Vulnerability Summary for the Week of February 9, 2014

Please Note:

• The vulnerabilities are cattegorized by their level of severity which is either High, Medium or Low.

• The CVE indentity number is the publicly known ID given to that particular vulnerability. Therefore you can search the status of that particular vulnerability using that ID.

• The CVSS (Common Vulnerability Scoring System) score is a standard scoring system used to determine the severity of the vulnerability.

High Severity Vulnerabilities The Primary Vendor --- Description Date CVSS The CVE Product Published Score Identity aas9 -- zerocms SQL injection vulnerability in 2015-02-06 7.5 CVE-2015-1442 BID (link is views/zero_transact_user.php in the external) administrative backend in ZeroCMS 1.3.3, 1.3.2, MISC (link is and earlier allows remote authenticated users to external) MISC (link is execute arbitrary SQL commands via the user_id external) parameter in a Modify Account action. NOTE: The MISC (link is article_id parameter to zero_view_article.php external) vector is already covered by CVE-2014-4034. MLIST MLIST FULLDISC MISC (link is external) advantech -- eki- Buffer overflow on Advantech EKI-1200 2015-02-12 10.0 CVE-2014-8385 1200_gateway_series_fir gateways with firmware before 1.63 allows mware remote attackers to execute arbitrary code via unspecified vectors. apereo -- Apereo Central Authentication Service (CAS) 2015-02-10 7.5 CVE-2015-1169 CONFIRM central_authentication_se Server before 3.5.3 allows remote attackers to CONFIRM (link rvice conduct LDAP injection attacks via a crafted is external) username, as demonstrated by using a wildcard CONFIRM (link is external) and a valid password to bypass LDAP authentication. FULLDISC MISC (link is external) attachmate -- The rftpcom.dll ActiveX control in Attachmate 2015-02-06 10.0 CVE-2014-0603 MISC (link is reflection_ftp_client Reflection FTP Client before 14.1.429 allows external) remote attackers to cause a denial of service MISC (link is (memory corruption) and execute arbitrary code external) via vectors related to the (1) GetGlobalSettings or (2) GetSiteProperties3 methods, which triggers a dereference of an arbitrary memory address. NOTE: this issue was MERGED with CVE- 2014-0606 because it is the same type of vulnerability, affecting the same set of versions, and discovered by the same researcher. attachmate -- Directory traversal vulnerability in the 2015-02-06 10.0 CVE-2014-0604 MISC (link is reflection_ftp_client rftpcom.dll ActiveX control in Attachmate external) Reflection FTP Client before 14.1.429 allows remote attackers to execute arbitrary code via unspecified vectors to the StartLog method. attachmate -- Directory traversal vulnerability in the 2015-02-06 10.0 CVE-2014-0605 MISC (link is reflection_ftp_client rftpcom.dll ActiveX control in Attachmate external) Reflection FTP Client before 14.1.429 allows remote attackers to execute arbitrary code via unspecified vectors to the SaveSettings method. bullguard -- bdagent.sys bdagent.sys in BullGuard Antivirus, Internet 2015-02-06 7.2 CVE-2014-9642 OSVDB Security, Premium Protection, and Online MISC (link is Backup before 15.0.288 allows local users to external) write data to arbitrary memory locations, and EXPLOIT-DB (link is external) consequently gain privileges, via a crafted MISC (link is 0x0022405c IOCTL call. external) cisco -- The administrative web interface in Cisco WebEx 2015-02-07 9.0 CVE-2015-0589 XF (link is webex_meetings_server Meetings Server 1.0 through 1.5 allows remote external) authenticated users to execute arbitrary OS SECTRACK commands with root privileges via unspecified (link is external) BID (link is fields, aka Bug ID CSCuj40460. external) SECUNIA (link is external) cisco -- ios The Zone-Based Firewall implementation in 2015-02-11 7.8 CVE-2015-0592 Cisco IOS 15.4(2)T3 and earlier allows remote attackers to cause a denial of service (device reload) via crafted network traffic that triggers incorrect kernel-timer handling, aka Bug ID CSCuh25672. cisco -- ios The Zone-Based Firewall implementation in 2015-02-12 7.1 CVE-2015-0593 Cisco IOS 12.4(122)T and earlier does not properly manage session-object structures, which allows remote attackers to cause a denial of service (device reload) via crafted network traffic, aka Bug ID CSCul65003. cisco -- ios Race condition in the Measurement, 2015-02-11 7.1 CVE-2015-0608 Aggregation, and Correlation Engine (MACE) implementation in Cisco IOS 15.4(2)T3 and earlier allows remote attackers to cause a denial of service (device reload) via crafted network traffic that triggers improper handling of the timing of process switching and Cisco Express Forwarding (CEF) switching, aka Bug ID CSCul48736. fancyfon -- famoc Multiple SQL injection vulnerabilities in 2015-02-06 7.5 CVE-2015-1514 MISC (link is FancyFon FAMOC before 3.17.4 allow (1) remote external) attackers to execute arbitrary SQL commands via BUGTRAQ the device ID REST parameter (PATH_INFO) to (link is external) MISC (link is /ajax.php or (2) remote authenticated users to external) execute arbitrary SQL commands via the order parameter to index.php. fork-cms -- fork_cms Multiple SQL injection vulnerabilities in 2015-02-06 7.5 CVE-2015-1467 XF (link is Translations in Fork CMS before 3.8.6 allow external) remote authenticated users to execute arbitrary BUGTRAQ SQL commands via the (1) language[] or (2) (link is external) MISC (link is type[] parameter to private/en/locale/index. external) freetype -- freetype The tt_sbit_decoder_load_image function in 2015-02-08 7.5 CVE-2014-9656 CONFIRM sfnt/ttsbit.c in FreeType before 2.5.4 does not MISC (link is properly check for an integer overflow, which external) allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted OpenType font. freetype -- freetype The tt_face_load_hdmx function in 2015-02-08 7.5 CVE-2014-9657 CONFIRM truetype/ttpload.c in FreeType before 2.5.4 does MISC (link is not establish a minimum record size, which external) allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted TrueType font. freetype -- freetype The tt_face_load_kern function in sfnt/ttkern.c 2015-02-08 7.5 CVE-2014-9658 CONFIRM in FreeType before 2.5.4 enforces an incorrect MISC (link is minimum table length, which allows remote external) attackers to cause a denial of service (out-of- bounds read) or possibly have unspecified other impact via a crafted TrueType font. freetype -- freetype cff/cf2intrp.c in the CFF CharString interpreter in 2015-02-08 7.5 CVE-2014-9659 CONFIRM FreeType before 2.5.4 proceeds with additional MISC (link is hints after the hint mask has been computed, external) which allows remote attackers to execute arbitrary code or cause a denial of service (stack- based buffer overflow) via a crafted OpenType font. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2240. freetype -- freetype The _bdf_parse_glyphs function in bdf/bdflib.c 2015-02-08 7.5 CVE-2014-9660 CONFIRM in FreeType before 2.5.4 does not properly MISC (link is handle a missing ENDCHAR record, which allows external) remote attackers to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a crafted BDF font. freetype -- freetype type42/t42parse.c in FreeType before 2.5.4 does 2015-02-08 7.5 CVE-2014-9661 CONFIRM not consider that scanning can be incomplete CONFIRM without triggering an error, which allows remote MISC (link is attackers to cause a denial of service (use-after- external) free) or possibly have unspecified other impact via a crafted Type42 font. freetype -- freetype cff/cf2ft.c in FreeType before 2.5.4 does not 2015-02-08 7.5 CVE-2014-9662 CONFIRM validate the return values of point-allocation MISC (link is functions, which allows remote attackers to external) cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted OTF font. freetype -- freetype The tt_cmap4_validate function in sfnt/ttcmap.c 2015-02-08 7.5 CVE-2014-9663 CONFIRM in FreeType before 2.5.4 validates a certain MISC (link is length field before that field's value is external) completely calculated, which allows remote attackers to cause a denial of service (out-of- bounds read) or possibly have unspecified other impact via a crafted cmap SFNT table. freetype -- freetype FreeType before 2.5.4 does not check for the end 2015-02-08 7.5 CVE-2014-9664 CONFIRM of the data during certain parsing actions, which CONFIRM allows remote attackers to cause a denial of MISC (link is service (out-of-bounds read) or possibly have external) unspecified other impact via a crafted Type42 font, related to type42/t42parse.c and type1/t1load.c. freetype -- freetype The Load_SBit_Png function in sfnt/pngshim.c in 2015-02-08 7.5 CVE-2014-9665 CONFIRM FreeType before 2.5.4 does not restrict the rows CONFIRM and pitch values of PNG data, which allows MISC (link is remote attackers to cause a denial of service external) (integer overflow and heap-based buffer overflow) or possibly have unspecified other impact by embedding a PNG file in a .ttf font file. freetype -- freetype The tt_sbit_decoder_init function in sfnt/ttsbit.c 2015-02-08 7.5 CVE-2014-9666 CONFIRM in FreeType before 2.5.4 proceeds with a count- MISC (link is to-size association without restricting the count external) value, which allows remote attackers to cause a denial of service (integer overflow and out-of- bounds read) or possibly have unspecified other impact via a crafted embedded bitmap. freetype -- freetype sfnt/ttload.c in FreeType before 2.5.4 proceeds 2015-02-08 7.5 CVE-2014-9667 CONFIRM with offset+length calculations without MISC (link is restricting the values, which allows remote external) attackers to cause a denial of service (integer overflow and out-of-bounds read) or possibly have unspecified other impact via a crafted SFNT table. freetype -- freetype The woff_open_font function in sfnt/sfobjs.c in 2015-02-08 7.5 CVE-2014-9668 CONFIRM FreeType before 2.5.4 proceeds with MISC (link is offset+length calculations without restricting external) length values, which allows remote attackers to cause a denial of service (integer overflow and heap-based buffer overflow) or possibly have unspecified other impact via a crafted Web Open Font Format (WOFF) file. freetype -- freetype Multiple integer overflows in sfnt/ttcmap.c in 2015-02-08 7.5 CVE-2014-9669 CONFIRM FreeType before 2.5.4 allow remote attackers to MISC (link is cause a denial of service (out-of-bounds read or external) memory corruption) or possibly have unspecified other impact via a crafted cmap SFNT table. freetype -- freetype Integer signedness error in the 2015-02-08 7.5 CVE-2014-9673 CONFIRM Mac_Read_POST_Resource function in MISC (link is base/ftobjs.c in FreeType before 2.5.4 allows external) remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted Mac font. freetype -- freetype The Mac_Read_POST_Resource function in 2015-02-08 7.5 CVE-2014-9674 CONFIRM base/ftobjs.c in FreeType before 2.5.4 proceeds CONFIRM with adding to length values without validating MISC (link is the original values, which allows remote external) attackers to cause a denial of service (integer overflow and heap-based buffer overflow) or possibly have unspecified other impact via a crafted Mac font. google -- chrome Use-after-free vulnerability in the 2015-02-06 7.5 CVE-2015-1209 CONFIRM VisibleSelection::nonBoundaryShadowTreeRoot CONFIRM (link Node function in is external) core/editing/VisibleSelection.cpp in the DOM XF (link is external) implementation in Blink, as used in Google UBUNTU (link Chrome before 40.0.2214.111 on Windows, OS X, is external) and Linux and before 40.0.2214.109 on Android, SECTRACK allows remote attackers to cause a denial of (link is external) BID (link is service or possibly have unspecified other external) impact via crafted JavaScript code that triggers SECUNIA (link improper handling of a shadow-root anchor. is external) SECUNIA (link is external) REDHAT (link is external) google -- chrome The OriginCanAccessServiceWorkers function in 2015-02-06 7.5 CVE-2015-1211 CONFIRM (link content/browser/service_worker/service_worker is external) _dispatcher_host.cc in Google Chrome before XF (link is 40.0.2214.111 on Windows, OS X, and Linux and external) UBUNTU (link before 40.0.2214.109 on Android does not is external) properly restrict the URI scheme during a SECTRACK ServiceWorker registration, which allows remote (link is external) attackers to gain privileges via a filesystem: URI. BID (link is external) SECUNIA (link is external) SECUNIA (link is external) REDHAT (link is external) google -- chrome Multiple unspecified vulnerabilities in Google 2015-02-06 7.5 CVE-2015-1212 CONFIRM (link Chrome before 40.0.2214.111 on Windows, OS X, is external) and Linux and before 40.0.2214.109 on Android CONFIRM (link allow attackers to cause a denial of service or is external) CONFIRM (link possibly have other impact via unknown vectors. is external) CONFIRM (link is external) CONFIRM (link is external) CONFIRM (link is external) CONFIRM (link is external) XF (link is external) UBUNTU (link is external) SECTRACK (link is external) BID (link is external) SECUNIA (link is external) SECUNIA (link is external) REDHAT (link is external) holding_pattern_project Unrestricted file upload vulnerability in 2015-02-11 7.5 CVE-2015-1172 BID (link is -- holding_pattern admin/upload-file.php in the Holding Pattern external) theme (aka holding_pattern) 0.6 and earlier for MISC (link is WordPress allows remote attackers to execute external) arbitrary PHP code by uploading a file with a PHP extension, then accessing it via a direct request to the file in an unspecified directory. ibm -- dsmtca in the client in IBM Tivoli Storage 2015-02-12 7.2 CVE-2014-6185 XF (link is tivoli_storage_manager Manager (TSM) 6.3 before 6.3.2.3, 6.4 before external) 6.4.2.2, and 7.1 before 7.1.1.3 does not properly AIXAPAR (link restrict shared-library loading, which allows local is external) users to gain privileges via a crafted DSO file. k7computing -- anti- K7Sentry.sys in K7 Computing Ultimate Security, 2015-02-06 7.2 CVE-2014-9643 OSVDB virus_plus Anti-Virus