Computer Security
[EN] securityvulns.ru no-pyccku


HP 3PAR Service Processor SPOCC information disclosure
Published:12.10.2015
Source:
SecurityVulns ID:14716
Type:remote
Threat Level:
5/10
Affected:HP : 3PAR Service Processor SP 4.3
CVE:CVE-2015-5443 (HP 3PAR Service Processor SP 4.2.0.GA-29 (GA) SPOCC, SP 4.3.0.GA-17 (GA) SPOCC, and SP 4.3.0-GA-24 (MU1) SPOCC allows remote authenticated users to obtain sensitive information via unspecified vectors.)
Original documentdocumentHP, [security bulletin] HPSBST03502 rev.1 - HP 3PAR Service Processor (SP) SPOCC, Remote Disclosure of Information (12.10.2015)

Cisco Prime multiple security vulnerabilities
Published:12.10.2015
Source:
SecurityVulns ID:14724
Type:remote
Threat Level:
6/10
Description:Restrictions bypass, privilege escalation, information disclosure.
Affected:CISCO : Cisco Prime Collaboration Assurance 10.5
CVE:CVE-2015-6259 (The JavaServer Pages (JSP) component in Cisco Integrated Management Controller (IMC) Supervisor before 1.0.0.1 and UCS Director (formerly Cloupia Unified Infrastructure Controller) before 5.2.0.1 allows remote attackers to write to arbitrary files via crafted HTTP requests, aka Bug IDs CSCus36435 and CSCus62625.)
 CVE-2015-4307 (The web framework in Cisco Prime Collaboration Provisioning before 11.0 allows remote authenticated users to bypass intended access restrictions and create administrative accounts via a crafted URL, aka Bug ID CSCut64111.)
 CVE-2015-4306 (The web framework in Cisco Prime Collaboration Assurance before 10.5.1.53684-1 allows remote authenticated users to bypass intended login-session read restrictions, and impersonate administrators of arbitrary tenant domains, by discovering a session identifier and constructing a crafted URL, aka Bug IDs CSCus88343 and CSCus88334.)
 CVE-2015-4305 (The web framework in Cisco Prime Collaboration Assurance before 10.5.1.53684-1 allows remote authenticated users to bypass intended system-database read restrictions, and discover credentials or SNMP communities for arbitrary tenant domains, via a crafted URL, aka Bug ID CSCus62656.)
 CVE-2015-4304 (The web framework in Cisco Prime Collaboration Assurance before 10.5.1.53684-1 allows remote authenticated users to bypass intended access restrictions, and create administrative accounts or read data from arbitrary tenant domains, via a crafted URL, aka Bug IDs CSCus62671 and CSCus62652.)
Files:Cisco Security Advisory Multiple Vulnerabilities in Cisco Prime Collaboration Assurance
 Cisco Security Advisory Cisco Integrated Management Controller Supervisor and Cisco UCS Director Remote File Overwrite Vulnerability
 Cisco Security Advisory Cisco Prime Collaboration Provisioning Web Framework Access Controls Bypass Vulnerability

EMC RSA OneStep directory traversal
Published:12.10.2015
Source:
SecurityVulns ID:14730
Type:remote
Threat Level:
5/10
Description:Arbitrary files access.
Affected:EMC : RSA OneStep 6.9
CVE:CVE-2015-4546 (Directory traversal vulnerability in EMC RSA OneStep 6.9 before build 559, as used in RSA Certificate Manager and RSA Registration Manager through 6.9 build 558 and other products, allows remote attackers to read arbitrary files via a crafted KCSOSC_ERROR_PAGE parameter.)
Original documentdocumentEMC, ESA-2015-151: RSA® OneStep Path Traversal Vulnerability (12.10.2015)

Unity Settings Daemon privilege escalation
Published:12.10.2015
Source:
SecurityVulns ID:14725
Type:local
Threat Level:
5/10
Description:User's session access.
Affected:UBUNTU : Unity Settings Daemon 14.04
CVE:CVE-2015-1319 (The Unity Settings Daemon before 14.04.0+14.04.20150825-0ubuntu2 and 15.04.x before 15.04.1+15.04.20150408-0ubuntu1.2 does not properly detect if the screen is locked, which allows physically proximate attackers to mount removable media while the screen is locked as demonstrated by inserting a USB thumb drive.)
Original documentdocumentUBUNTU, [USN-2741-1] Unity Settings Daemon vulnerability (12.10.2015)

