Você está na página 1de 31

SB15-222: Vulnerability Summary for the Week of August 3, 2015

Original release date: August 10, 2015


The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common
Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0
Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9
Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

High Vulnerabilities
Primary
Vendor -- Product

chiyutw -- bf-660c

chiyutw -- bf-630

Published

CVSS Source &


Score Patch Info

Chiyu BF-660C fingerprint


access-control devices allow
remote attackers to bypass
authentication and (1) read or (2)
2015-07modify communication
31
configuration settings via a
request to net.htm, a different
vulnerability than CVE-20155618.

CVE-20157.5 2871
CERT-VN

Description

Chiyu BF-630 and BF-630W


2015-07fingerprint access-control devices
31
allow remote attackers to bypass
authentication and (1) read or (2)
modify (a) Voice Time Set
configuration settings via a

7.5 CVE-20155618
CERT-VN

Primary
Vendor -- Product

Description

Published

CVSS Source &


Score Patch Info

request to voice.htm or (b)


UniFinger configuration settings
via a request to bf.htm, a different
vulnerability than CVE-20152871.

cisco -- ios_xe

Cisco IOS XE 2.x before 2.4.3


and 2.5.x before 2.5.1 on ASR
1000 devices allows remote
attackers to cause a denial of
service (Embedded Services
Processor crash) via a crafted
series of fragmented (1) IPv4 or
(2) IPv6 packets, aka Bug ID
CSCtd72617.

2015-0731

CVE-20157.8 4291
CISCO

dell -- bios

The BIOS implementation on Dell


Latitude, OptiPlex, Precision
Mobile Workstation, and Precision
Workstation Client Solutions (CS)
devices with model-dependent
firmware before A21 does not
2015-07enforce a BIOS_CNTL locking
31
protection mechanism upon being
woken from sleep, which allows
local users to conduct EFI flash
attacks by leveraging console
access, a similar issue to CVE2015-3692.

CVE-20152890
7.2
CONFIRM
CERT-VN

The firmware in MNS before 4.5.6 2015-08on Belden GarrettCom Magnum


03
6K and Magnum 10K switches

7.2 CVE-20153959
MISC

garrettcom -- magnum_10k_firmware

Primary
Vendor -- Product

Description
has a hardcoded serial-console
password for a privileged
account, which might allow
physically proximate attackers to
obtain access by establishing a
console session to a nonstandard
installation on which this account
is enabled, and leveraging
knowledge of this password.

gehealthcare -- entegra_p&r_firmware

gehealthcare -- millennium_mg

Published

CVSS Source &


Score Patch Info

CONFIRM

GE Healthcare eNTEGRA P&R


has a password of (1) entegra for
the entegra user, (2) passme for
the super user of the
Polestar/Polestar-i Starlink 4
upgrade, (3) 0 for the entegra
user of the Codonics printer FTP
CVE-2001service, (4) eNTEGRA for the
1594
2015-08eNTEGRA P&R user account, (5)
10.0 MISC
04
insite for the WinVNC Login, and
MISC
possibly other accounts, which
CONFIRM
has unspecified impact and attack
vectors. NOTE: it is not clear
whether this password is default,
hardcoded, or dependent on
another system or product that
requires a fixed value.
GE Healthcare Millennium MG,
2015-08- 10.0 CVE-2002NC, and MyoSIGHT has a default
04
2445
password of (1) root.genie for the
MISC
root user, (2) "service." for the
MISC

Primary
Vendor -- Product

Description
service user, (3) admin.genie for
the admin user, (4) reboot for the
reboot user, and (5) shutdown for
the shutdwon user, which has
unspecified impact and attack
vectors.

Published

CVSS Source &


Score Patch Info

CONFIRM
CONFIRM

gehealthcare -- millennium_mg_firmware

GE Healthcare Millennium MG,


NC, and MyoSIGHT has a
password of insite.genieacq for
the insite account that cannot be
changed without disabling
product functionality for remote
InSite support, which has
unspecified impact and attack
vectors.

gehealthcare -- discovery_vh

GE Healthcare Discovery VH has


a default password of (1) interfile
CVE-2003for the ftpclient user of the
1603
Interfile server or (2) "2" for the
2015-0810.0 MISC
LOCAL user of the FTP server for
04
MISC
the Codonics printer, which has
CONFIRM
unspecified impact and attack
vectors.

