eci final

VMware Releases Security Advisory

Thu, 01 Oct 2015 23:06:20 +0000

Original release date: October 01, 2015

VMware has released security updates to address security vulnerabilities in vCenter and ESXi. Exploitation of one of these vulnerabilities may allow a remote attacker to take control of an affected system.

Users and administrators are encouraged to review VMware Security Advisory VMSA-2015-0007 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

Apple Releases Security Updates for OS X El Capitan, Safari, and iOS

Thu, 01 Oct 2015 01:32:15 +0000

Original release date: September 30, 2015

Apple has released security updates for OS X El Capitan, Safari, and iOS to address multiple vulnerabilities. Exploitation of some of these vulnerabilities may allow an attacker to run arbitrary code.

Available updates include:

OS X El Capitan 10.11 for Mac OS X v10.6.8 and later
Safari 9 for OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11
iOS 9.0.2 for iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later

US-CERT encourages users and administrators to review Apple security updates for OS X El Capitan, Safari, and iOS and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

SB15-271: Vulnerability Summary for the Week of September 21, 2015

Mon, 28 Sep 2015 10:46:16 +0000

Original release date: September 28, 2015

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0
Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9
Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

High Vulnerabilities

Primary Vendor -- Product	Description	Published	CVSS Score	Source & Patch Info
3s-smart -- codesys_gateway_server	Multiple heap-based buffer overflows in 3S-Smart CODESYS Gateway Server before 2.3.9.47 allow remote attackers to execute arbitrary code via opcode (1) 0x3ef or (2) 0x3f0.	2015-09-18	7.5	CVE-2015-6460 MISC MISC MISC
adobe -- air	Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allow attackers to execute arbitrary code or cause a denial of service (stack memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5579.	2015-09-22	10.0	CVE-2015-5567 CONFIRM
adobe -- air	Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allow attackers to cause a denial of service (vector-length corruption) or possibly have unspecified other impact via unknown vectors.	2015-09-22	10.0	CVE-2015-5568 CONFIRM
adobe -- air	Use-after-free vulnerability in Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-5574, CVE-2015-5581, CVE-2015-5584, and CVE-2015-6682.	2015-09-22	10.0	CVE-2015-5570 CONFIRM
adobe -- air	Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allow attackers to execute arbitrary code by leveraging an unspecified "type confusion."	2015-09-22	10.0	CVE-2015-5573 CONFIRM
adobe -- air	Use-after-free vulnerability in Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-5570, CVE-2015-5581, CVE-2015-5584, and CVE-2015-6682.	2015-09-22	10.0	CVE-2015-5574 CONFIRM
adobe -- air	Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5577, CVE-2015-5578, CVE-2015-5580, CVE-2015-5582, CVE-2015-5588, and CVE-2015-6677.	2015-09-22	10.0	CVE-2015-5575 CONFIRM
adobe -- air	Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5575, CVE-2015-5578, CVE-2015-5580, CVE-2015-5582, CVE-2015-5588, and CVE-2015-6677.	2015-09-22	10.0	CVE-2015-5577 CONFIRM
adobe -- air	Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5575, CVE-2015-5577, CVE-2015-5580, CVE-2015-5582, CVE-2015-5588, and CVE-2015-6677.	2015-09-22	10.0	CVE-2015-5578 CONFIRM
adobe -- air	Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allow attackers to execute arbitrary code or cause a denial of service (stack memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5567.	2015-09-22	10.0	CVE-2015-5579 CONFIRM
adobe -- air	Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5575, CVE-2015-5577, CVE-2015-5578, CVE-2015-5582, CVE-2015-5588, and CVE-2015-6677.	2015-09-22	10.0	CVE-2015-5580 CONFIRM
adobe -- air	Use-after-free vulnerability in Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-5570, CVE-2015-5574, CVE-2015-5584, and CVE-2015-6682.	2015-09-22	10.0	CVE-2015-5581 CONFIRM
adobe -- air	Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5575, CVE-2015-5577, CVE-2015-5578, CVE-2015-5580, CVE-2015-5588, and CVE-2015-6677.	2015-09-22	10.0	CVE-2015-5582 CONFIRM
adobe -- air	Use-after-free vulnerability in Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-5570, CVE-2015-5574, CVE-2015-5581, and CVE-2015-6682.	2015-09-22	10.0	CVE-2015-5584 CONFIRM
adobe -- air	Stack-based buffer overflow in Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allows attackers to execute arbitrary code via unspecified vectors.	2015-09-22	10.0	CVE-2015-5587 CONFIRM
adobe -- air	Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5575, CVE-2015-5577, CVE-2015-5578, CVE-2015-5580, CVE-2015-5582, and CVE-2015-6677.	2015-09-22	10.0	CVE-2015-5588 CONFIRM
adobe -- air	Buffer overflow in Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-6678.	2015-09-22	10.0	CVE-2015-6676 CONFIRM
adobe -- air	Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5575, CVE-2015-5577, CVE-2015-5578, CVE-2015-5580, CVE-2015-5582, and CVE-2015-5588.	2015-09-22	10.0	CVE-2015-6677 CONFIRM
adobe -- air	Buffer overflow in Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-6676.	2015-09-22	10.0	CVE-2015-6678 CONFIRM
adobe -- air	Use-after-free vulnerability in Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-5570, CVE-2015-5574, CVE-2015-5581, and CVE-2015-5584.	2015-09-22	10.0	CVE-2015-6682 CONFIRM
apple -- mac_os_x_server	Multiple unspecified vulnerabilities in Twisted in Wiki Server in Apple OS X Server before 5.0.3 allow attackers to have an unknown impact via an XML document.	2015-09-18	10.0	CVE-2015-5911 CONFIRM APPLE
avira -- management_console	Use-after-free vulnerability in the Update Manager service in Avira Management Console allows remote attackers to execute arbitrary code via a large header.	2015-09-21	10.0	CVE-2015-7303 MISC
boxoft -- boxoft_wav_to_mp3_converter	Buffer overflow in Boxoft WAV to MP3 Converter allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted WAV file.	2015-09-18	7.5	CVE-2015-7243 EXPLOIT-DB MISC
cisco -- prime_collaboration_assurance	The web framework in Cisco Prime Collaboration Assurance before 10.5.1.53684-1 allows remote authenticated users to bypass intended access restrictions, and create administrative accounts or read data from arbitrary tenant domains, via a crafted URL, aka Bug IDs CSCus62671 and CSCus62652.	2015-09-19	9.0	CVE-2015-4304 CISCO
cisco -- prime_collaboration_assurance	The web framework in Cisco Prime Collaboration Assurance before 10.5.1.53684-1 allows remote authenticated users to bypass intended login-session read restrictions, and impersonate administrators of arbitrary tenant domains, by discovering a session identifier and constructing a crafted URL, aka Bug IDs CSCus88343 and CSCus88334.	2015-09-19	8.5	CVE-2015-4306 CISCO
cisco -- prime_collaboration_provisioning	The web framework in Cisco Prime Collaboration Provisioning before 11.0 allows remote authenticated users to bypass intended access restrictions and create administrative accounts via a crafted URL, aka Bug ID CSCut64111.	2015-09-19	9.0	CVE-2015-4307 CISCO