Plus, and Total Security before MISC (link is 14.2.0.253 allows local users to write to arbitrary external) memory locations, and consequently gain EXPLOIT-DB (link is external) privileges, via a crafted 0x95002570, MISC (link is 0x95002574, 0x95002580, 0x950025a8, external) 0x950025ac, or 0x950025c8 IOCTL call. microsoft -- The UNC implementation in Microsoft Windows 2015-02-10 8.3 CVE-2015-0008 windows_2003_server Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not include authentication from the server to the client, which allows remote attackers to execute arbitrary code by making crafted data available on a UNC share, as demonstrated by Group Policy data from a spoofed domain controller, aka "Group Policy Remote Code Execution Vulnerability." microsoft -- Microsoft Internet Explorer 6 through 11 allows 2015-02-10 9.3 CVE-2015-0017 internet_explorer remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-0020, CVE-2015- 0022, CVE-2015-0026, CVE-2015-0030, CVE- 2015-0031, CVE-2015-0036, and CVE-2015-0041. microsoft -- Microsoft Internet Explorer 11 allows remote 2015-02-10 9.3 CVE-2015-0018 internet_explorer attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-0037, CVE-2015- 0040, and CVE-2015-0066. microsoft -- Microsoft Internet Explorer 9 and 10 allows 2015-02-10 9.3 CVE-2015-0019 internet_explorer remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." microsoft -- Microsoft Internet Explorer 6 through 11 allows 2015-02-10 9.3 CVE-2015-0020 internet_explorer remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-0017, CVE-2015- 0022, CVE-2015-0026, CVE-2015-0030, CVE- 2015-0031, CVE-2015-0036, and CVE-2015-0041. microsoft -- Microsoft Internet Explorer 6 through 10 allows 2015-02-10 9.3 CVE-2015-0021 internet_explorer remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." microsoft -- Microsoft Internet Explorer 6 through 11 allows 2015-02-10 9.3 CVE-2015-0022 internet_explorer remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-0017, CVE-2015- 0020, CVE-2015-0026, CVE-2015-0030, CVE- 2015-0031, CVE-2015-0036, and CVE-2015-0041. microsoft -- Microsoft Internet Explorer 10 allows remote 2015-02-10 9.3 CVE-2015-0023 internet_explorer attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-0025. microsoft -- Microsoft Internet Explorer 10 allows remote 2015-02-10 9.3 CVE-2015-0025 internet_explorer attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-0023. microsoft -- Microsoft Internet Explorer 6 through 11 allows 2015-02-10 9.3 CVE-2015-0026 internet_explorer remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-0017, CVE-2015- 0020, CVE-2015-0022, CVE-2015-0030, CVE- 2015-0031, CVE-2015-0036, and CVE-2015-0041. microsoft -- Microsoft Internet Explorer 10 and 11 allows 2015-02-10 9.3 CVE-2015-0027 internet_explorer remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-0035, CVE-2015- 0039, CVE-2015-0052, and CVE-2015-0068. microsoft -- Microsoft Internet Explorer 9 allows remote 2015-02-10 9.3 CVE-2015-0028 internet_explorer attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-0048. microsoft -- Microsoft Internet Explorer 6 and 8 allows 2015-02-10 9.3 CVE-2015-0029 internet_explorer remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." microsoft -- Microsoft Internet Explorer 6 through 11 allows 2015-02-10 9.3 CVE-2015-0030 internet_explorer remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-0017, CVE-2015- 0020, CVE-2015-0022, CVE-2015-0026, CVE- 2015-0031, CVE-2015-0036, and CVE-2015-0041. microsoft -- Microsoft Internet Explorer 6 through 11 allows 2015-02-10 9.3 CVE-2015-0031 internet_explorer remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-0017, CVE-2015- 0020, CVE-2015-0022, CVE-2015-0026, CVE- 2015-0030, CVE-2015-0036, and CVE-2015-0041. microsoft -- Microsoft Internet Explorer 10 and 11 allows 2015-02-10 9.3 CVE-2015-0035 internet_explorer remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-0027, CVE-2015- 0039, CVE-2015-0052, and CVE-2015-0068. microsoft -- Microsoft Internet Explorer 6 through 11 allows 2015-02-10 9.3 CVE-2015-0036 internet_explorer remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-0017, CVE-2015- 0020, CVE-2015-0022, CVE-2015-0026, CVE- 2015-0030, CVE-2015-0031, and CVE-2015-0041. microsoft -- Microsoft Internet Explorer 11 allows remote 2015-02-10 9.3 CVE-2015-0037 internet_explorer attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-0018, CVE-2015- 0040, and CVE-2015-0066. microsoft -- Microsoft Internet Explorer 9 through 11 allows 2015-02-10 9.3 CVE-2015-0038 internet_explorer remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-0042 and CVE-2015- 0046. microsoft -- Microsoft Internet Explorer 10 and 11 allows 2015-02-10 9.3 CVE-2015-0039 internet_explorer remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-0027, CVE-2015- 0035, CVE-2015-0052, and CVE-2015-0068. microsoft -- Microsoft Internet Explorer 11 allows remote 2015-02-10 9.3 CVE-2015-0040 internet_explorer attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-0018, CVE-2015- 0037, and CVE-2015-0066. microsoft -- Microsoft Internet Explorer 6 through 11 allows 2015-02-10 9.3 CVE-2015-0041 internet_explorer remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-0017, CVE-2015- 0020, CVE-2015-0022, CVE-2015-0026, CVE- 2015-0030, CVE-2015-0031, and CVE-2015-0036. microsoft -- Microsoft Internet Explorer 9 through 11 allows 2015-02-10 9.3 CVE-2015-0042 internet_explorer remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-0038 and CVE-2015- 0046. microsoft -- Microsoft Internet Explorer 8 through 11 allows 2015-02-10 9.3 CVE-2015-0043 internet_explorer remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." microsoft -- Microsoft Internet Explorer 8 and 9 allows 2015-02-10 9.3 CVE-2015-0044 internet_explorer remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-8967 and CVE-2015- 0050. microsoft -- Microsoft Internet Explorer 6 through 8 allows 2015-02-10 9.3 CVE-2015-0045 internet_explorer remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-0053. microsoft -- Microsoft Internet Explorer 9 through 11 allows 2015-02-10 9.3 CVE-2015-0046 internet_explorer remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-0038 and CVE-2015- 0042. microsoft -- Microsoft Internet Explorer 9 allows remote 2015-02-10 9.3 CVE-2015-0048 internet_explorer attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-0028. microsoft -- Microsoft Internet Explorer 8 and 10 allows 2015-02-10 9.3 CVE-2015-0049 internet_explorer remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." microsoft -- Microsoft Internet Explorer 8 and 9 allows 2015-02-10 9.3 CVE-2015-0050 internet_explorer remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-8967 and CVE-2015- 0044. microsoft -- Microsoft Internet Explorer 10 and 11 allows 2015-02-10 9.3 CVE-2015-0052 internet_explorer remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-0027, CVE-2015- 0035, CVE-2015-0039, and CVE-2015-0068. microsoft -- Microsoft Internet Explorer 6 through 8 allows 2015-02-10 9.3 