CVE-20022446
2015-08MISC
10.0
04
MISC
CONFIRM
CONFIRM

gehealthcare -- centricity_image_vault_firmware GE Healthcare Centricity Image 2015-08- 10.0 CVE-2004Vault 3.x has a password of (1)
04
2777
gemnet for the administrator
MISC
account, (2) webadmin for the
MISC
webadmin administrator account
CONFIRM
of the ASACA DVD library, (3) an
empty value for the gemsservice

Primary
Vendor -- Product

Description

Published

CVSS Source &


Score Patch Info

account of the Ultrasound


Database, and possibly (4)
gemnet2002 for the gemnet2002
account of the GEMNet license
server, which has unspecified
impact and attack vectors. NOTE:
it is not clear whether this
password is default, hardcoded,
or dependent on another system
or product that requires a fixed
value.

gehealthcare -- infinia_ii_firmware

gehealthcare -- centricity_dms_firmware

GE Healthcare Infinia II has a


default password of (1) infinia for
the infinia user, (2) #bigguy1 for
CVE-2006the acqservice user, (3)
7253
dont4get2 for the Administrator
2015-0810.0 MISC
user, (4) #bigguy1 for the
04
MISC
emergency user, and (5)
CONFIRM
2Bfamous for the InfiniaAdmin
user, which has unspecified
impact and attack vectors.
GE Healthcare Centricity DMS
4.2, 4.1, and 4.0 has a password
of Muse!Admin for the
Museadmin user, which has
unspecified impact and attack
vectors. NOTE: it is not clear
whether this password is default,
hardcoded, or dependent on
another system or product that

2015-08- 10.0 CVE-200704


6757
MISC
MISC
CONFIRM
CONFIRM
CONFIRM

Primary
Vendor -- Product

Description

Published

CVSS Source &


Score Patch Info

requires a fixed value.

gehealthcare -- discovery_530c_firmware

GE Healthcare Discovery 530C


has a password of #bigguy1 for
the (1) acqservice user and (2)
wsservice user of the Xeleris
CVE-2009System, which has unspecified
5143
2015-08impact and attack vectors. NOTE:
10.0 MISC
04
it is not clear whether this
MISC
password is default, hardcoded,
CONFIRM
or dependent on another system
or product that requires a fixed
value.

gehealthcare -- optima_ct520_firmware

CVE-2010GE Healthcare Optima CT680,


5306
CT540, CT640, and CT520 has a
MISC
default password of #bigguy for
2015-0810.0 MISC
the root user, which has
04
CONFIRM
unspecified impact and attack
CONFIRM
vectors.
CONFIRM

gehealthcare -- optima_mr360_firmware

The HIPAA configuration interface 2015-08- 10.0 CVE-2010in GE Healthcare Optima MR360
04
5307
has a password of (1) operator for
MISC
the root account, (2) adw2.0 for
MISC
the admin account, and (3)
CONFIRM
adw2.0 for the sdc account, which
has unspecified impact and attack
vectors. NOTE: it is not clear
whether these passwords are
default, hardcoded, or dependent
on another system or product that

Primary
Vendor -- Product

Description

Published

CVSS Source &


Score Patch Info

requires a fixed value.

gehealthcare -- optima_mr360_firmware

GE Healthcare Optima MR360


does not require authentication
for the HIPAA emergency login
procedure, which allows
physically proximate users to gain
access via an arbitrary username
CVE-2010in the Emergency Login screen.
5308
2015-08NOTE: this might not qualify for
10.0 MISC
04
inclusion in CVE if
MISC
unauthenticated emergency
CONFIRM
access is part of the intended
security policy of the product, can
be controlled by the system
administrator, and is not enabled
by default.

gehealthcare -- cadstream_server_firmware

GE Healthcare CADStream
CVE-2010Server has a default password of
5309
2015-08confirma for the admin user,
10.0 MISC
04
which has unspecified impact and
MISC
attack vectors.
CONFIRM

gehealthcare -- revolution_xq/i

The Acquisition Workstation for


the GE Healthcare Revolution
XQ/i has a password of adw3.1
for the sdc user, which has
unspecified impact and attack
vectors. NOTE: it is not clear
whether this password is default,
hardcoded, or dependent on
another system or product that