cisco -- telepresence_server_software	Buffer overflow in the Conference Control Protocol API implementation in Cisco TelePresence Server software before 4.1(2.33) on 7010, MSE 8710, Multiparty Media 310 and 320, and Virtual Machine devices allows remote attackers to cause a denial of service (device crash) via a crafted URL, aka Bug ID CSCuu28277.	2015-09-20	7.8	CVE-2015-6284 CISCO
cisco -- prime_network_registrar	Cisco Prime Network Registrar (CPNR) 8.1(3.3), 8.2(3), and 8.3(2) has a default account, which allows local users to obtain root access by leveraging knowledge of the credentials, aka Bug ID CSCuw21825.	2015-09-18	7.2	CVE-2015-6296 CISCO
ge -- mds_pulsenet	GE Digital Energy MDS PulseNET and MDS PulseNET Enterprise before 3.1.5 have hardcoded credentials for a support account, which allows remote attackers to obtain administrative access, and consequently execute arbitrary code, by leveraging knowledge of the password.	2015-09-18	9.0	CVE-2015-6456 MISC MISC CONFIRM
ge -- mds_pulsenet	Absolute path traversal vulnerability in the download feature in FileDownloadServlet in GE Digital Energy MDS PulseNET and MDS PulseNET Enterprise before 3.1.5 allows remote attackers to read or delete arbitrary files via a full pathname.	2015-09-18	10.0	CVE-2015-6459 MISC MISC CONFIRM
mozilla -- firefox	Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.	2015-09-24	7.5	CVE-2015-4500 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM
mozilla -- firefox	Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 41.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.	2015-09-24	7.5	CVE-2015-4501 CONFIRM CONFIRM CONFIRM
mozilla -- firefox	Use-after-free vulnerability in the HTMLVideoElement interface in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allows remote attackers to execute arbitrary code via crafted JavaScript code that modifies the URI table of a media element, aka ZDI-CAN-3176.	2015-09-24	7.5	CVE-2015-4509 CONFIRM CONFIRM
mozilla -- firefox	Mozilla Firefox before 41.0 allows remote attackers to bypass certain ECMAScript 5 (aka ES5) API protection mechanisms and modify immutable properties, and consequently execute arbitrary JavaScript code with chrome privileges, via a crafted web page that does not use ES5 APIs.	2015-09-24	9.3	CVE-2015-4516 CONFIRM CONFIRM
mozilla -- firefox	NetworkUtils.cpp in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors.	2015-09-24	7.5	CVE-2015-4517 CONFIRM CONFIRM
mozilla -- firefox	The ConvertDialogOptions function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors.	2015-09-24	7.5	CVE-2015-4521 CONFIRM CONFIRM
mozilla -- firefox	The nsUnicodeToUTF8::GetMaxLength function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors, related to an "overflow."	2015-09-24	7.5	CVE-2015-4522 CONFIRM CONFIRM
mozilla -- firefox	The nsAttrAndChildArray::GrowBy function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors, related to an "overflow."	2015-09-24	7.5	CVE-2015-7174 CONFIRM CONFIRM
mozilla -- firefox	The XULContentSinkImpl::AddText function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors, related to an "overflow."	2015-09-24	7.5	CVE-2015-7175 CONFIRM CONFIRM
mozilla -- firefox	The AnimationThread function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 uses an incorrect argument to the sscanf function, which might allow remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via unknown vectors.	2015-09-24	7.5	CVE-2015-7176 CONFIRM CONFIRM
mozilla -- firefox	The InitTextures function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors.	2015-09-24	7.5	CVE-2015-7177 CONFIRM CONFIRM
mozilla -- firefox	The ProgramBinary::linkAttributes function in libGLES in ANGLE, as used in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 on Windows, mishandles shader access, which allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted (1) OpenGL or (2) WebGL content.	2015-09-24	7.5	CVE-2015-7178 CONFIRM CONFIRM
mozilla -- firefox	The VertexBufferInterface::reserveVertexSpace function in libGLES in ANGLE, as used in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 on Windows, incorrectly allocates memory for shader attribute arrays, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via crafted (1) OpenGL or (2) WebGL content.	2015-09-24	7.5	CVE-2015-7179 CONFIRM CONFIRM
mozilla -- firefox	The ReadbackResultWriterD3D11::Run function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 misinterprets the return value of a function call, which might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors.	2015-09-24	7.5	CVE-2015-7180 CONFIRM CONFIRM
philippine_long_distance_telephone -- kasda_kw58293_firmware	Buffer overflow in form2ping.cgi on Philippine Long Distance Telephone (PLDT) SpeedSurf 504AN devices with firmware GAN9.8U26-4-TX-R6B018-PH.EN and Kasda KW58293 devices allows remote attackers to cause a denial of service (device outage) via a long ipaddr parameter.	2015-09-21	7.8	CVE-2015-5993 CERT-VN
sap -- netweaver_j2ee_engine	SQL injection vulnerability in the BP_FIND_JOBS_WITH_PROGRAM function module in SAP NetWeaver J2EE Engine 7.40 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.	2015-09-18	7.5	CVE-2015-7239 MISC
securifi -- almond-2015_firmware	Securifi Almond devices with firmware before AL1-R201EXP10-L304-W34 and Almond-2015 devices with firmware before AL2-R088M have a default password of admin for the admin account, which allows remote attackers to obtain web-management access by leveraging the ability to authenticate from the intranet.	2015-09-21	7.3	CVE-2015-2915 CERT-VN
sqlite -- sqlite	Multiple unspecified vulnerabilities in SQLite before 3.8.10.2, as used in Apple iOS before 9, have unknown impact and attack vectors.	2015-09-18	10.0	CVE-2015-5895 CONFIRM APPLE
symantec -- web_gateway	The management console on Symantec Web Gateway (SWG) appliances with software before 5.2.2 DB 5.0.0.1277 allows remote authenticated users to bypass intended access restrictions and execute arbitrary commands by leveraging a "redirect."	2015-09-20	8.5	CVE-2015-5690 MISC CONFIRM BID
symantec -- web_gateway	admin_messages.php in the management console on Symantec Web Gateway (SWG) appliances with software before 5.2.2 DB 5.0.0.1277 allows remote authenticated users to execute arbitrary code by uploading a file with a safe extension and content type, and then leveraging an improper Sudo configuration to make this a setuid-root file.	2015-09-20	7.9	CVE-2015-5692 MISC CONFIRM BID
symantec -- web_gateway	The management console on Symantec Web Gateway (SWG) appliances with software before 5.2.2 DB 5.0.0.1277 allows remote authenticated users to execute arbitrary commands via vectors related to "traffic capture."	2015-09-20	7.9	CVE-2015-5693 MISC CONFIRM BID
symantec -- web_gateway	The management console on Symantec Web Gateway (SWG) appliances with software before 5.2.2 DB 5.0.0.1277 allows remote authenticated users to execute arbitrary commands at boot time via unspecified vectors.	2015-09-20	8.3	CVE-2015-6547 CONFIRM BID
vboxcomm -- satellite_express_protocol	The ndvbs module in VBox Communications Satellite Express Protocol 2.3.17.3 allows local users to write to arbitrary physical memory locations and gain privileges via a 0x00000ffd ioctl call.	2015-09-21	7.2	CVE-2015-6923 MISC EXPLOIT-DB BUGTRAQ FULLDISC

