE-2015-3636CONFIRMCONFIRMMLIST

Page 21: Vulnerability Summary for the Week of August 3, 2015

PrimaryVendor -- Product

Description PublishedCVSS Score

Source & Patch Info

not initialize a certain list data structure during an unhash operation, which allows local users to gain privileges or cause a denial of service (use-after-free and system crash) by leveraging the ability to make a SOCK_DGRAM socket system call for the IPPROTO_ICMP or IPPROTO_ICMPV6 protocol, and then making a connect system call after a disconnect.

CONFIRMCONFIRM

linux -- linux_kernel The udf_read_inode function in fs/udf/inode.c in the Linux kernel before 3.19.1 does not validate certain length values, which allows local users to cause a denial of

2015-08-05

4.7 CVE-2015-4167CONFIRMCONFIRMMLISTCONFIRMCONFIRM

Page 22: Vulnerability Summary for the Week of August 3, 2015

PrimaryVendor -- Product

Description PublishedCVSS Score

Source & Patch Info

service (incorrect data representation or integer overflow, and OOPS) via a crafted UDF filesystem.

openbsd -- openssh

The x11_open_helper function in channels.c in ssh in OpenSSH before 6.9, when ForwardX11Trusted mode is not used, lacks a check of the refusal deadline for X connections, which makes it easier for remote attackers to bypass intended access restrictions via a connection outside of the permitted time window.

2015-08-02

4.3

CVE-2015-5352CONFIRMCONFIRMMLIST

schneider-electric -- wonderware_system_platform_2014 Untrusted search path vulnerability in Schneider Electric Wonderware System Platform

2015-08-03

6.9 CVE-2015-3940MISCCONFIRM

Page 23: Vulnerability Summary for the Week of August 3, 2015

PrimaryVendor -- Product

Description PublishedCVSS Score

Source & Patch Info

before 2014 R2 Patch 01 allows local users to gain privileges via a Trojan horse DLL in an unspecified directory.

siemens -- ruggedcom_rugged_operating_system

The SSL layer of the HTTPS service in Siemens RuggedCom ROS before 4.2.0 and ROX II does not properly implement CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a different vulnerability than CVE-2014-3566.

2015-08-02

4.3

CVE-2015-5537MISCCONFIRM

symantec -- endpoint_protection_manager The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote

2015-07-31

5.5 CVE-2015-1487CONFIRMBID

Page 24: Vulnerability Summary for the Week of August 3, 2015

PrimaryVendor -- Product

Description PublishedCVSS Score

Source & Patch Info

authenticated users to write to arbitrary files, and consequently obtain administrator privileges, via a crafted filename.

symantec -- endpoint_protection_manager

An unspecified action handler in the management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to read arbitrary files via unknown vectors.

2015-07-31

4.0

CVE-2015-1488CONFIRMBID

symantec -- endpoint_protection_manager Directory traversal vulnerability in the management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users

2015-07-31

5.5 CVE-2015-1490CONFIRMBID

Page 25: Vulnerability Summary for the Week of August 3, 2015

PrimaryVendor -- Product

Description PublishedCVSS Score

Source & Patch Info

to read arbitrary files via a relative pathname in a client installation package.

symantec -- endpoint_protection_manager

SQL injection vulnerability in the management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

2015-07-31

6.0

CVE-2015-1491CONFIRMBID

windriver -- vxworks Wind River VxWorks before 5.5.1, 6.5.x through 6.7.x before 6.7.1.1, 6.8.x before 6.8.3, 6.9.x before 6.9.4.4, and 7.x before 7 ipnet_coreip 1.2.2.0, as used on Schneider Electric SAGE RTU devices before J2 and other devices, does not

2015-08-03

5.8 CVE-2015-3963MISCCONFIRM

Page 26: Vulnerability Summary for the Week of August 3, 2015

PrimaryVendor -- Product

Description PublishedCVSS Score

Source & Patch Info

properly generate TCP initial sequence number (ISN) values, which makes it easier for remote attackers to spoof TCP sessions by predicting an ISN value.

wordpress -- wordpress

Multiple cross-site scripting (XSS) vulnerabilities in WordPress before 4.1.2, when MySQL is used without strict mode, allow remote attackers to inject arbitrary web script or HTML via a (1) four-byte UTF-8 character or (2) invalid character that reaches the database layer, as demonstrated by a crafted character in a comment.