2015-08- 10.0 CVE-201004


5310
MISC
MISC
CONFIRM

Primary
Vendor -- Product

Description

Published

CVSS Source &


Score Patch Info

requires a fixed value.

gehealthcare -- centricity_analytics_server

GE Healthcare Centricity
Analytics Server 1.1 has a default
password of (1) V0yag3r for the
SQL Server sa user, (2) G3car3s
CVE-2011for the analyst user, (3) G3car3s
5322
2015-08for the ccg user, (4) V0yag3r for
10.0 MISC
04
the viewer user, and (5) geservice
MISC
for the geservice user in the
CONFIRM
Webmin interface, which has
unspecified impact and attack
vectors.

gehealthcare -- centricity_pacs-iw

GE Healthcare Centricity PACSIW 3.7.3.7, 3.7.3.8, and possibly


other versions has a password of
CVE-2011A11enda1e for the sa SQL server
5323
user, which has unspecified
2015-08MISC
impact and attack vectors. NOTE:
10.0
04
MISC
it is not clear whether this
CONFIRM
password is default, hardcoded,
CONFIRM
or dependent on another system
or product that requires a fixed
value.

gehealthcare -- centricity_pacs-iw

The TeraRecon server, as used in 2015-08- 10.0 CVE-2011GE Healthcare Centricity PACS04
5324
IW 3.7.3.7, 3.7.3.8, and possibly
MISC
other versions, has a password of
MISC
(1) shared for the shared user
CONFIRM
and (2) scan for the scan user,
CONFIRM
which has unspecified impact and

Primary
Vendor -- Product

Description

Published

CVSS Source &


Score Patch Info

attack vectors. NOTE: it is not


clear whether this password is
default, hardcoded, or dependent
on another system or product that
requires a fixed value.

gehealthcare -- precision_mpi

GE Healthcare Precision MPi has


a password of (1) orion for the
serviceapp user, (2) orion for the
clinical operator user, and (3)
CVE-2012PlatinumOne for the administrator
6660
user, which has unspecified
2015-0810.0 MISC
impact and attack vectors. NOTE:
04
MISC
it is not clear whether these
CONFIRM
passwords are default,
hardcoded, or dependent on
another system or product that
requires a fixed value.

gehealthcare -- centricity_pacs_server

GE Healthcare Centricity PACS


CVE-20124.0 Server has a default
6693
password of (1) nasro for the
2015-08MISC
nasro (ReadOnly) user and (2)
10.0
04
MISC
nasrw for the nasrw (Read/Write)
CONFIRM
user, which has unspecified
CONFIRM
impact and attack vectors.

gehealthcare -- centricity_pacs_server

GE Healthcare Centricity PACS


2015-08- 10.0 CVE-2012Workstation 4.0 and 4.0.1, and
04
6694
Server 4.0, has a password of
MISC
2charGE for the geservice
MISC
account, which has unspecified
CONFIRM
impact and attack vectors related
CONFIRM

Primary
Vendor -- Product

Description

Published

CVSS Source &


Score Patch Info

to TimbuktuPro. NOTE: it is not


clear whether this password is
default, hardcoded, or dependent
on another system or product that
requires it.

gehealthcare -- centricity_pacs_workstation

GE Healthcare Centricity PACS


Workstation 4.0 and 4.0.1 has a
password of ddpadmin for the
ddpadmin user, which has
unspecified impact and attack
vectors. NOTE: it is not clear
whether this password is default,
hardcoded, or dependent on
another system or product that
requires a fixed value.

gehealthcare -- discovery_nm_750b

GE Healthcare Discovery NM
750b has a password of 2getin for
the insite account for (1) Telnet
CVE-2013and (2) FTP, which has
7404
unspecified impact and attack
2015-0810.0 MISC
vectors. NOTE: it is not clear
04
MISC
whether this password is default,
CONFIRM
hardcoded, or dependent on
another system or product that
requires a fixed value.

gehealthcare -- centricity_dms

CVE-20126695
2015-08MISC
10.0
04
MISC
CONFIRM
CONFIRM

The Ad Hoc Reporting feature in 2015-08- 10.0 CVE-2013GE Healthcare Centricity DMS
04
7405
4.2 has a password of Never!
MISC
Mind for the Administrator user,
MISC
which has unspecified impact and
CONFIRM