Medium Vulnerabilities

Primary Vendor -- Product	Description	Published	CVSS Score	Source & Patch Info
adobe -- air	Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 do not properly restrict the SWF file format, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks against JSONP endpoints, and obtain sensitive information, via a crafted OBJECT element with SWF content satisfying the character-set requirements of a callback API. NOTE: this issue exists because of an incomplete fix for CVE-2014-4671 and CVE-2014-5333.	2015-09-22	4.3	CVE-2015-5571 CONFIRM
adobe -- air	Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allow attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors.	2015-09-22	5.0	CVE-2015-5572 CONFIRM
adobe -- air	Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 do not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism via unspecified vectors.	2015-09-22	5.0	CVE-2015-5576 CONFIRM
adobe -- air	Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allow attackers to bypass the Same Origin Policy and obtain sensitive information via unspecified vectors.	2015-09-22	5.0	CVE-2015-6679 CONFIRM
apple -- iphone_os	The __sflush function in fflush.c in stdio in libc in FreeBSD 10.1 and the kernel in Apple iOS before 9 mishandles failures of the write system call, which allows context-dependent attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow) via a crafted application.	2015-09-18	6.9	CVE-2014-8611 FREEBSD CONFIRM CONFIRM APPLE
apple -- iphone_os	The document.cookie API implementation in the CFNetwork Cookies subsystem in WebKit in Apple iOS before 9 allows remote attackers to bypass an intended single-cookie restriction via unspecified vectors.	2015-09-18	5.0	CVE-2015-3801 CONFIRM APPLE
apple -- xcode	IDE Xcode Server in Apple Xcode before 7.0 does not properly restrict access to repository e-mail lists, which allows remote attackers to obtain potentially sensitive build information in opportunistic circumstances by leveraging incorrect notification delivery.	2015-09-18	5.0	CVE-2015-5909 APPLE CONFIRM
apple -- itunes	The Software Update component in Apple iTunes before 12.3 does not properly handle redirection, which allows man-in-the-middle attackers to discover encrypted SMB credentials via unspecified vectors.	2015-09-18	4.3	CVE-2015-5920 CONFIRM APPLE
atlassian -- hipchat	The HipChat for JIRA plugin before 6.30.0 for Atlassian JIRA allows remote authenticated users to execute arbitrary Java code via unspecified vectors, related to "Velocity Template Injection Vulnerability."	2015-09-21	6.5	CVE-2015-5603 CONFIRM BUGTRAQ MISC
bolt -- bolt	The theme editor in Bolt before 2.2.5 does not check the file extension when renaming files, which allows remote authenticated users to execute arbitrary code by renaming a crafted file and then directly accessing it.	2015-09-22	6.5	CVE-2015-7309 CONFIRM EXPLOIT-DB MISC FULLDISC MISC MISC
cisco -- prime_collaboration_assurance	The web framework in Cisco Prime Collaboration Assurance before 10.5.1.53684-1 allows remote authenticated users to bypass intended system-database read restrictions, and discover credentials or SNMP communities for arbitrary tenant domains, via a crafted URL, aka Bug ID CSCus62656.	2015-09-19	4.0	CVE-2015-4305 CISCO CISCO
cisco -- ios	Cisco IOS 15.2(3)E and earlier and IOS XE 3.6(2)E and earlier allow remote attackers to cause a denial of service (functionality loss) via crafted Cisco Discovery Protocol (CDP) packets, aka Bug ID CSCuu25770.	2015-09-18	6.1	CVE-2015-6294 CISCO
cisco -- nx-os	Cisco NX-OS 6.1(2)I3(4) and 7.0(3)I1(1) on Nexus 9000 (N9K) devices allows remote attackers to cause a denial of service (CPU consumption or control-plane instability) or trigger unintended traffic forwarding via a Layer 2 packet with a reserved VLAN number, aka Bug ID CSCuw13560.	2015-09-20	4.8	CVE-2015-6295 CISCO
cisco -- ios_xr	The DHCPv6 server in Cisco IOS on ASR 9000 devices with software 5.2.0 Base allows remote attackers to cause a denial of service (process reset) via crafted packets, aka Bug ID CSCun36525.	2015-09-18	5.0	CVE-2015-6297 CISCO
cisco -- unity_connection	SQL injection vulnerability in the web interface in Cisco Unity Connection 9.1(1.2) and earlier allows remote authenticated users to execute arbitrary SQL commands via a crafted POST request, aka Bug ID CSCuv63824.	2015-09-20	6.5	CVE-2015-6299 CISCO
cisco -- secure_access_control_server	Cisco Secure Access Control Server (ACS) Solution Engine 5.7(0.15) allows remote authenticated users to cause a denial of service (SSH screen process crash) via crafted (1) CLI or (2) GUI commands, aka Bug ID CSCuw24694.	2015-09-20	4.0	CVE-2015-6300 CISCO
cisco -- asr_9001	The DHCPv6 server in Cisco IOS on ASR 9000 devices with software 5.2.0 Base allows remote attackers to cause a denial of service (process reset) via crafted packets, aka Bug ID CSCun72171.	2015-09-20	5.0	CVE-2015-6301 CISCO
cisco -- spark	The Cisco Spark application 2015-07-04 for mobile operating systems does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate, aka Bug IDs CSCut36742 and CSCut36844.	2015-09-24	4.3	CVE-2015-6303 CISCO
cisco -- telepresence_server_software	Cross-site request forgery (CSRF) vulnerability in Cisco TelePresence Server software 3.0(2.24) allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCut63718, CSCut63724, and CSCut63760.	2015-09-24	6.8	CVE-2015-6304 CISCO
dena -- h20	Directory traversal vulnerability in H2O before 1.4.5 and 1.5.x before 1.5.0-beta2, when the file.dir directive is enabled, allows remote attackers to read arbitrary files via a crafted URL.	2015-09-20	4.3	CVE-2015-5638 CONFIRM JVNDB JVN
drupaldise -- cms_updater	The CMS Updater module 7.x-1.x before 7.x-1.3 for Drupal does not properly check access permissions, which allows remote authenticated users to access and change settings by leveraging the "access administration pages" permission.	2015-09-21	4.9	CVE-2015-7306 MISC CONFIRM
drupaldise -- cms_updater	Cross-site scripting (XSS) vulnerability in the CMS Updater module 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving the configuration page.	2015-09-21	4.3	CVE-2015-7307 MISC CONFIRM
f5 -- big-ip_advanced_firewall_manager	The FastL4 virtual server in F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, GTM, Link Controller, and PEM 11.3.0 through 11.5.2 and 11.6.0 through 11.6.0 HF4, BIG-IP Edge Gateway, WebAccelerator, and WOM 11.2.1 through 11.3.0, and BIG-IP PSM 11.2.1 through 11.4.1 allows remote attackers to cause a denial of service (Traffic Management Microkernel restart) via a fragmented packet.	2015-09-18	5.0	CVE-2015-4638 CONFIRM SECTRACK
ipython -- notebook	Cross-site scripting (XSS) vulnerability in the file browser in notebook/notebookapp.py in IPython Notebook before 3.2.2 and Jupyter Notebook 4.0.x before 4.0.5 allows remote attackers to inject arbitrary web script or HTML via a folder name. NOTE: this was originally reported as a cross-site request forgery (CSRF) vulnerability, but this may be inaccurate.	2015-09-21	4.3	CVE-2015-6938 CONFIRM CONFIRM CONFIRM CONFIRM MLIST MLIST FEDORA FEDORA
joomla -- joomla!	Cross-site scripting (XSS) vulnerability in the login module in Joomla! 3.4.x before 3.4.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.	2015-09-18	4.3	CVE-2015-6939 SECTRACK CONFIRM
mcafee -- mcafee_agent	Directory traversal vulnerability in the remote log viewing functionality in McAfee Agent (MA) 5.x before 5.0.2 allows remote attackers to obtain sensitive information via unspecified vectors.	2015-09-18	5.0	CVE-2015-7237 CONFIRM SECTRACK
mcafee -- enterprise_security_manager	McAfee Enterprise Security Manager (ESM), Enterprise Security Manager/Log Manager (ESMLM), and Enterprise Security Manager/Receiver (ESMREC) before 9.3.2MR18, 9.4.x before 9.4.2MR8, and 9.5.x before 9.5.0MR7 allow remote authenticated users to execute arbitrary OS commands via a crafted filename, which is not properly handled when downloading the file.	2015-09-22	6.5	CVE-2015-7310 CONFIRM
mozilla -- firefox	Mozilla Firefox before 41.0 on Android allows user-assisted remote attackers to spoof address-bar attributes by leveraging lack of navigation after a paste of a URL with a nonstandard scheme, as demonstrated by spoofing an SSL attribute.	2015-09-24	4.3	CVE-2015-4476 CONFIRM CONFIRM
mozilla -- firefox	js/src/proxy/Proxy.cpp in Mozilla Firefox before 41.0 mishandles certain receiver arguments, which allows remote attackers to bypass intended window access restrictions via a crafted web site.	2015-09-24	4.3	CVE-2015-4502 CONFIRM CONFIRM CONFIRM
mozilla -- firefox	The TCP Socket API implementation in Mozilla Firefox before 41.0 mishandles array boundaries that were established with a navigator.mozTCPSocket.open method call and send method calls, which allows remote TCP servers to obtain sensitive information from process memory by reading packet data, as demonstrated by availability of this API in a Firefox OS application.	2015-09-24	5.0	CVE-2015-4503 CONFIRM CONFIRM
mozilla -- firefox	The lut_inverse_interp16 function in the QCMS library in Mozilla Firefox before 41.0 allows remote attackers to obtain sensitive information or cause a denial of service (buffer over-read and application crash) via crafted attributes in the ICC 4 profile of an image.	2015-09-24	6.4	CVE-2015-4504 CONFIRM CONFIRM
mozilla -- firefox	updater.exe in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 on Windows allows local users to write to arbitrary files by conducting a junction attack and waiting for an update operation by the Mozilla Maintenance Service.	2015-09-24	6.6	CVE-2015-4505 CONFIRM CONFIRM
mozilla -- firefox	Buffer overflow in the vp9_init_context_buffers function in libvpx, as used in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3, allows remote attackers to execute arbitrary code via a crafted VP9 file.	2015-09-24	6.8	CVE-2015-4506 CONFIRM CONFIRM
mozilla -- firefox	The SavedStacks class in the JavaScript implementation in Mozilla Firefox before 41.0, when the Debugger API is enabled, allows remote attackers to cause a denial of service (getSlotRef assertion failure and application exit) or possibly execute arbitrary code via a crafted web site.	2015-09-24	5.1	CVE-2015-4507 CONFIRM CONFIRM
mozilla -- firefox	Race condition in the WorkerPrivate::NotifyFeatures function in Mozilla Firefox before 41.0 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and application crash) by leveraging improper interaction between shared workers and the IndexedDB implementation.	2015-09-24	6.8	CVE-2015-4510 CONFIRM CONFIRM