CVE-2015-0053 internet_explorer remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-0045. microsoft -- win32k.sys in the kernel-mode drivers in 2015-02-10 7.2 CVE-2015-0057 windows_2003_server Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability." microsoft -- windows_8.1 Double free vulnerability in win32k.sys in the 2015-02-10 7.2 CVE-2015-0058 kernel-mode drivers in Microsoft Windows 8.1, Windows Server 2012 R2, and Windows RT 8.1 allows local users to gain privileges via a crafted application, aka "Windows Cursor Object Double Free Vulnerability." microsoft -- Microsoft Windows Server 2008 R2 SP1, 2015-02-10 7.2 CVE-2015-0062 windows_2003_server Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow local users to gain privileges via a crafted application that leverages incorrect impersonation handling in a process that uses the SeAssignPrimaryTokenPrivilege privilege, aka "Windows Create Process Elevation of Privilege Vulnerability." microsoft -- excel Microsoft Excel 2007 SP3; the proofing tools in 2015-02-10 9.3 CVE-2015-0063 Office 2010 SP2; Excel 2010 SP2; Excel 2013 Gold, SP1, and RT; Excel Viewer; and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Excel Remote Code Execution Vulnerability." microsoft -- office Microsoft Word 2007 SP3, Office 2010 SP2, Word 2015-02-10 9.3 CVE-2015-0064 2010 SP2, Word Automation Services in SharePoint Server 2010, Web Applications 2010 SP2, Word Viewer, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Office Remote Code Execution Vulnerability." microsoft -- word Microsoft Word 2007 SP3 allows remote 2015-02-10 9.3 CVE-2015-0065 attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "OneTableDocumentStream Remote Code Execution Vulnerability." microsoft -- Microsoft Internet Explorer 11 allows remote 2015-02-10 9.3 CVE-2015-0066 internet_explorer attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-0018, CVE-2015- 0037, and CVE-2015-0040. microsoft -- Microsoft Internet Explorer 6 through 9 allows 2015-02-10 9.3 CVE-2015-0067 internet_explorer remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." microsoft -- Microsoft Internet Explorer 10 and 11 allows 2015-02-10 9.3 CVE-2015-0068 internet_explorer remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-0027, CVE-2015- 0035, CVE-2015-0039, and CVE-2015-0052. pragyan_cms_project -- SQL injection vulnerability in userprofile.lib.php 2015-02-12 7.5 CVE-2015-1471 MISC (link is pragyan_cms in Pragyan CMS 3.0 allows remote attackers to external) execute arbitrary SQL commands via the user CONFIRM (link parameter to the default URI. is external) MISC (link is external) MISC (link is external) MLIST FULLDISC MISC (link is external) privoxy -- privoxy Multiple use-after-free vulnerabilities in Privoxy 2015-02-10 7.5 CVE-2015-1031 MLIST (link is before 3.0.22 allow remote attackers to have external) unspecified impact via vectors related to (1) the unmap function in list.c or (2) "two additional unconfirmed use-after-free complaints made by Coverity scan." NOTE: some of these details are obtained from third party information. redaxscript -- redaxscript SQL injection vulnerability in the search_post 2015-02-11 7.5 CVE-2015-1518 BUGTRAQ function in includes/search.php in Redaxscript (link is external) before 2.3.0 allows remote attackers to execute MISC (link is arbitrary SQL commands via the search_terms external) EXPLOIT-DB parameter. (link is external) MISC (link is external) siphon -- SQL injection vulnerability in SIPhone Enterprise 2015-02-06 7.5 CVE-2015-1513 XF (link is siphone_enterprise_pbx PBX allows remote attackers to execute arbitrary external) SQL commands via the Username. MISC (link is external) trendmicro -- tmeext.sys The tmeext.sys driver before 2.0.0.1015 in Trend 2015-02-06 7.2 CVE-2014-9641 OSVDB Micro Antivirus Plus, Internet Security, and MISC (link is Maximum Security allows local users to write to external) arbitrary memory locations, and consequently EXPLOIT-DB (link is external) gain privileges, via a crafted 0x00222400 IOCTL call. yuba -- u5cms Multiple SQL injection vulnerabilities in u5CMS 2015-02-11 7.5 CVE-2015-1576 MISC (link is before 3.9.4 allow remote attackers to execute external) arbitrary SQL commands via the name MISC (link is parameter to (1) copy2.php, (2) localize.php, (3) external) metai.php, (4) nc.php, (5) new2.php, or (6) rename2.php in u5admin/; (7) c parameter to u5admin/editor.php; (8) typ parameter to u5admin/meta2.php; or (9) newname parameter to u5admin/rename2.php.

Medium Severity Vulnerabilities The Primary Description Date Published CVSS The CVE Vendor --- Product Score Identity acme -- mini_httpd mini_httpd 1.21 and earlier allows remote attackers 2015-02-10 5.0 CVE-2015-1548 MISC (link is to obtain sensitive information from process external) memory via an HTTP request with a long protocol string, which triggers an incorrect response size calculation and an out-of-bounds read. apache -- activemq Multiple cross-site scripting (XSS) vulnerabilities in 2015-02-12 4.3 CVE-2014-8110 XF (link is the web based administration console in Apache external) ActiveMQ 5.x before 5.10.1 allow remote attackers BID (link is to inject arbitrary web script or HTML via external) MLIST unspecified vectors. apache -- wss4j Apache WSS4J before 1.6.17 and 2.x before 2.0.2 2015-02-12 5.0 CVE-2015-0227 BID (link is allows remote attackers to bypass the external) requireSignedEncryptedDataElements configuration via a vectors related to "wrapping attacks." cisco -- The Proxy Bypass Content Rewriter feature in the 2015-02-06 6.3 CVE-2013-5557 adaptive_security_a WebVPN subsystem in Cisco Adaptive Security ppliance_software Appliance (ASA) Software 9.1(.2) and earlier allows remote authenticated users to cause a denial of service (device crash or error-recovery event) via an HTTP request that triggers a rewrite, aka Bug ID CSCug91577. cisco -- The web interface in Cisco Prime Infrastructure 2.1 2015-02-11 4.3 CVE-2014-2147 prime_infrastructur and earlier does not properly restrict use of IFRAME e elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a "cross-frame scripting (XFS)" issue, aka Bug ID CSCuj42444. cisco -- Cross-site request forgery (CSRF) vulnerability in the 2015-02-11 6.8 CVE-2014-2152 prime_infrastructur INSERT page in Cisco Prime Infrastructure (PI) allows e remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCun21868. cisco -- Multiple cross-site scripting (XSS) vulnerabilities in 2015-02-11 4.3 CVE-2014-2153 prime_infrastructur INSERT pages in Cisco Prime Infrastructure allow e remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCun21869. cisco -- Multiple cross-site scripting (XSS) vulnerabilities in 2015-02-11 4.3 CVE-2014-3365 prime_security_ma Cisco Prime Security Manager (PRSM) 9.2(.1-2) and nager earlier allow remote attackers to inject arbitrary web script or HTML via crafted input to the (1) Dashboard or (2) Configure Realm page, aka Bug ID CSCuo94808. cisco -- Multiple SQL injection vulnerabilities in the ACS 2015-02-11 6.5 CVE-2015-0580 