Primary
Vendor -- Product

Description

Published

CVSS Source &


Score Patch Info

attack vectors. NOTE: it is not


clear whether this password is
default, hardcoded, or dependent
on another system or product that
requires a fixed value.

gehealthcare -- centricity_pacs_workstation

GE Healthcare Centricity PACS


Workstation 4.0 and 4.0.1 has a
password of (1) CANal1 for the
CVE-2013Administrator user and (2) iis for
7442
the IIS user, which has
2015-08MISC
unspecified impact and attack
10.0
04
MISC
vectors related to TimbuktuPro.
CONFIRM
NOTE: it is not clear whether this
CONFIRM
password is default, hardcoded,
or dependent on another system
or product that requires it.

gehealthcare -- discovery_xr656

GE Healthcare Discovery XR656


and XR656 G2 has a password of
(1) 2getin for the insite user, (2)
CVE-20144$xray for the xruser user, and (3)
7232
#superxr for the root user, which
2015-08MISC
has unspecified impact and attack
10.0
04
MISC
vectors. NOTE: it is not clear
CONFIRM
whether these passwords are
CONFIRM
default, hardcoded, or dependent
on another system or product that
requires a fixed value.

gehealthcare -- precision_thunis-800+

GE Healthcare Precision
THUNIS-800+ has a default
password of (1) 1973 for the

2015-08- 10.0 CVE-201404


7233
MISC

Primary
Vendor -- Product

Description

Published

factory default System Utilities


menu, (2) TH8740 for installation
using TH8740_122_Setup.exe,
(3) hrml for "Setup and Activation"
using DSASetup, and (4) an
empty string for Shutter
Configuration, which has
unspecified impact and attack
vectors. NOTE: since these
passwords appear to be used to
access functionality during
installation, this issue might not
cross privilege boundaries and
might not be a vulnerability.

CVSS Source &


Score Patch Info

MISC
CONFIRM

GE Healthcare Centricity Clinical


Archive Audit Trail Repository has
a default password of initinit for
the (1) SSL key manager and (2)
CVE-2014server keystore; (3)
9736
gehealthcare -2015-08keystore_password for the server
10.0 MISC
centricity_clinical_archive_audit_trail_repository
04
truststore; and atna for the (4)
MISC
primary storage database and (5)
CONFIRM
archive storage database, which
has unspecified impact and attack
vectors.

ibm -- websphere_mq_light

IBM MQ Light before 1.0.0.2


allows remote attackers to cause
2015-08a denial of service (CPU
03
consumption) via a crafted byte
sequence in authentication data.

CVE-20157.8 1955
CONFIRM

Primary
Vendor -- Product

Published

CVSS Source &


Score Patch Info

ibm -- websphere_mq_light

IBM MQ Light before 1.0.0.2


allows remote attackers to cause
a denial of service (disk
2015-08consumption) via a crafted byte
03
sequence in authentication data,
a different vulnerability than CVE2015-1958 and CVE-2015-1987.

CVE-20157.8 1956
CONFIRM

ibm -- websphere_mq_light

IBM MQ Light before 1.0.0.2


allows remote attackers to cause
a denial of service (disk
2015-08consumption) via a crafted byte
03
sequence in authentication data,
a different vulnerability than CVE2015-1956 and CVE-2015-1987.

CVE-20157.8 1958
CONFIRM

ibm -- websphere_mq_light

IBM MQ Light before 1.0.0.2


allows remote attackers to cause
a denial of service (disk
2015-08consumption) via a crafted byte
03
sequence in authentication data,
a different vulnerability than CVE2015-1956 and CVE-2015-1958.

CVE-20157.8 1987
CONFIRM

ibm -- tivoli_storage_manager_fastback

Stack-based buffer overflow in the


server in IBM Tivoli Storage
Manager FastBack 6.1 before
6.1.12.1 allows remote attackers
CVE-20152015-08to execute arbitrary code via a
10.0 4931
03
crafted packet, a different
CONFIRM
vulnerability than CVE-20154932, CVE-2015-4933, CVE2015-4934, and CVE-2015-4935.