mozilla -- firefox	Heap-based buffer overflow in the nestegg_track_codec_data function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allows remote attackers to execute arbitrary code via a crafted header in a WebM video.	2015-09-24	6.8	CVE-2015-4511 CONFIRM CONFIRM
mozilla -- firefox	gfx/2d/DataSurfaceHelpers.cpp in Mozilla Firefox before 41.0 on Linux improperly attempts to use the Cairo library with 32-bit color-depth surface creation followed by 16-bit color-depth surface display, which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) by using a CANVAS element to trigger 2D rendering.	2015-09-24	6.4	CVE-2015-4512 CONFIRM CONFIRM
mozilla -- firefox	Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allow user-assisted remote attackers to bypass intended access restrictions and discover a redirect's target URL via crafted JavaScript code that executes after a drag-and-drop action of an image into a TEXTBOX element.	2015-09-24	4.3	CVE-2015-4519 CONFIRM CONFIRM
mozilla -- firefox	Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allow remote attackers to bypass CORS preflight protection mechanisms by leveraging (1) duplicate cache-key generation or (2) retrieval of a value from an incorrect HTTP Access-Control-* response header.	2015-09-24	6.4	CVE-2015-4520 CONFIRM CONFIRM CONFIRM
mozilla -- firefox	Mozilla Firefox before 41.0 does not properly restrict the availability of High Resolution Time API times, which allows remote attackers to track last-level cache access, and consequently obtain sensitive information, via crafted JavaScript code that makes performance.now calls.	2015-09-24	4.3	CVE-2015-7327 CONFIRM CONFIRM CONFIRM MISC
newphoria_corporation -- applican	The runtime engine in the Newphoria applican framework before 1.12.3 for Android and before 1.12.2 for iOS allows attackers to bypass a whitelist.xml URL whitelist protection mechanism and obtain API access via unspecified vectors.	2015-09-20	6.8	CVE-2015-5632 JVNDB JVN CONFIRM
newphoria_corporation -- auction_camera	The Newphoria Auction Camera application for iOS and before 1.2 for Android allows attackers to bypass a URL whitelist protection mechanism and obtain API access via unspecified vectors.	2015-09-20	6.8	CVE-2015-5633 JVNDB JVN CONFIRM
newphoria_corporation -- megaphone_music	The Newphoria MEGAPHONE MUSIC application before 1.1 for Android and before 1.1 for iOS allows attackers to bypass a URL whitelist protection mechanism and obtain API access via unspecified vectors.	2015-09-20	6.8	CVE-2015-5634 JVNDB JVN CONFIRM
newphoria_corporation -- koritore	The Newphoria Koritore application before 1.1 for Android and before 1.1 for iOS allows attackers to bypass a URL whitelist protection mechanism and obtain API access via unspecified vectors.	2015-09-20	6.8	CVE-2015-5635 JVNDB JVN CONFIRM
newphoria_corporation -- reversi	The Newphoria Reversi application before 1.0.3 for Android and before 1.2 for iOS allows attackers to bypass a URL whitelist protection mechanism and obtain API access via unspecified vectors.	2015-09-20	6.8	CVE-2015-5636 JVNDB JVN CONFIRM
newphoria_corporation -- 1.1	The Newphoria Photon application before 1.2 for Android allows attackers to bypass a URL whitelist protection mechanism and obtain API access via unspecified vectors.	2015-09-20	6.8	CVE-2015-5637 JVNDB JVN CONFIRM
ows -- scald	The Scald module 7.x-1.x before 7.x-1.5 for Drupal does not properly restrict access to fields, which allows remote attackers to obtain sensitive atom property information via vectors involving a "debug context."	2015-09-21	5.0	CVE-2015-7305 MISC CONFIRM
pentaho -- business_analytics	The GetResource servlet in Pentaho Business Analytics (BA) Suite 4.5.x, 4.8.x, and 5.0.x through 5.2.x and Pentaho Data Integration (PDI) Suite 4.3.x, 4.4.x, and 5.0.x through 5.2.x does not restrict access to files in the pentaho-solutions/system folder, which allows remote attackers to obtain passwords and other sensitive information via a file name in the resource parameter.	2015-09-22	5.0	CVE-2015-6940 CONFIRM BUGTRAQ MISC
philippine_long_distance_telephone -- kasda_kw58293_firmware	Cross-site request forgery (CSRF) vulnerability in form2WlanSetup.cgi on Philippine Long Distance Telephone (PLDT) SpeedSurf 504AN devices with firmware GAN9.8U26-4-TX-R6B018-PH.EN and Kasda KW58293 devices allows remote attackers to hijack the authentication of administrators for requests that perform setup operations, as demonstrated by modifying network settings.	2015-09-21	6.8	CVE-2015-5991 CERT-VN
philippine_long_distance_telephone -- kasda_kw58293_firmware	Cross-site scripting (XSS) vulnerability in form2WlanSetup.cgi on Philippine Long Distance Telephone (PLDT) SpeedSurf 504AN devices with firmware GAN9.8U26-4-TX-R6B018-PH.EN and Kasda KW58293 devices allows remote attackers to inject arbitrary web script or HTML via the ssid parameter.	2015-09-21	4.3	CVE-2015-5992 CERT-VN
redhat -- openshift	rubygem-openshift-origin-console in Red Hat OpenShift 2.2 allows remote authenticated users to execute arbitrary commands via a crafted request to the Broker.	2015-09-18	6.5	CVE-2015-5274 REDHAT
retrospect -- retrospect	Retrospect and Retrospect Client before 10.0.2.119 on Windows, before 12.0.2.116 on OS X, and before 10.0.2.104 on Linux improperly generate password hashes, which makes it easier for remote attackers to bypass authentication and obtain access to backup files by leveraging a collision.	2015-09-21	5.0	CVE-2015-2864 CERT-VN CONFIRM MISC
schneider_electric -- struxureware_building_expert_mpm	Schneider Electric StruxureWare Building Expert MPM before 2.15 does not use encryption for the client-server data stream, which allows remote attackers to discover credentials by sniffing the network.	2015-09-18	5.0	CVE-2015-3962 MISC CONFIRM
securifi -- almond-2015_firmware	Securifi Almond devices with firmware before AL1-R201EXP10-L304-W34 and Almond-2015 devices with firmware before AL2-R088M use a fixed source-port number in outbound DNS queries performed on behalf of any device, which makes it easier for remote attackers to spoof responses by using this number for the destination port, a different vulnerability than CVE-2015-7296.	2015-09-21	5.0	CVE-2015-2914 CERT-VN
securifi -- almond-2015_firmware	Cross-site request forgery (CSRF) vulnerability on Securifi Almond devices with firmware before AL1-R201EXP10-L304-W34 and Almond-2015 devices with firmware before AL2-R088M allows remote attackers to hijack the authentication of arbitrary users.	2015-09-21	6.8	CVE-2015-2916 CERT-VN
securifi -- almond-2015_firmware	Securifi Almond devices with firmware before AL1-R201EXP10-L304-W34 and Almond-2015 devices with firmware before AL2-R088M unintentionally omit the X-Frame-Options HTTP header, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site that contains a (1) FRAME, (2) IFRAME, or (3) OBJECT element.	2015-09-21	4.3	CVE-2015-2917 CERT-VN
securifi -- almond-2015_firmware	Securifi Almond devices with firmware before AL1-R201EXP10-L304-W34 and Almond-2015 devices with firmware before AL2-R088M use a linear algorithm for selecting the ID value in the header of a DNS query performed on behalf of the device itself, which makes it easier for remote attackers to spoof responses by including this ID value, as demonstrated by a response containing the address of the firmware update server, a different vulnerability than CVE-2015-2914.	2015-09-21	4.3	CVE-2015-7296 CERT-VN
sumome -- google_analyticator	Multiple cross-site scripting (XSS) vulnerabilities in the Google Analyticator plugin before 6.4.9.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) ga_adsense, (2) ga_admin_disable_DimentionIndex, (3) ga_downloads_prefix, (4) ga_downloads, or (5) ga_outbound_prefix parameter in the google-analyticator page to wp-admin/admin.php.	2015-09-21	4.3	CVE-2015-6238 CONFIRM MISC MISC
symantec -- endpoint_protection	Multiple untrusted search path vulnerabilities in the Manager component in Symantec Endpoint Protection (SEP) before 12.1.6 allow local users to gain privileges via a Trojan horse DLL in an unspecified directory.	2015-09-20	4.4	CVE-2014-9227 CONFIRM BID
symantec -- endpoint_protection	sysplant.sys in the Manager component in Symantec Endpoint Protection (SEP) before 12.1.6 allows local users to cause a denial of service (blocked system shutdown) by triggering an unspecified deadlock condition.	2015-09-20	4.9	CVE-2014-9228 CONFIRM BID
symantec -- endpoint_protection	Multiple SQL injection vulnerabilities in interface PHP scripts in the Manager component in Symantec Endpoint Protection (SEP) before 12.1.6 allow remote authenticated users to execute arbitrary SQL commands by leveraging the Limited Administrator role.	2015-09-20	6.5	CVE-2014-9229 CONFIRM BID
symantec -- deployment_solution	ghostexp.exe in Ghost Explorer Utility in Symantec Ghost Solutions Suite (GSS) before 3.0 HF2 12.0.0.8010 and Symantec Deployment Solution (DS) before 7.6 HF4 12.0.0.7045 performs improper sign-extend operations before array-element accesses, which allows remote attackers to execute arbitrary code, cause a denial of service (application crash), or possibly obtain sensitive information via a crafted Ghost image.	2015-09-20	6.8	CVE-2015-5689 MISC CONFIRM BID
symantec -- web_gateway	Multiple cross-site scripting (XSS) vulnerabilities in PHP scripts in the management console on Symantec Web Gateway (SWG) appliances with software before 5.2.2 DB 5.0.0.1277 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, as demonstrated an attack against admin_messages.php.	2015-09-20	4.3	CVE-2015-5691 MISC CONFIRM BID
symantec -- web_gateway	Multiple SQL injection vulnerabilities in a PHP script in the management console on Symantec Web Gateway (SWG) appliances with software before 5.2.2 DB 5.0.0.1277 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors.	2015-09-20	5.8	CVE-2015-6548 CONFIRM BID
vmware -- vcenter_server	VMware vCenter Server 5.5 before u3 and 6.0 before u1 does not verify X.509 certificates from TLS LDAP servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.	2015-09-18	5.8	CVE-2015-6932 CONFIRM
xiph -- vorbis-tools	Buffer overflow in the aiff_open function in oggenc/audio.c in vorbis-tools 1.4.0 and earlier allows remote attackers to cause a denial of service (crash) via a crafted AIFF file.	2015-09-21	4.3	CVE-2015-6749 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM MLIST MLIST FEDORA FEDORA