secure_access_cont View reporting interface pages in Cisco Secure rol_system Access Control System (ACS) before 5.5 patch 7 allow remote authenticated administrators to execute arbitrary SQL commands via crafted HTTPS requests, aka Bug ID CSCuq79027. cisco -- The mobility extension on Cisco Unified IP 9900 2015-02-07 5.0 CVE-2015-0600 XF (link is unified_ip_phones_ phones with firmware 9.4(.1) and earlier allows external) 9900_series_firmwa remote attackers to cause a denial of service (logoff) BID (link is re via crafted packets, aka Bug ID CSCuq12139. external) cisco -- Cisco Unified IP 9900 phones with firmware 9.4(.1) 2015-02-06 4.6 CVE-2015-0601 XF (link is unified_ip_phones_ and earlier allow local users to cause a denial of external) 9900_series_firmwa service (device reload) via crafted commands, aka BID (link is re Bug ID CSCup92790. external) cisco -- The mobility extension on Cisco Unified IP 9900 2015-02-07 5.0 CVE-2015-0602 XF (link is unified_ip_phones_ phones with firmware 9.4(.1) and earlier allows external) 9900_series_firmwa remote attackers to obtain sensitive information by BID (link is re sniffing the network, aka Bug ID CSCuq12117. external) cisco -- Cisco Unified IP 9900 phones with firmware 9.4(.1) 2015-02-06 4.6 CVE-2015-0603 XF (link is unified_ip_phones_ and earlier use weak permissions for unspecified external) 9900_series_firmwa files, which allows local users to cause a denial of BID (link is re service (persistent hang or reboot) by writing to a external) phone's filesystem, aka Bug ID CSCup90474. cisco -- The web framework on Cisco Unified IP 9900 2015-02-06 5.0 CVE-2015-0604 XF (link is unified_ip_phones_ phones with firmware 9.4(.1) and earlier allows external) 9900_series_firmwa remote attackers to upload files to arbitrary BID (link is re locations on a phone's filesystem via crafted HTTP external) SECUNIA (link requests, aka Bug ID CSCup90424. is external) cisco -- asyncos The uuencode inspection engine in Cisco AsyncOS 2015-02-06 4.3 CVE-2015-0605 XF (link is on Cisco Email Security Appliance (ESA) devices 8.5 external) and earlier allows remote attackers to bypass BID (link is intended content restrictions via a crafted e-mail external) SECUNIA (link attachment with uuencode encoding, aka Bug ID is external) CSCzv54343. cisco -- ios The IOS Shell in Cisco IOS allows local users to cause 2015-02-11 4.9 CVE-2015-0606 a denial of service (device crash) via unspecified commands, aka Bug ID CSCur59696. cisco -- ios Race condition in the object-group ACL feature in 2015-02-11 4.3 CVE-2015-0610 Cisco IOS 15.5(2)T and earlier allows remote attackers to bypass intended access restrictions via crafted network traffic that triggers improper handling of the timing of process switching and Cisco Express Forwarding (CEF) switching, aka Bug ID CSCun21071. cisco -- The administrative web-management portal in 2015-02-11 6.5 CVE-2015-0611 telepresence_syste Cisco IX 8 (.0.1) and earlier on Cisco TelePresence m_software_ix IX5000 devices does not properly restrict the device-recovery account's access, which allows remote authenticated users to obtain HelpDesk- equivalent privileges by leveraging device-recovery authentication, aka Bug ID CSCus74174. cisco -- Memory leak in the embedded web server in the 2015-02-11 5.0 CVE-2015-0619 adaptive_security_a WebVPN subsystem in Cisco Adaptive Security ppliance_software Appliance (ASA) Software allows remote attackers to cause a denial of service (memory consumption and SSL outage) via multiple crafted HTTP requests, aka Bug ID CSCue05458. dotnetnuke -- Cross-site scripting (XSS) vulnerability in 2015-02-09 4.3 CVE-2015-1566 dotnetnuke DotNetNuke (DNN) before 7.4.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. elegant_themes -- Directory traversal vulnerability in the Elegant 2015-02-11 5.0 CVE-2015-1579 EXPLOIT-DB divi Themes Divi theme for WordPress allows remote (link is external) attackers to read arbitrary files via a .. (dot dot) in the img parameter in a revslider_show_image action to wp-admin/admin-ajax.php. epignosis -- efront Multiple cross-site request forgery (CSRF) 2015-02-10 6.8 CVE-2015-1559 XF (link is vulnerabilities in administrator.php in Epignosis external) eFront Open Source Edition before 3.6.15.3 build BID (link is 18022 allow remote attackers to hijack the external) MISC (link is authentication of administrators for requests that external) (1) delete modules via the delete_module MLIST parameter, (2) deactivate modules via the MLIST deactivate_module parameter, (3) activate modules FULLDISC via the activate_module parameter, (4) delete users via the delete_user parameter, (5) deactivate users via the deactivate_user parameter, (6) activate users via the activate_user parameter, (7) activate themes via the set_theme parameter, (8) deactivate themes via the set_theme parameter, (9) delete themes via the delete parameter, (10) deactivate events (user registration or email activation) via the deactivate_notification parameter, (11) activate events via the activate_notification parameter, (12) delete events via the delete_notification parameter, (13) deactivate language settings via the deactivate_language parameter, (14) activate language settings via the activate_language parameter, (15) delete language settings via the delete_language parameter, or (16) activate or deactivate the autologin feature for a user via a crafted maintenance request. fancyfon -- famoc Multiple cross-site scripting (XSS) vulnerabilities in 2015-02-06 4.3 CVE-2015-1512 MISC (link is FancyFon FAMOC before 3.17.4 allow remote external) attackers to inject arbitrary web script or HTML via XF (link is the (1) LoginForm[username] to ui/system/login or external) MISC (link is the (2) order or (3) myorgs to index.php. external) fli4l -- fli4l Multiple cross-site scripting (XSS) vulnerabilities in 2015-02-06 4.3 CVE-2015-1444 XF (link is the web administration frontend in the httpd external) package in fli4l before 3.10.1 and 4.0 before 2015- 01-30 allow remote attackers to inject arbitrary web MLIST MLIST script or HTML via the (1) conntrack.cgi, (2) index.cgi, (3) log_syslog.cgi, (4) problems.cgi, (5) status.cgi, (6) status_network.cgi, or (7) status_system.cgi script in admin/. fortinet -- forticlient Fortinet FortiClient 5.2.028 for iOS does not validate 2015-02-10 4.3 CVE-2015-1569 MISC (link is certificates, which makes it easier for man-in-the- external) middle attackers to spoof SSL VPN servers via a FULLDISC crafted certificate. fortinet -- forticlient The Endpoint Control protocol implementation in 2015-02-10 4.3 CVE-2015-1570 MISC (link is Fortinet FortiClient 5.2.3.091 for Android and external) 5.2.028 for iOS does not validate certificates, which FULLDISC makes it easier for man-in-the-middle attackers to spoof servers via a crafted certificate. fortinet -- fortios The CAPWAP DTLS protocol implementation in 2015-02-10 4.3 CVE-2015-1571 MISC (link is Fortinet FortiOS 5.0 Patch 7 build 4457 uses the external) same certificate and private key across different