Description

Primary
Vendor -- Product

Description

Published

CVSS Source &


Score Patch Info

ibm -- tivoli_storage_manager_fastback

Stack-based buffer overflow in the


server in IBM Tivoli Storage
Manager FastBack 6.1 before
6.1.12.1 allows remote attackers
CVE-20152015-08to execute arbitrary code via a
10.0 4932
03
crafted packet, a different
CONFIRM
vulnerability than CVE-20154931, CVE-2015-4933, CVE2015-4934, and CVE-2015-4935.

ibm -- tivoli_storage_manager_fastback

Stack-based buffer overflow in the


server in IBM Tivoli Storage
Manager FastBack 6.1 before
6.1.12.1 allows remote attackers
CVE-20152015-08to execute arbitrary code via a
10.0 4933
03
crafted packet, a different
CONFIRM
vulnerability than CVE-20154931, CVE-2015-4932, CVE2015-4934, and CVE-2015-4935.

ibm -- tivoli_storage_manager_fastback

Stack-based buffer overflow in the


server in IBM Tivoli Storage
Manager FastBack 6.1 before
6.1.12.1 allows remote attackers
CVE-20152015-08to execute arbitrary code via a
10.0 4934
03
crafted packet, a different
CONFIRM
vulnerability than CVE-20154931, CVE-2015-4932, CVE2015-4933, and CVE-2015-4935.

ibm -- tivoli_storage_manager_fastback

Stack-based buffer overflow in the 2015-08- 10.0 CVE-2015server in IBM Tivoli Storage
03
4935
Manager FastBack 6.1 before
CONFIRM

Primary
Vendor -- Product

Published

CVSS Source &


Score Patch Info

The kbdint_next_device function


in auth2-chall.c in sshd in
OpenSSH through 6.9 does not
properly restrict the processing of
keyboard-interactive devices
within a single connection, which
makes it easier for remote
attackers to conduct brute-force 2015-08attacks or cause a denial of
02
service (CPU consumption) via a
long and duplicative list in the ssh
-oKbdInteractiveDevices option,
as demonstrated by a modified
client that provides a different
password for each pam element
on this list.

CVE-20155600
FULLDISC
8.5
MLIST
CONFIRM
CONFIRM

Description
6.1.12.1 allows remote attackers
to execute arbitrary code via a
crafted packet, a different
vulnerability than CVE-20154931, CVE-2015-4932, CVE2015-4933, and CVE-2015-4934.

openbsd -- openssh

symantec -- endpoint_protection_manager

The management console in


Symantec Endpoint Protection
Manager (SEPM) 12.1 before
12.1-RU6-MP1 allows remote
attackers to bypass
authentication via a crafted
password-reset action that
triggers a new administrative

2015-0731

7.5 CVE-20151486
CONFIRM
BID

Primary
Vendor -- Product

Published

CVSS Source &


Score Patch Info

symantec -- endpoint_protection_manager

The management console in


Symantec Endpoint Protection
Manager (SEPM) 12.1 before
2015-0712.1-RU6-MP1 allows remote
31
authenticated users to gain
privileges via unspecified vectors.

CVE-20151489
8.5
CONFIRM
BID

symantec -- endpoint_protection_manager

Untrusted search path


vulnerability in the client in
Symantec Endpoint Protection
2015-0712.1 before 12.1-RU6-MP1 allows
31
local users to gain privileges via a
Trojan horse DLL in a client install
package.

CVE-20151492
8.5
CONFIRM
BID

timedoctor -- timedoctor

The autoupdate implementation


in TimeDoctor Pro 1.4.72.3 on
Windows relies on unsigned
installer files that are retrieved
2015-08without use of SSL, which makes
06
it easier for man-in-the-middle
attackers to execute arbitrary
code via a crafted file.

CVE-20159.3 4674
FULLDISC

Description
session.

Back to top

Medium Vulnerabilities

Primary
Vendor -- Product

Published

CVSS Source &


Score Patch Info

chiyutw -- bf-630

Cross-site scripting
(XSS) vulnerability
on Chiyu BF-630,
BF-630W, and BF660C fingerprint
2015-07access-control
31
devices allows
remote attackers to
inject arbitrary web
script or HTML via a
SCRIPT element.