Low Vulnerabilities

Primary Vendor -- Product	Description	Published	CVSS Score	Source & Patch Info
apple -- iphone_os	CFNetwork in Apple iOS before 9 relies on the hardware UID for its cache encryption key, which makes it easier for physically proximate attackers to obtain sensitive information by obtaining this UID.	2015-09-18	2.1	CVE-2015-5898 CONFIRM APPLE
apple -- xcode	IDE Xcode Server in Apple Xcode before 7.0 does not ensure that server traffic is encrypted, which allows remote attackers to obtain sensitive information by sniffing the network.	2015-09-18	3.3	CVE-2015-5910 APPLE CONFIRM
drupaljedi -- amocrm	Cross-site scripting (XSS) vulnerability in the amoCRM module 7.x-1.x before 7.x-1.2 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified HTTP POST data.	2015-09-21	2.6	CVE-2015-7304 MISC CONFIRM
mcafee -- threat_intelligence_exchange	The Secondary server in Threat Intelligence Exchange (TIE) before 1.2.0 uses weak permissions for unspecified (1) configuration files and (2) installation logs, which allows local users to obtain sensitive information by reading the files.	2015-09-18	2.1	CVE-2015-7238 CONFIRM
mozilla -- firefox	Mozilla Firefox before 41.0, when reader mode is enabled, allows remote attackers to spoof the relationship between address-bar URLs and web content via a crafted web site.	2015-09-24	2.6	CVE-2015-4508 CONFIRM CONFIRM

This product is provided subject to this Notification and this Privacy & Use policy.

Google Releases Security Update for Chrome

Sat, 26 Sep 2015 01:36:49 +0000

Original release date: September 25, 2015

Google has released Chrome version 45.0.2454.101 to address multiple vulnerabilities for Windows, Mac, and Linux. Exploitation of one of these vulnerabilities may allow a remote attacker to obtain sensitive information from an affected system.

Users and administrators are encouraged to review the Chrome Releases page and apply the necessary update.

This product is provided subject to this Notification and this Privacy & Use policy.

Cisco Semiannual Security Advisory Bundle

Thu, 24 Sep 2015 19:33:04 +0000

Original release date: September 24, 2015

Cisco has released its semiannual IOS and IOS XE Software Security Advisory bundle to address multiple vulnerabilities. Exploitation of these vulnerabilities could allow a remote attacker to bypass user authentication or cause a denial-of-service condition.

US-CERT encourages users and administrators to review the Cisco Security Advisory and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

Mozilla Releases Security Updates for Firefox

Wed, 23 Sep 2015 00:05:26 +0000

Original release date: September 22, 2015

The Mozilla Foundation has released security updates to address critical vulnerabilities in Firefox and Firefox ESR. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system.

Available updates include:

Firefox 41
Firefox ESR 38.3

US-CERT encourages users and administrators to review the Security Advisories for Firefox and Firefox ESR and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

Adobe Releases Security Updates for Flash Player

Mon, 21 Sep 2015 16:22:12 +0000

Original release date: September 21, 2015

Adobe has released security updates to address multiple vulnerabilities in Flash Player for Windows, Macintosh, ChromeOS, and Linux. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system.

Users and administrators are encouraged to review Adobe Security Bulletin APSB15-23 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

SB15-264: Vulnerability Summary for the Week of September 14, 2015

Mon, 21 Sep 2015 10:23:18 +0000

Original release date: September 21, 2015

High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0
Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9
Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