Tripwire IP360 authentication bypass
Published:12.10.2015
Source:
SecurityVulns ID:14726
Type:remote
Threat Level:
5/10
Description:Authentication bypass, privilege escalation.
Affected:TRIPWIRE : Tripwire IP360 VnE
CVE:CVE-2015-6237
Original documentdocumentSpecto, CVE-2015-6237 - Tripwire IP360 VnE Remote Administrative API Authentication Bypass/Privilege Acquisition Vulnerability (12.10.2015)

EMC RSA Web Threat Detection security vulnerabilities
Published:12.10.2015
Source:
SecurityVulns ID:14729
Type:remote
Threat Level:
5/10
Description:Information disclosure, privilege escalation.
Affected:EMC : RSA Web Threat Detection 5.1
CVE:CVE-2015-4548 (EMC RSA Web Threat Detection before 5.1 SP1 allows local users to obtain root privileges by leveraging access to a service account and writing commands to a service configuration file.)
 CVE-2015-4547 (EMC RSA Web Threat Detection before 5.1 SP1 stores a cleartext AnnoDB password in a configuration file, which allows remote authenticated users to obtain sensitive information by reading this file.)
Original documentdocumentEMC, ESA-2015-152: RSA Web Threat Detection Multiple Vulnerabilities (12.10.2015)

Microsoft Exchange information disclosure
updated since 15.09.2015
Published:12.10.2015
Source:
SecurityVulns ID:14691
Type:remote
Threat Level:
5/10
Description:Information disclosure and spoofing, crossite scripting.
Affected:MICROSOFT : Exchange Server 2013
CVE:CVE-2015-2544 (Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2013 Cumulative Update 8 and 9 and SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted e-mail message, aka "Exchange Spoofing Vulnerability.")
 CVE-2015-2543 (Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2013 Cumulative Update 8 and 9 allows remote attackers to inject arbitrary web script or HTML via a crafted e-mail message, aka "Exchange Spoofing Vulnerability.")
 CVE-2015-2505 (Outlook Web Access (OWA) in Microsoft Exchange Server 2013 Cumulative Update 8 and 9 and SP1 allows remote attackers to obtain sensitive stacktrace information via a crafted request, aka "Exchange Information Disclosure Vulnerability.")
Original documentdocumentMICROSOFT, Microsoft Exchange Information Disclosure (12.10.2015)
Files: Microsoft Security Bulletin MS15-103 - Important Vulnerabilities in Microsoft Exchange Server Could Allow Information Disclosure (3089250)

FreeSWITCH buffer overflow
Published:12.10.2015
Source:
SecurityVulns ID:14727
Type:library
Threat Level:
6/10
Description:Buffer overflow on JSON parsing.
Affected:FREESWITCH : freeswitch 1.6
CVE:CVE-2015-7392 (Heap-based buffer overflow in the parse_string function in libs/esl/src/esl_json.c in FreeSWITCH before 1.4.23 and 1.6.x before 1.6.2 allows remote attackers to execute arbitrary code via a trailing \u in a json string to cJSON_Parse.)
Original documentdocumentMarcello Duarte, CVE-2015-7392 Heap overflow in Freeswitch json parser < 1.6.2 & < 1.4.23 (12.10.2015)

Cisco AnyConnect privilege escalation
Published:12.10.2015
Source:
SecurityVulns ID:14721
Type:local
Threat Level:
5/10
Description:Privilege escalation via DLLs and DMG files.
Affected:CISCO : AnyConnect Secure Mobility Client 4.1
CVE:CVE-2015-6306 (Cisco AnyConnect Secure Mobility Client 4.1(8) on OS X and Linux does not verify pathnames before installation actions, which allows local users to obtain root privileges via a crafted installation file, aka Bug ID CSCuv11947.)
 CVE-2015-6305 (Untrusted search path vulnerability in the CMainThread::launchDownloader function in vpndownloader.exe in Cisco AnyConnect Secure Mobility Client 2.0 through 4.1 on Windows allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by dbghelp.dll, aka Bug ID CSCuv01279. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-4211.)
Original documentdocumentSecurify B.V., Cisco AnyConnect elevation of privileges via DLL side loading (12.10.2015)
 documentSecurify B.V., Cisco AnyConnect elevation of privileges via DMG install script (12.10.2015)