CVE-20154.3 2870
CERT-VN

cisco -- anyconnect_secure_mobility_client

Directory traversal
vulnerability in
Cisco AnyConnect
Secure Mobility
Client 4.0(2049)
allows remote head- 2015-07end systems to
31
write to arbitrary
files via a crafted
configuration
attribute, aka Bug
ID CSCut93920.

CVE-20156.4 4289
CISCO

cisco -prime_central_for_hosted_collaboration_solution_assurance

Description

Cross-site scripting 2015-07(XSS) vulnerability


31
in the management
interface in Cisco
Prime Central for
Hosted
Collaboration

4.3 CVE-20154292
CISCO

Primary
Vendor -- Product

Published

CVSS Source &


Score Patch Info

Cross-site scripting
(XSS) vulnerability
in Cisco IM and
Presence Service
before 10.5 MR1
allows remote
attackers to inject
cisco -arbitrary web script 2015-07unified_communications_manager_im_and_presence_service or HTML by
31
constructing a
crafted URL that
leverages
incomplete filtering
of HTML elements,
aka Bug ID
CSCut41766.

CVE-20154.3 4294
CISCO

Description
Solution (PC4HCS)
10.6(2) allows
remote attackers to
inject arbitrary web
script or HTML via
an unspecified
value, aka Bug ID
CSCuv45818.

cisco -- unified_communications_manager

The Prime
2015-07Collaboration
31
Deployment
component in Cisco
Unified
Communications

4.0 CVE-20154295
CISCO

Primary
Vendor -- Product

Published

CVSS Source &


Score Patch Info

Multiple cross-site
scripting (XSS)
vulnerabilities in the
web-server
component in MNS
before 4.5.6 on
Belden GarrettCom 2015-08Magnum 6K and
03
Magnum 10K
switches allow
remote attackers to
inject arbitrary web
script or HTML via
unspecified vectors.

CVE-20153942
4.3
MISC
CONFIRM

Description
Manager
10.5(3.10000.9)
allows remote
authenticated users
to discover root
credentials via a
direct request to an
unspecified URL,
aka Bug ID
CSCuv21819.

garrettcom -- magnum_10k_firmware

garrettcom -- magnum_10k_firmware

The firmware in
MNS before 4.5.6
on Belden
GarrettCom
Magnum 6K and
Magnum 10K

2015-0803

4.3 CVE-20153960
MISC
CONFIRM

Primary
Vendor -- Product

Published

CVSS Source &


Score Patch Info

Unspecified
vulnerability in IBM
WebSphere
eXtreme Scale 8.6
2015-08through 8.6.0.8
03
allows remote
attackers to cause a
denial of service via
unknown vectors.

CVE-20154936
5.0
CONFIRM
AIXAPAR

The ping_unhash
function in
net/ipv4/ping.c in
the Linux kernel
before 4.0.3 does

4.9 CVE-20153636
CONFIRM
CONFIRM
MLIST

Description
switches uses
hardcoded RSA
private keys and
certificates across
different customers'
installations, which
makes it easier for
remote attackers to
defeat cryptographic
protection
mechanisms for
HTTPS sessions by
leveraging
knowledge of a
private key from
another installation.

ibm -- websphere_extreme_scale

linux -- linux_kernel

2015-0805

Primary
Vendor -- Product

Description

Published

not initialize a
certain list data
structure during an
unhash operation,
which allows local
users to gain
privileges or cause
a denial of service
(use-after-free and
system crash) by
leveraging the
ability to make a
SOCK_DGRAM
socket system call
for the
IPPROTO_ICMP or
IPPROTO_ICMPV6
protocol, and then
making a connect
system call after a
disconnect.
linux -- linux_kernel

The udf_read_inode 2015-08function in


05
fs/udf/inode.c in the
Linux kernel before
3.19.1 does not
validate certain
length values, which
allows local users to
cause a denial of

CVSS Source &


Score Patch Info

CONFIRM
CONFIRM

4.7 CVE-20154167
CONFIRM
CONFIRM
MLIST
CONFIRM
CONFIRM

Primary
Vendor -- Product

Published

CVSS Source &


Score Patch Info

The
x11_open_helper
function in
channels.c in ssh in
OpenSSH before
6.9, when
ForwardX11Trusted
mode is not used,
lacks a check of the
2015-08refusal deadline for
02
X connections,
which makes it
easier for remote
attackers to bypass
intended access
restrictions via a
connection outside
of the permitted
time window.