High Vulnerabilities

Primary Vendor -- Product	Description	Published	CVSS Score	Source & Patch Info
advantech -- webaccess	Multiple stack-based buffer overflows in unspecified DLL files in Advantech WebAccess before 8.0.1 allow remote attackers to execute arbitrary code via unknown vectors.	2015-09-11	10.0	CVE-2014-9208 MISC
apple -- iphone_os	IOMobileFrameBuffer in Apple iOS before 9 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.	2015-09-18	7.2	CVE-2015-5843 CONFIRM APPLE
apple -- iphone_os	IOKit in the kernel in Apple iOS before 9 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2015-5845 and CVE-2015-5846.	2015-09-18	9.3	CVE-2015-5844 CONFIRM APPLE
apple -- iphone_os	IOKit in the kernel in Apple iOS before 9 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2015-5844 and CVE-2015-5846.	2015-09-18	9.3	CVE-2015-5845 CONFIRM APPLE
apple -- iphone_os	IOKit in the kernel in Apple iOS before 9 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2015-5844 and CVE-2015-5845.	2015-09-18	9.3	CVE-2015-5846 CONFIRM APPLE
apple -- iphone_os	The Disk Images component in Apple iOS before 9 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.	2015-09-18	7.2	CVE-2015-5847 CONFIRM APPLE
apple -- iphone_os	IOAcceleratorFamily in Apple iOS before 9 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.	2015-09-18	7.2	CVE-2015-5848 CONFIRM APPLE
apple -- iphone_os	IOHIDFamily in Apple iOS before 9 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.	2015-09-18	9.3	CVE-2015-5867 CONFIRM APPLE
apple -- iphone_os	The kernel in Apple iOS before 9 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5896 and CVE-2015-5903.	2015-09-18	7.2	CVE-2015-5868 CONFIRM APPLE
apple -- itunes	CoreText in Apple iOS before 9 and iTunes before 12.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file.	2015-09-18	7.5	CVE-2015-5874 APPLE CONFIRM CONFIRM APPLE
apple -- iphone_os	dyld in Dev Tools in Apple iOS before 9 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.	2015-09-18	9.3	CVE-2015-5876 CONFIRM APPLE
apple -- iphone_os	The processor_set_tasks API implementation in Apple iOS before 9 allows local users to bypass an entitlement protection mechanism and obtain access to the task ports of arbitrary processes by leveraging root privileges.	2015-09-18	7.2	CVE-2015-5882 CONFIRM APPLE
apple -- iphone_os	The kernel in Apple iOS before 9 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5868 and CVE-2015-5903.	2015-09-18	7.2	CVE-2015-5896 CONFIRM APPLE
apple -- iphone_os	libpthread in the kernel in Apple iOS before 9 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.	2015-09-18	7.2	CVE-2015-5899 CONFIRM APPLE
apple -- iphone_os	The kernel in Apple iOS before 9 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5868 and CVE-2015-5896.	2015-09-18	10.0	CVE-2015-5903 CONFIRM APPLE
asus -- tm-1900	Stack-based buffer overflow in the ASUS TM-AC1900 router allows remote attackers to execute arbitrary code via crafted HTTP header values.	2015-09-15	9.3	CVE-2015-6949 MISC
borland -- accurev	Multiple stack-based buffer overflows in the Reprise License Manager service in Borland AccuRev allow remote attackers to execute arbitrary code via the (1) akey or (2) actserver parameter to the the activate_doit function or (3) licfile parameter to the service_startup_doit functionality.	2015-09-15	9.3	CVE-2015-6946 MISC MISC MISC
checkmarx -- cxsast	Checkmarx CxSAST (formerly CxSuite) before 7.1.8 allows remote authenticated users to bypass the CxQL sandbox protection mechanism and execute arbitrary C# code by asserting the (1) System.Security.Permissions.PermissionState.Unrestricted or (2) System.Security.Permissions.SecurityPermissionFlag.AllFlags permission.	2015-09-16	9.0	CVE-2014-8778 BUGTRAQ FULLDISC MISC
ciphercoin -- wp_limit_login_attempts	Multiple SQL injection vulnerabilities in the getip function in wp-limit-login-attempts.php in the WP Limit Login Attempts plugin before 2.0.1 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) X-Forwarded-For or (2) Client-IP HTTP header.	2015-09-16	7.5	CVE-2015-6829 MISC CONFIRM CONFIRM MLIST MLIST
ibm -- websphere_portal	IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.0.x through 7.0.0.2 CF29, 8.0.x before 8.0.0.1 CF17, and 8.5.0 before CF06 allows remote attackers to cause a denial of service (CPU and memory consumption) via a crafted request.	2015-09-14	7.8	CVE-2015-1943 CONFIRM AIXAPAR
ibm -- http_server	Stack-based buffer overflow in the Administration Server in IBM HTTP Server 6.1.0.x through 6.1.0.47, 7.0.0.x before 7.0.0.39, 8.0.0.x before 8.0.0.12, and 8.5.x before 8.5.5.7, as used in WebSphere Application Server and other products, allows remote authenticated users to execute arbitrary code via unspecified vectors.	2015-09-15	9.0	CVE-2015-4947 CONFIRM AIXAPAR AIXAPAR
ibs_mappro_project -- ibs_mappro	Absolute path traversal vulnerability in lib/download.php in the IBS Mappro plugin before 1.0 for WordPress allows remote attackers to read arbitrary files via a full pathname in the file parameter.	2015-09-15	7.8	CVE-2015-5472 MISC CONFIRM MISC
impero -- impero_education_pro	Impero Education Pro before 5105 uses a hardcoded CBC key and initialization vector derived from a hash of the Imp3ro string, which makes it easier for remote attackers to obtain plaintext data by sniffing the network for ciphertext data.	2015-09-14	7.8	CVE-2015-5997 CERT-VN
impero -- impero_education_pro	Impero Education Pro before 5105 relies on the -1\|AUTHENTICATE\x02PASSWORD string for authentication, which allows remote attackers to execute arbitrary programs via an encrypted command.	2015-09-14	10.0	CVE-2015-5998 CERT-VN
mindbite -- sitefactory_cms	Absolute path traversal vulnerability in SiteFactory CMS 5.5.9 allows remote attackers to read arbitrary files via a full pathname in the file parameter to assets/download.aspx.	2015-09-11	7.8	CVE-2015-6914 MISC
montala -- resourcespace	SQL injection vulnerability in Montala Limited ResourceSpace 7.3.7009 and earlier allows remote attackers to execute arbitrary SQL commands via the "user" cookie to plugins/feedback/pages/feedback.php.	2015-09-11	7.5	CVE-2015-6915 MISC
moxa -- eds-405a_firmware	The administrative web interface on Moxa EDS-405A and EDS-408A switches with firmware before 3.6 allows remote authenticated users to bypass a read-only protection mechanism by using Firefox with a web-developer plugin.	2015-09-11	8.5	CVE-2015-6464 MISC CONFIRM
mozilla -- bugzilla	Util.pm in Bugzilla 2.x, 3.x, and 4.x before 4.2.15, 4.3.x and 4.4.x before 4.4.10, and 5.x before 5.0.1 mishandles long e-mail addresses during account registration, which allows remote attackers to obtain the default privileges for an arbitrary domain name by placing that name in a substring of an address, as demonstrated by truncation of an @mozilla.com.example.com address to an @mozilla.com address.	2015-09-13	7.5	CVE-2015-4499 BUGTRAQ BUGTRAQ CONFIRM
sis -- windows_vga_display_manager	Silicon Integrated Systems WindowsXP Display Manager (aka VGA Driver Manager and VGA Display Manager) 6.14.10.3930 allows local users to gain privileges via a crafted (1) 0x96002400 or (2) 0x96002404 IOCTL call.	2015-09-16	7.2	CVE-2015-5465 MISC EXPLOIT-DB BUGTRAQ FULLDISC MISC
sma_solar_technology_ag -- webbox_firmware	SMA Solar Sunny WebBox has hardcoded passwords, which makes it easier for remote attackers to obtain access via unspecified vectors.	2015-09-11	10.0	CVE-2015-3964 MISC
synology -- video_station	SQL injection vulnerability in Synology Video Station before 1.5-0757 allows remote attackers to execute arbitrary SQL commands via the id parameter to audiotrack.cgi.	2015-09-11	7.5	CVE-2015-6910 CONFIRM CONFIRM MISC BUGTRAQ FULLDISC MISC
synology -- video_station	SQL injection vulnerability in Synology Video Station before 1.5-0763 allows remote attackers to execute arbitrary SQL commands via the id parameter to watchstatus.cgi.	2015-09-11	7.5	CVE-2015-6911 CONFIRM MISC BUGTRAQ FULLDISC MISC
synology -- video_station	Synology Video Station before 1.5-0763 allows remote attackers to execute arbitrary shell commands via shell metacharacters in the subtitle_codepage parameter to subtitle.cgi.	2015-09-11	10.0	CVE-2015-6912 CONFIRM MISC BUGTRAQ FULLDISC MISC
teiko -- farol	SQL injection vulnerability in the web application in Farol allows remote attackers to execute arbitrary SQL commands via the email parameter to tkmonitor/estrutura/login/Login.actions.php.	2015-09-17	7.5	CVE-2015-6962 EXPLOIT-DB
unit4 -- teta_web	Unit4 Polska TETA Web (formerly TETA Galactica) 22.62.3.4 does not properly restrict access to the (1) Design Mode and (2) Debug Logger mode modules, which allows remote attackers to gain privileges via crafted "received parameters."	2015-09-16	7.5	CVE-2015-1173 FULLDISC MISC
yahoo -- messenger	Multiple stack-based buffer overflows in Yahoo! Messenger 11.5.0.228 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the (1) shortcut or (2) title keys in an emoticons.xml file.	2015-09-11	9.3	CVE-2014-7216 MISC MISC BUGTRAQ MISC