FULLDISC customers' installations, which makes it easier for man-in-the-middle attackers to spoof SSL servers by leveraging the Fortinet_Factory certificate and private key. freetype -- freetype Multiple integer signedness errors in the 2015-02-08 5.0 CVE-2014-9670 CONFIRM pcf_get_encodings function in pcf/pcfread.c in MISC (link is FreeType before 2.5.4 allow remote attackers to external) cause a denial of service (integer overflow, NULL pointer dereference, and application crash) via a crafted PCF file that specifies negative values for the first column and first row. freetype -- freetype Off-by-one error in the pcf_get_properties function 2015-02-08 5.0 CVE-2014-9671 CONFIRM in pcf/pcfread.c in FreeType before 2.5.4 allows MISC (link is remote attackers to cause a denial of service (NULL external) pointer dereference and application crash) via a crafted PCF file with a 0xffffffff size value that is improperly incremented. freetype -- freetype Array index error in the parse_fond function in 2015-02-08 6.4 CVE-2014-9672 CONFIRM base/ftmac.c in FreeType before 2.5.4 allows MISC (link is remote attackers to cause a denial of service (out- external) of-bounds read) or obtain sensitive information from process memory via a crafted FOND resource in a Mac font file. freetype -- freetype bdf/bdflib.c in FreeType before 2.5.4 identifies 2015-02-08 5.0 CVE-2014-9675 CONFIRM property names by only verifying that an initial MISC (link is substring is present, which allows remote attackers external) to discover heap pointer values and bypass the ASLR protection mechanism via a crafted BDF font. ge -- Buffer overflow in the Field Device Tool (FDT) Frame 2015-02-07 5.0 CVE-2014-9203 12400_level_transm application in the HART Device Type Manager itter_device_type_ (DTM) library, as used in MACTek Bullet DTM 1.00.0, manager GE Vector DTM 1.00.0, GE SVi1000 Positioner DTM 1.00.0, GE SVI II AP Positioner DTM 2.00.1, and GE 12400 Level Transmitter DTM 1.00.0, allows remote attackers to cause a denial of service (DTM outage) via crafted packets. google -- chrome The V8ThrowException::createDOMException 2015-02-06 5.0 CVE-2015-1210 CONFIRM function in CONFIRM (link bindings/core/v8/V8ThrowException.cpp in the V8 is external) bindings in Blink, as used in Google Chrome before XF (link is external) 40.0.2214.111 on Windows, OS X, and Linux and UBUNTU (link before 40.0.2214.109 on Android, does not properly is external) consider frame access restrictions during the SECTRACK throwing of an exception, which allows remote (link is external) BID (link is attackers to bypass the Same Origin Policy via a external) crafted web site. SECUNIA (link is external) SECUNIA (link is external) REDHAT (link is external) hitachi -- Cross-site scripting (XSS) vulnerability in the online 2015-02-09 4.3 CVE-2015-1565 compute_systems_ help in Hitachi Device Manager, Tiered Storage manager Manager, Replication Manager, and Global Link Manager before 8.1.2-00, and Compute Systems Manager before 7.6.1-08 and 8.x before 8.1.2-00, as used in Hitachi Command Suite, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. homepage_decorat Cross-site scripting (XSS) vulnerability in Homepage 2015-02-12 4.3 CVE-2015-0873 or -- perltreebbs Decorator PerlTreeBBS 2.30 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. ibm -- The alert module in IBM InfoSphere BigInsights 2015-02-12 5.0 CVE-2014-4781 XF (link is infosphere_biginsig 2.1.2 and 3.x before 3.0.0.2 allows remote attackers external) hts to obtain sensitive Alert management-services API information via a network-tracing attack. ibm -- Race condition in the client in IBM Tivoli Storage 2015-02-12 6.9 CVE-2014-4813 XF (link is tivoli_storage_man Manager (TSM) 5.4.0.0 through 5.4.3.6, 5.5.0.0 external) ager through 5.5.4.3, 6.1.0.0 through 6.1.5.6, 6.2 before AIXAPAR (link 6.2.5.4, 6.3 before 6.3.2.3, 6.4 before 6.4.2.1, and 7.1 is external) before 7.1.1 on UNIX and Linux allows local users to obtain root privileges via unspecified vectors. ibm -- The Search REST API in IBM Business Process 2015-02-12 4.0 CVE-2014-6139 business_process_ Manager 8.0.1.3, 8.5.0.1, and 8.5.5.0 allows remote manager authenticated users to bypass intended access restrictions and perform task-instance and process- instance searches by specifying a false value for the filterByCurrentUser parameter. ibm -- Directory traversal vulnerability in IBM Optim 2015-02-12 5.0 CVE-2014-6154 XF (link is optim_performance Performance Manager for DB2 4.1.0.1 through 4.1.1 external) _manager on Linux, UNIX, and Windows and IBM InfoSphere Optim Performance Manager for DB2 5.1 through 5.3.1 on Linux, UNIX, and Windows allows remote attackers to access arbitrary files via a .. (dot dot) in a URL. info-zip -- unzip unzip 6.0 allows remote attackers to cause a denial 2015-02-06 5.0 CVE-2014-9636 UBUNTU (link of service (out-of-bounds read or write and crash) is external) via an extra field with an uncompressed size smaller BID (link is than the compressed field size in a zip archive that external) DEBIAN advertises STORED method compression. MLIST MLIST MLIST MLIST FEDORA FEDORA jython_project -- Jython 2.2.1 uses the current umask to set the 2015-02-13 4.6 CVE-2013-2027 MISC (link is jython privileges of the class cache files, which allows local external) users to bypass intended access restrictions via SUSE unspecified vectors. mantisbt -- mantisbt The string_sanitize_url function in 2015-02-10 5.8 CVE-2015-1042 CONFIRM core/string_api.php in MantisBT 1.2.0a3 through MLIST (link is 1.2.18 uses an incorrect regular expression, which external) allows remote attackers to conduct open redirect MLIST (link is external) and phishing attacks via a URL with a ":/" (colon FULLDISC slash) separator in the return parameter to MISC (link is login_page.php, a different vulnerability than CVE- external) 2014-6316. mcafee -- McAfee Data Loss Prevention Endpoint (DLPe) 2015-02-06 6.9 CVE-2015-1305 XF (link is data_loss_preventi before 9.3.400 allows local users to write to external) on_endpoint arbitrary memory locations, and consequently gain OSVDB privileges, via a crafted (1) 0x00224014 or (2) MISC (link is external) 0x0022c018 IOCTL call. EXPLOIT-DB (link is external) MISC (link is external) microsoft -- office Use-after-free vulnerability in Microsoft Office 2007 2015-02-10 4.3 CVE-2014-6362 SP3, 2010 SP2, and 2013 Gold and SP1 allows remote attackers to bypass the ASLR protection mechanism via a crafted document, aka "Microsoft Office Component Use After Free Vulnerability." microsoft -- win32k.sys in the kernel-mode drivers in Microsoft 2015-02-10 6.9 CVE-2015-0003 windows_2003_ser Windows Server 2003 SP2, Windows Vista SP2, ver Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges or cause a denial of service (NULL pointer dereference) via a crafted application, aka "Win32k Elevation of Privilege Vulnerability." microsoft -- Microsoft System Center Virtual Machine Manager 2015-02-10 6.9 CVE-2015-0012 virtual_machine_m (VMM) 2012 R2 Update Rollup 4 does not properly anager validate the roles of users, which allows local users to obtain server and virtual-machine administrative privileges by establishing a server session with Active Directory credentials, aka "Virtual Machine Manager Elevation of Privilege Vulnerability." microsoft -- Microsoft Internet Explorer 8 allows remote 2015-02-10 4.3 CVE-2015-0051 internet_explorer attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Internet Explorer ASLR Bypass Vulnerability." microsoft -- Microsoft Internet Explorer 7 through 11 allows 2015-02-10 4.3 CVE-2015-0054 internet_explorer remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability." microsoft -- Microsoft Internet Explorer 10 and 11 allows remote 2015-02-10 4.3 CVE-2015-0055 internet_explorer attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability." microsoft -- win32k.sys in the kernel-mode drivers in Microsoft 2015-02-10 6.9 CVE-2015-0059 windows_2003_ser Windows Server 2008 R2 SP1, Windows 7 SP1, ver Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted TrueType font, aka "TrueType Font Parsing Remote Code Execution Vulnerability." microsoft -- The font mapper in win32k.sys in the kernel-mode 2015-02-10 4.7 CVE-2015-0060 windows_2003_ser drivers in Microsoft Windows Server 2003 SP2, ver Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly scale fonts, which allows local users to cause a denial of service (system hang) via a crafted application, aka "Windows Font Driver Denial of Service Vulnerability." microsoft -- Microsoft Windows Server 2003 SP2, Windows Vista 2015-02-10 4.3 CVE-2015-0061 windows_2003_ser SP2, Windows Server 2008 SP2 and R2 SP1, ver Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 do not properly initialize memory for TIFF images, which allows remote attackers to obtain sensitive information from process memory via a crafted image file, aka "TIFF Processing Information Disclosure Vulnerability." microsoft -- Microsoft Internet Explorer 10 and 11 allows remote 2015-02-10 4.3 CVE-2015-0069 internet_explorer attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Internet Explorer ASLR Bypass Vulnerability." microsoft -- Microsoft Internet Explorer 6 through 11 allows 2015-02-10 4.3 CVE-2015-0070 internet_explorer remote attackers to read content from a different (1) domain or (2) zone via a crafted web site, aka "Internet Explorer Cross-domain Information Disclosure Vulnerability." microsoft -- Microsoft Internet Explorer 9 through 11 allows 2015-02-10 4.3 CVE-2015-0071 internet_explorer remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Internet Explorer ASLR Bypass Vulnerability." microsoft -- Cross-site scripting (XSS) vulnerability in Microsoft 2015-02-07 4.3 CVE-2015-0072 MISC (link is internet_explorer Internet Explorer 10 and 11 allows remote attackers external) to bypass the Same Origin Policy and inject XF (link is arbitrary web script or HTML via vectors involving external) BID (link is an IFRAME element that triggers a redirect, a external) second IFRAME element that does not trigger a BUGTRAQ redirect, and an eval of a WindowProxy object, aka (link is external) "Universal XSS (UXSS)." MISC (link is external) SECUNIA (link is external) FULLDISC MISC (link is external) MISC (link is external) MISC (link is external) mobile_domain_pr Multiple cross-site request forgery (CSRF) 2015-02-11 6.8 CVE-2015-1581 MISC (link is oject -- vulnerabilities in the Mobile Domain plugin 1.5.2 for external) mobile_domain WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change plugin settings or conduct cross-site scripting (XSS) attacks via the (2) domain, (3) text, (4) font, (5) fontcolor, (6) color, or (7) padding parameter in an add-domain action in the mobile- domain page to wp-admin/options-general.php. netapp -- NetApp OnCommand Balance before 4.2P3 allows 2015-02-06 4.0 CVE-2014-9354 oncommand_balan local users to obtain sensitive information via ce unspecified vectors related to cleartext storage. openldap -- The deref_parseCtrl function in 2015-02-12 5.0 CVE-2015-1545 CONFIRM openldap servers/slapd/overlays/deref.c in OpenLDAP 2.4.13 BID (link is through 2.4.40 allows remote attackers to cause a external) denial of service (NULL pointer dereference and MLIST (link is external) crash) via an empty attribute list in a deref control CONFIRM in a search request. openldap -- Double free vulnerability in the get_vrFilter 2015-02-12 5.0 CVE-2015-1546 CONFIRM openldap function in servers/slapd/filter.c in OpenLDAP MLIST (link is 2.4.13 through 2.4.40 allows remote attackers to external) cause a denial of service (crash) via a crafted search CONFIRM query with a matched values control. ovirt -- ovirt Cross-site request forgery (CSRF) vulnerability in 2015-02-13 6.8 CVE-2014-0151 CONFIRM (link oVirt Engine before 3.5.0 beta2 allows remote is external) attackers to hijack the authentication of users for REDHAT (link requests that perform unspecified actions via a is external) REST API request. ovirt -- ovirt oVirt Engine before 3.5.0 does not include the 2015-02-13 5.0 CVE-2014-0154 HTTPOnly flag in a Set-Cookie header for the session IDs, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie. phpbb -- phpbb Cross-site scripting (XSS) vulnerability in 2015-02-10 4.3 CVE-2015-1431 CONFIRM (link includes/startup.php in phpBB before 3.0.13 allows is external) remote attackers to inject arbitrary web script or CONFIRM (link HTML via vectors related to "Relative Path is external) CONFIRM (link Overwrite." is external) CONFIRM (link is external) XF (link is external) BID (link is external) MLIST phpbb -- phpbb The message_options function in 2015-02-10 6.8 CVE-2015-1432 CONFIRM (link includes/ucp/ucp_pm_options.php in phpBB is external) before 3.0.13 does not properly validate the form CONFIRM (link key, which allows remote attackers to conduct CSRF is external) CONFIRM (link attacks and change the full folder setting via is external) CONFIRM (link unspecified vectors. is external) XF (link is external) BID (link is external) MLIST plainblack -- webgui Cross-site scripting (XSS) vulnerability in style- 2015-02-09 4.3 CVE-2015-1564 MISC (link is underground/search in Plain Black WebGUI 7.10.29 external) and earlier allows remote attackers to inject FULLDISC arbitrary web script or HTML via the Search field. redirection_project Multiple cross-site request forgery (CSRF) 2015-02-11 6.8 CVE-2015-1580 MISC (link is -- redirection vulnerabilities in the Redirection Page plugin 1.2 for external) WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change plugin settings or conduct cross-site scripting (XSS) attacks via the (2) source or (3) redir parameter in an add action in the redirection-page to wp-admin/options-general.php. samba -- rsync rsync 3.1.1 allows remote attackers to write to 2015-02-12 6.4 CVE-2014-9512 CONFIRM arbitrary files via a symlink attack on a file in the MISC (link is synchronization path. external) SUSE saurus -- Multiple cross-site scripting (XSS) vulnerabilities in 2015-02-09 4.3 CVE-2015-1562 CONFIRM (link saurus_cms