CVE-20155352
4.3 CONFIRM
CONFIRM
MLIST

Description
service (incorrect
data representation
or integer overflow,
and OOPS) via a
crafted UDF
filesystem.

openbsd -- openssh

schneider-electric -- wonderware_system_platform_2014

Untrusted search
2015-08path vulnerability in
03
Schneider Electric
Wonderware
System Platform

6.9 CVE-20153940
MISC
CONFIRM

Primary
Vendor -- Product

Published

CVSS Source &


Score Patch Info

The SSL layer of the


HTTPS service in
Siemens
RuggedCom ROS
before 4.2.0 and
ROX II does not
properly implement
CBC padding, which 2015-08makes it easier for
02
man-in-the-middle
attackers to obtain
cleartext data via a
padding-oracle
attack, a different
vulnerability than
CVE-2014-3566.

CVE-20155537
4.3
MISC
CONFIRM

Description
before 2014 R2
Patch 01 allows
local users to gain
privileges via a
Trojan horse DLL in
an unspecified
directory.

siemens -- ruggedcom_rugged_operating_system

symantec -- endpoint_protection_manager

The management
2015-07console in
31
Symantec Endpoint
Protection Manager
(SEPM) 12.1 before
12.1-RU6-MP1
allows remote

5.5 CVE-20151487
CONFIRM
BID

Primary
Vendor -- Product

Published

CVSS Source &


Score Patch Info

An unspecified
action handler in the
management
console in
Symantec Endpoint
Protection Manager
2015-07(SEPM) 12.1 before
31
12.1-RU6-MP1
allows remote
authenticated users
to read arbitrary
files via unknown
vectors.

CVE-20151488
4.0
CONFIRM
BID

Description
authenticated users
to write to arbitrary
files, and
consequently obtain
administrator
privileges, via a
crafted filename.

symantec -- endpoint_protection_manager

symantec -- endpoint_protection_manager

Directory traversal 2015-07vulnerability in the


31
management
console in
Symantec Endpoint
Protection Manager
(SEPM) 12.1 before
12.1-RU6-MP1
allows remote
authenticated users

5.5 CVE-20151490
CONFIRM
BID

Primary
Vendor -- Product

Published

CVSS Source &


Score Patch Info

SQL injection
vulnerability in the
management
console in
Symantec Endpoint
Protection Manager
2015-07(SEPM) 12.1 before
31
12.1-RU6-MP1
allows remote
authenticated users
to execute arbitrary
SQL commands via
unspecified vectors.

CVE-20151491
6.0
CONFIRM
BID

Description
to read arbitrary
files via a relative
pathname in a client
installation package.

symantec -- endpoint_protection_manager

windriver -- vxworks

Wind River
2015-08VxWorks before
03
5.5.1, 6.5.x through
6.7.x before 6.7.1.1,
6.8.x before 6.8.3,
6.9.x before 6.9.4.4,
and 7.x before 7
ipnet_coreip 1.2.2.0,
as used on
Schneider Electric
SAGE RTU devices
before J2 and other
devices, does not

5.8 CVE-20153963
MISC
CONFIRM

Primary
Vendor -- Product

Published

CVSS Source &


Score Patch Info

Multiple cross-site
scripting (XSS)
vulnerabilities in
WordPress before
4.1.2, when MySQL
is used without strict
mode, allow remote
attackers to inject
arbitrary web script 2015-08or HTML via a (1)
04
four-byte UTF-8
character or (2)
invalid character
that reaches the
database layer, as
demonstrated by a
crafted character in
a comment.