Cisco TelePresence Server DoS
Published:12.10.2015
Source:
SecurityVulns ID:14723
Type:remote
Threat Level:
5/10
Description:Conference Control Protocol API buffer overflow.
Affected:CISCO : TelePresence Server 4.1
CVE:CVE-2015-6284 (Buffer overflow in the Conference Control Protocol API implementation in Cisco TelePresence Server software before 4.1(2.33) on 7010, MSE 8710, Multiparty Media 310 and 320, and Virtual Machine devices allows remote attackers to cause a denial of service (device crash) via a crafted URL, aka Bug ID CSCuu28277.)
Files:Cisco Security Advisory Cisco TelePresence Server Denial of Service Vulnerability

libvirt / qemu multiple security vulnerabilities
Published:12.10.2015
Source:
SecurityVulns ID:14718
Type:library
Threat Level:
6/10
Description:DoS, memory corruptions.
Affected:QEMU : QEMU 2.4
CVE:CVE-2015-6855 (hw/ide/core.c in QEMU does not properly restrict the commands accepted by an ATAPI device, which allows guest users to cause a denial of service or possibly have unspecified other impact via certain IDE commands, as demonstrated by a WIN_READ_NATIVE_MAX command to an empty drive, which triggers a divide-by-zero error and instance crash.)
 CVE-2015-6815
 CVE-2015-5279 (Heap-based buffer overflow in the ne2000_receive function in hw/net/ne2000.c in QEMU before 2.4.0.1 allows guest OS users to cause a denial of service (instance crash) or possibly execute arbitrary code via vectors related to receiving packets.)
 CVE-2015-5278
 CVE-2015-5239
Original documentdocumentUBUNTU, [USN-2745-1] QEMU vulnerabilities (12.10.2015)

wireshark multiple security vulnerabilities
Published:12.10.2015
Source:
SecurityVulns ID:14719
Type:remote
Threat Level:
5/10
Description:Multiple vulnerabilities in different protocols dissectors.
Affected:WIRESHARK : Wireshark 1.12
CVE:CVE-2015-6249 (The dissect_wccp2r1_address_table_info function in epan/dissectors/packet-wccp.c in the WCCP dissector in Wireshark 1.12.x before 1.12.7 does not prevent the conflicting use of a table for both IPv4 and IPv6 addresses, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.)
 CVE-2015-6248 (The ptvcursor_add function in the ptvcursor implementation in epan/proto.c in Wireshark 1.12.x before 1.12.7 does not check whether the expected amount of data is available, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.)
 CVE-2015-6247 (The dissect_openflow_tablemod_v5 function in epan/dissectors/packet-openflow_v5.c in the OpenFlow dissector in Wireshark 1.12.x before 1.12.7 does not validate a certain offset value, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.)
 CVE-2015-6246 (The dissect_wa_payload function in epan/dissectors/packet-waveagent.c in the WaveAgent dissector in Wireshark 1.12.x before 1.12.7 mishandles large tag values, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.)
 CVE-2015-6245 (epan/dissectors/packet-gsm_rlcmac.c in the GSM RLC/MAC dissector in Wireshark 1.12.x before 1.12.7 uses incorrect integer data types, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.)
 CVE-2015-6244 (The dissect_zbee_secure function in epan/dissectors/packet-zbee-security.c in the ZigBee dissector in Wireshark 1.12.x before 1.12.7 improperly relies on length fields contained in packet data, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.)
 CVE-2015-6243 (The dissector-table implementation in epan/packet.c in Wireshark 1.12.x before 1.12.7 mishandles table searches for empty strings, which allows remote attackers to cause a denial of service (application crash) via a crafted packet, related to the (1) dissector_get_string_handle and (2) dissector_get_default_string_handle functions.)
 CVE-2015-6242 (The wmem_block_split_free_chunk function in epan/wmem/wmem_allocator_block.c in the wmem block allocator in the memory manager in Wireshark 1.12.x before 1.12.7 does not properly consider a certain case of multiple realloc operations that restore a memory chunk to its original size, which allows remote attackers to cause a denial of service (incorrect free operation and application crash) via a crafted packet.)
 CVE-2015-6241 (The proto_tree_add_bytes_item function in epan/proto.c in the protocol-tree implementation in Wireshark 1.12.x before 1.12.7 does not properly terminate a data structure after a failure to locate a number within a string, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 3367-1] wireshark security update (12.10.2015)