2015-08-04

4.3

CVE-2015-3438CONFIRMCONFIRMMISC

wordpress -- wordpress Cross-site scripting (XSS) vulnerability in the Ephox

2015-08-05

4.3 CVE-2015-3439CONFIRM

Page 27: Vulnerability Summary for the Week of August 3, 2015

PrimaryVendor -- Product

Description PublishedCVSS Score

Source & Patch Info

(formerly Moxiecode) plupload.flash.swf shim 2.1.2 in Plupload, as used in WordPress 3.9.x, 4.0.x, and 4.1.x before 4.1.2 and other products, allows remote attackers to execute same-origin JavaScript functions via the target parameter, as demonstrated by executing a certain click function, related to _init.asand _fireEvent.as.

CONFIRMCONFIRMMISC

wordpress -- wordpress Cross-site scripting (XSS) vulnerability in wp-includes/wp-db.php in WordPress before 4.2.1 allows remote attackers to inject arbitrary web script or HTML via a long

2015-08-03

4.3 CVE-2015-3440CONFIRMMISCCONFIRMFULLDISCCONFIRM

Page 28: Vulnerability Summary for the Week of August 3, 2015

PrimaryVendor -- Product

Description PublishedCVSS Score

Source & Patch Info

comment that is improperly stored because of limitations on the MySQL TEXT data type.

wordpress -- wordpress

WordPress before 4.2.3 does not properly verify the edit_posts capability, which allows remote authenticated users to bypass intended access restrictions and create drafts by leveraging the Subscriber role, as demonstrated by a post-quickdraft-save action to wp-admin/post.php.

2015-08-03

4.0

CVE-2015-5623CONFIRMCONFIRMCONFIRMMLIST

Back to top

Low Vulnerabilities

PrimaryVendor -- Product

Description PublishedCVSS Score

Source & Patch Info

garrettcom -- magnum_10k_firmwareThe web-server component in MNS before 4.5.6 on Belden

2015-08-03

3.5CVE-2015-3961

Page 29: Vulnerability Summary for the Week of August 3, 2015

PrimaryVendor -- Product

Description PublishedCVSS Score

Source & Patch Info

GarrettCom Magnum 6K and Magnum 10K switches allows remote authenticated users to cause a denial of service (memory corruption and reboot) via a crafted URL.

MISCCONFIRM

ibm -- business_process_manager

IBM Business Process Manager (BPM) 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, 8.5.5 through 8.5.5.0, and 8.5.6 through 8.5.6.0, when external Enterprise Content Management (ECM) integration is enabled with a certain technical system account configuration, allows remote authenticated users to bypass intended document-access restrictions via a (1) upload or (2) download action.

2015-07-31

3.5

CVE-2015-1904CONFIRMAIXAPAR

ibm -- websphere_datapower_xc10_appliance_firmware

The IBM WebSphere DataPower XC10 appliance 2.1 through 2.1.0.3 and 2.5 through 2.5.0.4 retains data on SSD cards, which might allow physically proximate attackers to obtain sensitive information by extracting a card and attaching it elsewhere.

2015-08-03

2.1

CVE-2015-1970CONFIRMAIXAPAR

indusoft -- web_studio Schneider Electric InduSoft Web Studio before 7.1.3.5 Patch 5

2015-07-31

1.7 CVE-2015-1009

Page 30: Vulnerability Summary for the Week of August 3, 2015

PrimaryVendor -- Product

Description PublishedCVSS Score

Source & Patch Info

and Wonderware InTouch Machine Edition through 7.1 SP3 Patch 4 use cleartext for project-window password storage, which allows local users to obtain sensitive information by reading a file.

MISCMISCCONFIRM

siemens -- simatic_wincc_sm@rtclient

The Siemens SIMATIC WinCC Sm@rtClient and Sm@rtClient Lite applications before 01.00.01.00 for Android do not properly store passwords, which allows physically proximate attackers to obtain sensitive information via unspecified vectors.

2015-08-02

2.1

CVE-2015-5084MISCCONFIRM

wordpress -- wordpress

Cross-site scripting (XSS) vulnerability in WordPress before 4.2.3 allows remote authenticated users to inject arbitrary web script or HTML by leveraging the Author or Contributor role to place a crafted shortcode inside an HTML element, related to wp-includes/kses.php and wp-includes/shortcodes.php.

2015-08-03

3.5

CVE-2015-5622CONFIRMCONFIRMCONFIRMMLIST

This product is provided subject to this Notification and this Privacy & Use policy.