CVE-20153438
4.3 CONFIRM
CONFIRM
MISC

Cross-site scripting 2015-08(XSS) vulnerability


05
in the Ephox

4.3 CVE-20153439
CONFIRM

Description
properly generate
TCP initial
sequence number
(ISN) values, which
makes it easier for
remote attackers to
spoof TCP sessions
by predicting an ISN
value.

wordpress -- wordpress

wordpress -- wordpress

Primary
Vendor -- Product

Description

Published

(formerly
Moxiecode)
plupload.flash.swf
shim 2.1.2 in
Plupload, as used in
WordPress 3.9.x,
4.0.x, and 4.1.x
before 4.1.2 and
other products,
allows remote
attackers to execute
same-origin
JavaScript functions
via the target
parameter, as
demonstrated by
executing a certain
click function,
related to
_init.asand
_fireEvent.as.
wordpress -- wordpress

Cross-site scripting 2015-08(XSS) vulnerability


03
in wp-includes/wpdb.php in
WordPress before
4.2.1 allows remote
attackers to inject
arbitrary web script
or HTML via a long

CVSS Source &


Score Patch Info

CONFIRM
CONFIRM
MISC

4.3 CVE-20153440
CONFIRM
MISC
CONFIRM
FULLDISC
CONFIRM

Primary
Vendor -- Product

Published

CVSS Source &


Score Patch Info

WordPress before
4.2.3 does not
properly verify the
edit_posts
capability, which
allows remote
authenticated users
to bypass intended 2015-08access restrictions
03
and create drafts by
leveraging the
Subscriber role, as
demonstrated by a
post-quickdraft-save
action to wpadmin/post.php.

CVE-20155623
CONFIRM
4.0
CONFIRM
CONFIRM
MLIST

Description
comment that is
improperly stored
because of
limitations on the
MySQL TEXT data
type.

wordpress -- wordpress

Back to top

Low Vulnerabilities
Primary
Vendor -- Product
garrettcom -- magnum_10k_firmware

Description
The web-server component in

Published

CVSS Source &


Score Patch Info

2015-08-

3.5 CVE-2015-

Primary
Vendor -- Product

Description
MNS before 4.5.6 on Belden
GarrettCom Magnum 6K and
Magnum 10K switches allows
remote authenticated users to
cause a denial of service
(memory corruption and reboot)
via a crafted URL.

Published

03

CVSS Source &


Score Patch Info

3961
MISC
CONFIRM

IBM Business Process Manager


(BPM) 8.0.x through 8.0.1.3,
8.5.0 through 8.5.0.1, 8.5.5
through 8.5.5.0, and 8.5.6
through 8.5.6.0, when external
Enterprise Content Management
2015-07(ECM) integration is enabled
31
with a certain technical system
account configuration, allows
remote authenticated users to
bypass intended documentaccess restrictions via a (1)
upload or (2) download action.

CVE-20151904
3.5
CONFIRM
AIXAPAR

The IBM WebSphere DataPower


XC10 appliance 2.1 through
2.1.0.3 and 2.5 through 2.5.0.4
retains data on SSD cards,
ibm -2015-08which might allow physically
websphere_datapower_xc10_appliance_firmware
03
proximate attackers to obtain
sensitive information by
extracting a card and attaching it
elsewhere.

CVE-20151970
2.1
CONFIRM
AIXAPAR

indusoft -- web_studio

1.7 CVE-2015-

ibm -- business_process_manager

Schneider Electric InduSoft Web 2015-07-

Primary
Vendor -- Product

Description
Studio before 7.1.3.5 Patch 5
and Wonderware InTouch
Machine Edition through 7.1
SP3 Patch 4 use cleartext for
project-window password
storage, which allows local users
to obtain sensitive information by
reading a file.

Published

31

CVSS Source &


Score Patch Info

1009
MISC
MISC
CONFIRM

siemens -- simatic_wincc_sm@rtclient

The Siemens SIMATIC WinCC


Sm@rtClient and Sm@rtClient
Lite applications before
01.00.01.00 for Android do not
2015-08properly store passwords, which
02
allows physically proximate
attackers to obtain sensitive
information via unspecified
vectors.

CVE-20155084
2.1
MISC
CONFIRM

wordpress -- wordpress

Cross-site scripting (XSS)


vulnerability in WordPress
before 4.2.3 allows remote
authenticated users to inject
arbitrary web script or HTML by
leveraging the Author or
Contributor role to place a
crafted shortcode inside an
HTML element, related to wpincludes/kses.php and wpincludes/shortcodes.php.

CVE-20155622
CONFIRM
3.5
CONFIRM
CONFIRM
MLIST

This product is provided subject to this Notification and this Privacy & Use policy.

2015-0803

Você também pode gostar