Cisco IOS / Cisco IOS XE multiple security vulnerabilities
Published:12.10.2015
Source:
SecurityVulns ID:14722
Type:remote
Threat Level:
8/10
Description:Authentication bypass, DoS.
Affected:CISCO : IOS 15.5
 CISCO : IOS XE 3.15
CVE:CVE-2015-6282 (Cisco IOS XE 2.x and 3.x before 3.10.6S, 3.11.xS through 3.13.xS before 3.13.3S, and 3.14.xS through 3.15.xS before 3.15.1S allows remote attackers to cause a denial of service (device reload) via IPv4 packets that require NAT and MPLS actions, aka Bug ID CSCut96933.)
 CVE-2015-6280 (The SSHv2 functionality in Cisco IOS 15.2, 15.3, 15.4, and 15.5 and IOS XE 3.6E before 3.6.3E, 3.7E before 3.7.1E, 3.10S before 3.10.6S, 3.11S before 3.11.4S, 3.12S before 3.12.3S, 3.13S before 3.13.3S, and 3.14S before 3.14.1S does not properly implement RSA authentication, which allows remote attackers to obtain login access by leveraging knowledge of a username and the associated public key, aka Bug ID CSCus73013.)
 CVE-2015-6279 (The IPv6 snooping functionality in the first-hop security subsystem in Cisco IOS 12.2, 15.0, 15.1, 15.2, 15.3, 15.4, and 15.5 and IOS XE 3.2SE, 3.3SE, 3.3XO, 3.4SG, 3.5E, and 3.6E before 3.6.3E; 3.7E before 3.7.2E; 3.9S and 3.10S before 3.10.6S; 3.11S before 3.11.4S; 3.12S and 3.13S before 3.13.3S; and 3.14S before 3.14.2S allows remote attackers to cause a denial of service (device reload) via a malformed ND packet with the Cryptographically Generated Address (CGA) option, aka Bug ID CSCuo04400.)
 CVE-2015-6278 (The IPv6 snooping functionality in the first-hop security subsystem in Cisco IOS 12.2, 15.0, 15.1, 15.2, 15.3, 15.4, and 15.5 and IOS XE 3.2SE, 3.3SE, 3.3XO, 3.4SG, 3.5E, and 3.6E before 3.6.3E; 3.7E before 3.7.2E; 3.9S and 3.10S before 3.10.6S; 3.11S before 3.11.4S; 3.12S and 3.13S before 3.13.3S; and 3.14S before 3.14.2S does not properly implement the Control Plane Protection (aka CPPr) feature, which allows remote attackers to cause a denial of service (device reload) via a flood of ND packets, aka Bug ID CSCus19794.)
Files:Cisco Security Advisory Cisco IOS and IOS XE Software IPv6 First Hop Security Denial of Service Vulnerabilities
 Cisco Security Advisory Cisco IOS and IOS XE Software SSH Version 2 RSA-Based User Authentication Bypass Vulnerability
 Cisco Security Advisory Cisco IOS XE Software Network Address Translation Denial of Service Vulnerability

NVidia graphics drivers privilege escalation
Published:12.10.2015
Source:
SecurityVulns ID:14717
Type:local
Threat Level:
6/10
Description:Privilege escalation via IOCTL processing.
CVE:CVE-2015-5950 (The NVIDIA display driver R352 before 353.82 and R340 before 341.81 on Windows; R304 before 304.128, R340 before 340.93, and R352 before 352.41 on Linux; and R352 before 352.46 on GRID vGPU and vSGA allows local users to write to an arbitrary kernel memory location and consequently gain privileges via a crafted ioctl call.)
Original documentdocumentUBUNTU, [USN-2747-1] NVIDIA graphics drivers vulnerability (12.10.2015)

EMC RSA Archer GRC multiple seucurity vulnerabilities
Published:12.10.2015
Source:
SecurityVulns ID:14728
Type:remote
Threat Level:
5/10
Description:Restrictions bypass, crossite scripting, information disclosure.
Affected:EMC : RSA Archer GRC 5.5
CVE:CVE-2015-4543 (EMC RSA Archer GRC 5.x before 5.5.3 uses cleartext for stored passwords in unspecified circumstances, which allows remote authenticated users to obtain sensitive information by reading database fields.)
 CVE-2015-4542 (EMC RSA Archer GRC 5.x before 5.5.3 allows remote authenticated users to bypass intended access restrictions, and read or modify Discussion Forum Fields messages, via unspecified vectors.)
 CVE-2015-4541 (Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Archer GRC 5.x before 5.5.3 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.)
Original documentdocumentEMC, ESA-2015-142: RSA Archer® GRC Platform Multiple Vulnerabilities (12.10.2015)

apport security vulnerabilities
updated since 12.10.2015
Published:02.11.2015
Source:
SecurityVulns ID:14720
Type:local
Threat Level:
5/10
Description:Symbolic links and hadlinks vulnerability in log files, privilege escalation.
Affected:APPORT : Apport 2.18
CVE:CVE-2015-1338 (kernel_crashdump in Apport before 2.19 allows local users to cause a denial of service (disk consumption) or possibly gain privileges via a (1) symlink or (2) hard link attack on /var/crash/vmcore.log.)
Original documentdocumentUBUNTU, [USN-2782-1] Apport vulnerability (02.11.2015)
 documentUBUNTU, [USN-2744-1] Apport vulnerability (12.10.2015)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod