Vulnerability Summary for the Week of January 26, 2014 Please Note: • The vulnerabilities are cattegorized by their level of severity which is either High, Medium or Low. • The !" indentity number is the #ublicly $nown %& given to that #articular vulnerability. Therefore you can search the status of that #articular vulnerability using that %&. • The !'S (Common !ulnerability 'coring System) score is a standard scoring system used to determine the severity of the vulnerability. High Severity Vulnerabilities The Primary Vendor --- Description Date CVSS The CVE Product Published Score Identity adobe ** flash+#layer ,dobe -lash Player before ./.0.0.121 and .3.x 2015-01-23 10.0 CVE-2015-0310 through .2.x before .2.0.0.256 on 7indows and 8' 9 and before ...2.201.4/5 on Linu4 does not #ro#erly restrict discovery of memory addresses, which allows attac$ers to bypass the ,'L: #rotection mechanism on 7indows, and have an uns#ecified im#act on other #latforms, via un$nown vectors, as e4#loited in the wild in ;anuary 10.<. adobe ** flash+#layer =ns#ecified vulnerability in ,dobe -lash Player 2015-01-23 10.0 CVE-2015-0311 through ./.0.0.221 and .3.x, .<.x, and .2.x through .2.0.0.256 on 7indows and 8' 9 and through ...1.201.4/5 on Linu4 allows remote attac$ers to e4ecute arbitrary code via un$nown vectors, as e4#loited in the wild in ;anuary 10.<. adobe ** flash+#layer Double free vulnerability in ,dobe -lash Player 2015-01-28 10.0 CVE-2015-0312 before ./.0.0.123 and .3.x through .2.x before .2.0.0.2>2 on 7indows and 8' 9 and before ...2.101.430 on Linu4 allows attac$ers to e4ecute arbitrary code via uns#ecified vectors. catbot+#roject ** catbot 'QL in?ection vulnerability in inde4.ph# in 2015-01-27 7.5 CVE-2015-1367 XF (link is atAot 0.3.2 allows remote attac$ers to e4ecute external) arbitrary 'QL commands via the lastcatbot MISC (link is #arameter. external) BUGTRAQ (link is external) FULLDISC MISC (link is external) cisco ** The 9ML #arser in isco Prime 'ervice atalog 2015-01-28 7.5 CVE-2015-0581 #rime+service+catalog before .0.1 allows remote authenticated users to read arbitrary files or cause a denial of service ( P= and memory consum#tion) via an e4ternal entity declaration in con?unction with an entity reference, as demonstrated by reading #rivate $eys, related to an 9ML "4ternal Entity (99") issue, a$a Aug %D ' u#>1550. cisco ** ios The Networ$*Aased ,##lication :ecognition 2015-01-28 7.8 CVE-2015-0586 (NB,:) #rotocol im#lementation in isco %8' .<.3(.00)M and earlier on isco 1>00 %ntegrated 'ervices :outer (a$a isco %nternet :outer) devices allows remote attac$ers to cause a denial of service (NB,: #rocess hang) via %Pv4 #ac$ets, a$a Aug %D ' uo7/251. ferretcms+#roject ** =nrestricted file u#load vulnerability in 2015-01-27 7.5 CVE-2015-1371 CONFIRM (link ferretcms ferret M' ..0.4*alpha allows remote is external) administrators to e4ecute arbitrary code by BID (link is u#loading a file with an e4ecutable e4tension, external) MLIST (link is then accessing it via a direct reBuest to the file in external) customCu#loadsC. MISC (link is external) FULLDISC ferretcms+#roject ** 'QL in?ection vulnerability in ferret M' ..0.4* 2015-01-27 7.5 CVE-2015-1372 CONFIRM (link ferretcms alpha allows remote attac$ers to e4ecute is external) arbitrary 'QL commands via the # #arameter in BID (link is an u#date action to admin.ph#. external) MLIST (link is external) MISC (link is external) FULLDISC freere#rintables ** articlefr 'QL in?ection vulnerability in the getProfile 2015-01-27 7.5 CVE-2015-1364 MISC (link is function in systemC#rofile.functions.ph# in -ree external) :e#rintables ,rticle-: /.0.5 allows remote EXPLOIT-DB attac$ers to e4ecute arbitrary 'QL commands via (link is external) FULLDISC the username #arameter to registerC. gnome ** vala The Dst.Ma#%nfo function in !ala 0.12.0 and 2015-01-27 7.5 CVE-2014-8154 MISC (link is 0.22.. uses an incorrect buffer length declaration external) for the Dstreamer bindings, which allows SUSE conte4t*de#endent attac$ers to cause a denial of service (crash) or #ossibly e4ecute arbitrary code via uns#ecified vectors, which trigger a hea#* based buffer overflow. gnu ** glibc Hea#*based buffer overflow in the 2015-01-28 10.0 CVE-2015-0235 MISC (link is ++nss+hostname+digits+dots function in glibc external) 1.2, and other 1.x versions before 1.15, allows BUGTRAQ conte4t*de#endent attac$ers to e4ecute BUGTRAQ arbitrary code via vectors related to the (.) gethostbyname or (1) gethostbyname1 function, a$a EDH8'T." google ** chrome '$ia, as used in Doogle hrome before 2015-01-27 7.5 CVE-2015-1360 CONFIRM 30.0.11.3.9., allows remote attac$ers to cause a CONFIRM (link denial of service (buffer over*read) or #ossibly is external) have uns#ecified other im#act via crafted data CONFIRM (link is external) that is im#roperly handled during te4t drawing, related to g#uCDrAitma#Te4t onte4t.c## and g#uCDrDistance-ieldTe4t onte4t.c##, a different vulnerability than !"