Saurus CMS 4.7.0 allow remote attackers to inject is external) arbitrary web script or HTML via the (1) search MLIST (link is parameter to admin/user_management.php, (2) external) MISC (link is data_search parameter to /admin/profile_data.php, external) or (3) filter parameter to error_log.php. MISC (link is external) FULLDISC shiromuku -- Cross-site scripting (XSS) vulnerability in Mrs. 2015-02-07 4.3 CVE-2015-0871 guestbook Shiromuku Perl CGI shiromuku(u1)GUESTBOOK 1.62 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. studio.gd -- Cross-site scripting (XSS) vulnerability in the admin 2015-02-09 4.3 CVE-2015-1567 XF (link is gd_infinite_scroll page in the GD Infinite Scroll module before 7.x-1.4 external) for Drupal allows remote authenticated users with the "edit gd infinite scroll settings" permission to inject arbitrary web script or HTML via unspecified vectors. studio.gd -- Cross-site request forgery (CSRF) vulnerability in the 2015-02-09 6.8 CVE-2015-1568 XF (link is gd_infinite_scroll GD Infinite Scroll module before 7.x-1.4 for Drupal external) allows remote attackers to hijack the authentication of users with the "edit gd infinite scroll settings" permission for requests that delete settings via unspecified vectors. web-dorado -- Multiple cross-site scripting (XSS) vulnerabilities in 2015-02-11 4.3 CVE-2015-1582 MISC (link is spider_facebook the Spider Facebook plugin before 1.0.11 for external) WordPress allow (1) remote attackers to inject arbitrary web script or HTML via the appid parameter in a registration task to the default URI or remote administrators to inject arbitrary web script or HTML via the (2) asc_or_desc, (3) order_by, (4) page_number, (5) serch_or_not, or (6) search_events_by_title parameter in (a) the Spider_Facebook_manage page to wp- admin/admin.php or a (b) selectpagesforfacebook or (c) selectpostsforfacebook action to wp- admin/admin-ajax.php. webmin -- webmin The Read Mail module in Webmin 1.720 allows local 2015-02-10 4.9 CVE-2015-1377 users to read arbitrary files via a symlink attack on an unspecified file. yuba -- u5cms Multiple cross-site scripting (XSS) vulnerabilities in 2015-02-11 4.3 CVE-2015-1575 MISC (link is u5CMS before 3.9.4 allow remote attackers to inject external) arbitrary web script or HTML via the (1) c, (2) i, (3) l, EXPLOIT-DB or (4) p parameter to index.php; the (5) a or (6) b (link is external) MISC (link is parameter to u5admin/cookie.php; the name external) parameter to (7) copy.php or (8) delete.php in u5admin/; the (9) f or (10) typ parameter to u5admin/deletefile.php; the (11) n parameter to u5admin/done.php; the (12) c parameter to u5admin/editor.php; the (13) uri parameter to u5admin/meta2.php; the (14) n parameter to u5admin/notdone.php; the (15) newname parameter to u5admin/rename2.php; the (16) l parameter to u5admin/sendfile.php; the (17) s parameter to u5admin/characters.php; the (18) page parameter to u5admin/savepage.php; or the (19) name parameter to u5admin/new2.php. yuba -- u5cms Directory traversal vulnerability in 2015-02-11 6.4 CVE-2015-1577 MISC (link is u5admin/deletefile.php in u5CMS before 3.9.4 external) allows remote attackers to write to arbitrary files via EXPLOIT-DB a (1) .. (dot dot) or (2) full pathname in the f (link is external) MISC (link is parameter. external) yuba -- u5cms Multiple open redirect vulnerabilities in u5CMS 2015-02-11 5.8 CVE-2015-1578 MISC (link is before 3.9.4 allow remote attackers to redirect users external) to arbitrary web sites and conduct phishing attacks MISC (link is via a URL in the (1) pidvesa cookie to external) u5admin/pidvesa.php or (2) uri parameter to u5admin/meta2.php.

Low Severity Vulnerabilities

The Primary Description Date Published CVSS The CVE Vendor --- Product Score Identity cloudera -- Cloudera Manager 5.2.0, 5.2.1, and 5.3.0 stores the 2015-02-10 2.1 CVE-2014-8733 cloudera_manager LDAP bind password in plaintext in unspecified world-readable files under /etc/hadoop, which allows local users to obtain this password. digium -- asterisk Asterisk Open Source 12.x before 12.8.1 and 13.x 2015-02-09 3.5 CVE-2015-1558 SECTRACK before 13.1.1, when using the PJSIP channel driver, (link is external) does not properly reclaim RTP ports, which allows BUGTRAQ remote authenticated users to cause a denial of (link is external) FULLDISC service (file descriptor consumption) via an SDP offer containing only incompatible codecs. gnu -- grep The bmexec_trans function in kwset.c in grep 2.19 2015-02-12 2.1 CVE-2015-1345 MLIST (link is through 2.21 allows local users to cause a denial of external) service (out-of-bounds heap read and crash) via SUSE crafted input when using the -F option. CONFIRM CONFIRM ibm -- IBM WebSphere MQ 7.0.1 before 7.0.1.13, 7.1 before 2015-02-12 3.5 CVE-2014-4771 XF (link is websphere_mq 7.1.0.6, 7.5 before 7.5.0.5, and 8 before 8.0.0.1 allows external) remote authenticated users to cause a denial of AIXAPAR (link service (queue-slot exhaustion) by leveraging PCF is external) query privileges for a crafted query. ibm -- Cross-site scripting (XSS) vulnerability in IBM 2015-02-12 3.5 CVE-2014-8909 XF (link is websphere_portal WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, external) 6.1.5.x through 6.1.5.3 CF27, 7.0.0.x through 7.0.0.2 AIXAPAR (link CF29, 8.0.0.x before 8.0.0.1 CF15, and 8.5.0 before is external) CF05 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. microsoft -- The Group Policy Security Configuration policy 2015-02-10 3.3 CVE-2015-0009 windows_2003_ser implementation in Microsoft Windows Server 2003 ver SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows man-in-the-middle attackers to disable a signing requirement and trigger a revert-to-default action by spoofing domain-controller responses, aka "Group Policy Security Feature Bypass Vulnerability." microsoft -- The CryptProtectMemory function in cng.sys (aka 2015-02-10 1.9 CVE-2015-0010 MISC (link is windows_2003_ser the Cryptography Next Generation driver) in the external) ver kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1, when the CRYPTPROTECTMEMORY_SAME_LOGON option is used, does not check an impersonation token's level, which allows local users to bypass intended decryption restrictions by leveraging a service that (1) has a named-pipe planting vulnerability or (2) uses world-readable shared memory for encrypted data, aka "CNG Security Feature Bypass Vulnerability" or MSRC ID 20707. xen -- xen The ARM GIC distributor virtualization in Xen 4.4.x 2015-02-09 2.1 CVE-2015-1563 SECTRACK and 4.5.x allows local guests to cause a denial of (link is external) service by causing a large number messages to be MLIST (link is logged. external)

• Sources: http://nvd.nist.gov (For more information visit the National Vulnerabilities Database (NVD) which contains a database of every vulnerability that has ever been published).

Uganda Communications Commission – UGCERT Email: [email protected] Tel + 256 414 302 100/150 Toll Free: 0800 133 911 Website www.ug-cert.ug Face book / Twitter: UGCERT