*10.<*.10<. ibm ** i+access Auffer overflow in the Data Transfer Program in 2015-01-28 7.2 CVE-2014-8920 XF (link is %AM i ,ccess <660*9". <:3, 2.., and 6.1 on external) 7indows allows local users to gain #rivileges via uns#ecified vectors. ?as#er+#ro?ect ** ?as#er Off*by-one error in the ?#c+dec+#rocess+sot 2015-01-26 7.5 CVE-2014-8157 CONFIRM (link function in ;asPer ..>00.1 and earlier allows is external) remote attac$ers to cause a denial of service REDHAT (link (crash) or #ossibly e4ecute arbitrary code via a is external) crafted ;P"D 1000 image, which triggers a hea#* based buffer overflow. mantisbt ** mantisbt MantisAT before ..1.1> and ../.x before ..3.0* 2015-01-26 7.5 CVE-2014-9572 beta.2 does not #roperly restrict access to CONFIRM MISC (link is CFCinstall.ph#, which allows remote attac$ers to external) obtain database credentials via the install XF (link is #arameter with the value 3. external) MLIST midgard-#roject ** The default &*Aus access control rule in 2015-01-26 7.2 CVE-2014-8148 MLIST (link is midgard2 Midgard2 .0.0<.7.1 allows local users to send external) arbitrary method calls or signals to any #rocess SUSE on the system bus and #ossibly e4ecute arbitrary code with root #rivileges. #h# ** #h# =se*after*free vulnerability in the 2015-01-27 7.5 CVE-2015-0231 CONFIRM (link #rocess+nested_data function in is external) e4tCstandard/var+unserializer.re in PHP before CONFIRM (link <.4.36, <.5.x before <.5.2., and <.6.x before <.2.5 is external) allows remote attac$ers to e4ecute arbitrary code via a crafted unserialize call that leverages im#roper handling of du#licate numerical $eys within the serialized #roperties of an ob?ect. NOT": this vulnerability e4ists because of an incom#lete fi4 for !"*10.3*5.31. #i4abay_images+#roject #i4abay-images.ph# in the Pi4abay %mages 2015-01-28 7.5 CVE-2015-1375 CONFIRM ** #i4abay_images #lugin before 1.3 for 7ordPress does not BUGTRAQ #ro#erly restrict access to the u#load (link is external) functionality, which allows remote attac$ers to OSVDB MLIST (link is write to arbitrary files. external) EXPLOIT-DB (link is external) FULLDISC MISC (link is external) #olarssl ** #olarssl The asn.+get+seBuence+of function in 2015-01-27 7.5 CVE-2015-1182 SECUNIA (link library/asn.#arse.c in Polar''L ..0 through is external) ..2.11 and ..3.x through ..3.9 does not #roperly SECUNIA (link initialize a #ointer in the asn.+seBuence lin$ed is external) list, which allows remote attac$ers to cause a denial of service (crash) or #ossibly e4ecute arbitrary code via a crafted ,'N.1 seBuence in a certificate. schneider*electric ** The 'chneider "lectric ETD/000 -actoryCast HM% 2015-01-27 7.8 CVE-2014-9197 ts4etg/000 Dateway with firmware before ..60 %: 03 stores rde.jar under the web root with insufficient access control, which allows remote attac$ers to obtain sensitive setu# and configuration information via a direct reBuest. schneider*electric ** The -TP server on the 'chneider Electric 2015-01-27 10.0 CVE-2014-9198 ts4etg/000 ETD/000 -actoryCast HM% Dateway with firmware through ..60 %: 03 has hardcoded credentials, which ma$es it easier for remote attac$ers to obtain access via an -TP session. seBuelize+#ro?ect ** 'QL in?ection vulnerability in 'eBuelize before 2015-01-27 7.5 CVE-2015-1369 CONFIRM (link seBuelize 1.0.0*rc6 for Node.js allows remote attac$ers to is external) e4ecute arbitrary '@L commands via the order CONFIRM (link #arameter. is external) MLIST (link is external) two_#ilots ** e4if+#ilot Auffer overflow in the ustomize /<mm tab in 2015-01-27 7.5 CVE-2015-1362 EXPLOIT-DB Two Pilots "4if Pilot 3.6.2 allows remote (link is external) attac$ers to e4ecute arbitrary code via a long MISC (link is string in the ma$er element in an 9ML file. external) Medium Severity Vulnerabilities The Primary Description Date Published CVSS The CVE Vendor --- Product Score Identity ansible ** tower Multi#le cross*site scri#ting (9'') vulnerabilities in 2015-01-27 4.3 CVE-2015-1368 MISC (link is ,nsible Tower (a$a ,nsible =%) before 1.0.5 allow external) remote attac$ers to in?ect arbitrary web scri#t or XF (link is HTML via the (.) order+by #arameter to external) BID (link is credentialsC, (1) inventoriesC, (/) #rojectsC, or (3) external) usersC/C#ermissionsC in a#iCv1C or the (<) ne4t+run BUGTRAQ #arameter to a#iCv1CschedulesC.