Medium Vulnerabilities

Primary Vendor -- Product	Description	Published	CVSS Score	Source & Patch Info
administration_views_project -- administration_views	The Administration Views module 7.x-1.x before 7.x-1.5 for Drupal checks access permissions based on the router path from the view instead of the display property, which allows remote attackers to obtain sensitive information via vectors related to the access handler.	2015-09-17	5.0	CVE-2015-7226 MISC CONFIRM CONFIRM
apple -- iphone_os	The user interface in Safari in Apple iOS before 9 allows remote attackers to spoof URLs via unspecified vectors, a different vulnerability than CVE-2015-5765 and CVE-2015-5767.	2015-09-18	4.3	CVE-2015-5764 CONFIRM APPLE
apple -- iphone_os	The user interface in Safari in Apple iOS before 9 allows remote attackers to spoof URLs via unspecified vectors, a different vulnerability than CVE-2015-5764 and CVE-2015-5767.	2015-09-18	4.3	CVE-2015-5765 CONFIRM APPLE
apple -- iphone_os	The user interface in Safari in Apple iOS before 9 allows remote attackers to spoof URLs via unspecified vectors, a different vulnerability than CVE-2015-5764 and CVE-2015-5765.	2015-09-18	4.3	CVE-2015-5767 CONFIRM APPLE
apple -- iphone_os	The WebKit Canvas implementation in Apple iOS before 9 allows remote attackers to bypass the Same Origin Policy and obtain sensitive image information via vectors involving a CANVAS element.	2015-09-18	4.3	CVE-2015-5788 CONFIRM APPLE
apple -- itunes	WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.	2015-09-18	6.8	CVE-2015-5789 CONFIRM CONFIRM APPLE APPLE
apple -- itunes	WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.	2015-09-18	6.8	CVE-2015-5790 CONFIRM CONFIRM APPLE APPLE
apple -- itunes	WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.	2015-09-18	6.8	CVE-2015-5791 CONFIRM CONFIRM APPLE APPLE
apple -- itunes	WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.	2015-09-18	6.8	CVE-2015-5792 CONFIRM CONFIRM APPLE APPLE
apple -- itunes	WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.	2015-09-18	6.8	CVE-2015-5793 CONFIRM CONFIRM APPLE APPLE
apple -- itunes	WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.	2015-09-18	6.8	CVE-2015-5794 CONFIRM CONFIRM APPLE APPLE
apple -- itunes	WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.	2015-09-18	6.8	CVE-2015-5795 CONFIRM CONFIRM APPLE APPLE
apple -- itunes	WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.	2015-09-18	6.8	CVE-2015-5796 CONFIRM CONFIRM APPLE APPLE
apple -- itunes	WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.	2015-09-18	6.8	CVE-2015-5797 CONFIRM CONFIRM APPLE APPLE
apple -- itunes	WebKit, as used in Apple iTunes before 12.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-3.	2015-09-18	6.8	CVE-2015-5798 CONFIRM APPLE
apple -- itunes	WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.	2015-09-18	6.8	CVE-2015-5799 CONFIRM CONFIRM APPLE APPLE
apple -- itunes	WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.	2015-09-18	6.8	CVE-2015-5800 CONFIRM CONFIRM APPLE APPLE
apple -- itunes	WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.	2015-09-18	6.8	CVE-2015-5801 CONFIRM CONFIRM APPLE APPLE
apple -- itunes	WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.	2015-09-18	6.8	CVE-2015-5802 CONFIRM CONFIRM APPLE APPLE
apple -- itunes	WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.	2015-09-18	6.8	CVE-2015-5803 CONFIRM CONFIRM APPLE APPLE
apple -- itunes	WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.	2015-09-18	6.8	CVE-2015-5804 CONFIRM CONFIRM APPLE APPLE
apple -- itunes	WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.	2015-09-18	6.8	CVE-2015-5805 CONFIRM CONFIRM APPLE APPLE
apple -- itunes	WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.	2015-09-18	6.8	CVE-2015-5806 CONFIRM CONFIRM APPLE APPLE
apple -- itunes	WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.	2015-09-18	6.8	CVE-2015-5807 CONFIRM CONFIRM APPLE APPLE
apple -- itunes	WebKit, as used in Apple iTunes before 12.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-3.	2015-09-18	6.8	CVE-2015-5808 CONFIRM APPLE
apple -- itunes	WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.	2015-09-18	6.8	CVE-2015-5809 CONFIRM CONFIRM APPLE APPLE
apple -- itunes	WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.	2015-09-18	6.8	CVE-2015-5810 CONFIRM CONFIRM APPLE APPLE
apple -- itunes	WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.	2015-09-18	6.8	CVE-2015-5811 CONFIRM CONFIRM APPLE APPLE
apple -- itunes	WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.	2015-09-18	6.8	CVE-2015-5812 CONFIRM CONFIRM APPLE APPLE
apple -- itunes	WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.	2015-09-18	6.8	CVE-2015-5813 CONFIRM CONFIRM APPLE APPLE
apple -- itunes	WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.	2015-09-18	6.8	CVE-2015-5814 CONFIRM CONFIRM APPLE APPLE
apple -- itunes	WebKit, as used in Apple iTunes before 12.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-3.	2015-09-18	6.8	CVE-2015-5815 CONFIRM APPLE
apple -- itunes	WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.	2015-09-18	6.8	CVE-2015-5816 CONFIRM CONFIRM APPLE APPLE
apple -- itunes	WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.	2015-09-18	6.8	CVE-2015-5817 CONFIRM CONFIRM APPLE APPLE
apple -- itunes	WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.	2015-09-18	6.8	CVE-2015-5818 CONFIRM CONFIRM APPLE APPLE
apple -- itunes	WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.	2015-09-18	6.8	CVE-2015-5819 CONFIRM CONFIRM APPLE APPLE
apple -- iphone_os	WebKit in Apple iOS before 9 allows remote attackers to trigger a dialing action via a crafted (1) tel://, (2) facetime://, or (3) facetime-audio:// URL.	2015-09-18	4.3	CVE-2015-5820 CONFIRM APPLE
apple -- itunes	WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.	2015-09-18	6.8	CVE-2015-5821 CONFIRM CONFIRM APPLE APPLE
apple -- itunes	WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.	2015-09-18	6.8	CVE-2015-5822 CONFIRM CONFIRM APPLE APPLE
apple -- itunes	WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.	2015-09-18	6.8	CVE-2015-5823 CONFIRM CONFIRM APPLE APPLE
apple -- iphone_os	The NSURL implementation in the CFNetwork SSL component in Apple iOS before 9 does not properly verify X.509 certificates from SSL servers after a certificate change, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.	2015-09-18	4.3	CVE-2015-5824 CONFIRM APPLE
apple -- iphone_os	WebKit in Apple iOS before 9 does not properly restrict the availability of Performance API times, which allows remote attackers to obtain sensitive information about the browser history, mouse movement, or network traffic via crafted JavaScript code.	2015-09-18	4.3	CVE-2015-5825 CONFIRM APPLE
apple -- iphone_os	WebKit in Apple iOS before 9 does not properly select the cases in which a Cascading Style Sheets (CSS) document is required to have the text/css content type, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.	2015-09-18	4.3	CVE-2015-5826 CONFIRM APPLE
apple -- iphone_os	WebKit in Apple iOS before 9 allows remote attackers to bypass the Same Origin Policy and obtain an object reference via vectors involving a (1) custom event, (2) message event, or (3) pop state event.	2015-09-18	5.0	CVE-2015-5827 CONFIRM APPLE
apple -- iphone_os	Data Detectors Engine in Apple iOS before 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted text file.	2015-09-18	6.8	CVE-2015-5829 CONFIRM APPLE
apple -- iphone_os	NetworkExtension in the kernel in Apple iOS before 9 does not properly initialize an unspecified data structure, which allows attackers to obtain sensitive memory-layout information via a crafted app.	2015-09-18	5.0	CVE-2015-5831 CONFIRM APPLE
apple -- iphone_os	IOAcceleratorFamily in Apple iOS before 9 allows attackers to obtain sensitive kernel memory-layout information via a crafted app.	2015-09-18	4.3	CVE-2015-5834 CONFIRM APPLE
apple -- iphone_os	Apple iOS before 9 allows attackers to obtain sensitive information about inter-app communication via a crafted app that conducts an interception attack involving an unspecified URL scheme.	2015-09-18	4.3	CVE-2015-5835 CONFIRM APPLE
apple -- iphone_os	PluginKit in Apple iOS before 9 allows attackers to bypass an intended app-trust requirement and install arbitrary extensions via a crafted enterprise app.	2015-09-18	4.3	CVE-2015-5837 CONFIRM APPLE
apple -- iphone_os	SpringBoard in Apple iOS before 9 does not properly restrict access to privileged API calls, which allows attackers to spoof the dialog windows of an arbitrary app via a crafted app.	2015-09-18	4.3	CVE-2015-5838 CONFIRM APPLE
apple -- iphone_os	dyld in Apple iOS before 9 allows attackers to bypass a code-signing protection mechanism via an app that places a crafted signature in an executable file.	2015-09-18	5.0	CVE-2015-5839 CONFIRM APPLE
apple -- iphone_os	The checkint division routines in removefile in Apple iOS before 9 allow attackers to cause a denial of service (overflow fault and app crash) via crafted data.	2015-09-18	5.0	CVE-2015-5840 CONFIRM APPLE
apple -- iphone_os	The CFNetwork Proxies component in Apple iOS before 9 does not properly handle a Set-Cookie header within a response to an HTTP CONNECT request, which allows remote proxy servers to conduct cookie-injection attacks via a crafted response.	2015-09-18	5.0	CVE-2015-5841 CONFIRM APPLE
apple -- iphone_os	Apple iOS before 9 allows attackers to discover the e-mail address of a player via a crafted Game Center app.	2015-09-18	4.3	CVE-2015-5855 CONFIRM APPLE
apple -- iphone_os	The Application Store component in Apple iOS before 9 allows remote attackers to cause a denial of service to an enterprise-signed app via a crafted ITMS URL.	2015-09-18	4.3	CVE-2015-5856 CONFIRM APPLE
apple -- iphone_os	Mail in Apple iOS before 9 allows remote attackers to use an address-book contact as a spoofed e-mail sender address via unspecified vectors.	2015-09-18	5.0	CVE-2015-5857 CONFIRM APPLE
apple -- iphone_os	The CFNetwork HTTPProtocol component in Apple iOS before 9 allows remote attackers to bypass the HSTS protection mechanism, and consequently obtain sensitive information, via a crafted URL.	2015-09-18	5.0	CVE-2015-5858 CONFIRM APPLE
apple -- iphone_os	The CFNetwork HTTPProtocol component in Apple iOS before 9 mishandles HSTS state, which allows remote attackers to bypass the Safari private-browsing protection mechanism and track users via a crafted web site.	2015-09-18	5.0	CVE-2015-5860 CONFIRM APPLE
apple -- iphone_os	The Audio component in Apple iOS before 9 allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted audio file.	2015-09-18	4.3	CVE-2015-5862 CONFIRM APPLE
apple -- iphone_os	XNU in the kernel in Apple iOS before 9 does not properly validate the headers of TCP packets, which allows remote attackers to bypass the sequence-number protection mechanism and cause a denial of service (TCP connection disruption) via a crafted header.	2015-09-18	5.0	CVE-2015-5879 CONFIRM APPLE
apple -- iphone_os	CoreAnimation in Apple iOS before 9 allows attackers to bypass intended IOSurface restrictions and obtain screen-framebuffer access via a crafted background app.	2015-09-18	4.3	CVE-2015-5880 CONFIRM APPLE
apple -- iphone_os	The CFNetwork Cookies component in Apple iOS before 9 allows remote attackers to track users via vectors involving a cookie for a top-level domain.	2015-09-18	5.0	CVE-2015-5885 CONFIRM APPLE
apple -- iphone_os	Safari in Apple iOS before 9 allows remote attackers to spoof the relationship between URLs and web content via a crafted web site.	2015-09-18	4.3	CVE-2015-5904 CONFIRM APPLE
apple -- iphone_os	Safari in Apple iOS before 9 allows remote attackers to spoof the relationship between URLs and web content via a crafted window opener on a web site.	2015-09-18	5.0	CVE-2015-5905 CONFIRM APPLE
apple -- iphone_os	The HTML form implementation in WebKit in Apple iOS before 9 does not prevent QuickType access to the final character of a password, which might make it easier for remote attackers to discover a password by leveraging a later prediction containing that character.	2015-09-18	5.0	CVE-2015-5906 CONFIRM APPLE
apple -- iphone_os	The CFNetwork FTPProtocol component in Apple iOS before 9 allows remote FTP proxy servers to trigger TCP connection attempts to intranet hosts via crafted responses.	2015-09-18	5.0	CVE-2015-5912 CONFIRM APPLE
apple -- iphone_os	The Apple Pay component in Apple iOS before 9 allows remote terminals to obtain sensitive recent-transaction information during payments by leveraging the transaction-log feature.	2015-09-18	4.3	CVE-2015-5916 CONFIRM APPLE
apple -- iphone_os	WebKit in Apple iOS before 9 mishandles "Content-Disposition: attachment" HTTP headers, which might allow man-in-the-middle attackers to obtain sensitive information via unspecified vectors.	2015-09-18	4.3	CVE-2015-5921 CONFIRM APPLE
auto-exchanger -- auto-exchanger	Cross-site request forgery (CSRF) vulnerability in Auto-Exchanger 5.1.0 allows remote attackers to hijack the authentication of users for requests that change a password via a request to signup.php.	2015-09-11	6.8	CVE-2015-6827 EXPLOIT-DB
canon -- pixma_mg7500_series_inkjet_printer	Cross-site request forgery (CSRF) vulnerability in the Remote UI on Canon PIXMA MG7500 printers allows remote attackers to hijack the authentication of administrators.	2015-09-11	6.8	CVE-2015-5631 CONFIRM JVNDB JVN
cisco -- email_security_appliance	Format string vulnerability in Cisco Email Security Appliance (ESA) 7.6.0 and 8.0.0 allows remote attackers to cause a denial of service (memory overwrite or service outage) via format string specifiers in an HTTP request, aka Bug ID CSCug21497.	2015-09-13	6.4	CVE-2015-6285 CISCO
cisco -- application_visibility_and_control	Cisco Application Visibility and Control (AVC) 15.3(3)JA, when FlexConnect is enabled, allows remote attackers to cause a denial of service (access-point outage) via a crafted UDP packet, aka Bug ID CSCuu47016.	2015-09-13	5.7	CVE-2015-6286 CISCO
cisco -- web_security_virtual_appliance	Cisco Web Security Appliance (WSA) 8.0.6-078 and 8.0.6-115 allows remote attackers to cause a denial of service (service outage) via a flood of TCP traffic that leads to DNS resolution delays, aka Bug IDs CSCur32005 and CSCur07907.	2015-09-13	5.0	CVE-2015-6287 CISCO
cisco -- content_security_management_appliance	Cisco Content Security Management Appliance (SMA) 7.8.0-000 does not properly validate credentials, which allows remote attackers to cause a denial of service (rapid log-file rollover and application fault) via crafted HTTP requests, aka Bug ID CSCuw09620.	2015-09-13	5.0	CVE-2015-6288 CISCO
cisco -- web_security_virtual_appliance	Cisco Web Security Appliance (WSA) 8.0.7 allows remote HTTP servers to cause a denial of service (memory consumption from stale TCP connections) via crafted responses, aka Bug ID CSCuw10426.	2015-09-13	4.3	CVE-2015-6290 CISCO
corel -- wordperfect	Heap-based buffer overflow in the Microsoft Word document conversion feature in Corel WordPerfect allows remote attackers to execute arbitrary code via a crafted document.	2015-09-15	6.8	CVE-2015-6948 MISC
creative-solutions -- contact_form_generator	Multiple cross-site request forgery (CSRF) vulnerabilities in the Contact Form Generator plugin 2.0.1 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) create a field, (2) update a field, (3) delete a field, (4) create a form, (5) update a form, (6) delete a form, (7) create a template, (8) update a template, (9) delete a template, or (10) conduct cross-site scripting (XSS) attacks via a crafted request to the cfg_forms page in wp-admin/admin.php.	2015-09-16	6.8	CVE-2015-6965 EXPLOIT-DB MISC MISC
freetype -- freetype	The parse_encoding function in type1/t1load.c in FreeType before 2.5.3 allows remote attackers to cause a denial of service (infinite loop) via a "broken number-with-base" in a Postscript stream, as demonstrated by 8#garbage.	2015-09-14	5.0	CVE-2014-9745 CONFIRM CONFIRM UBUNTU CONFIRM CONFIRM
googlesearch_project -- googlesearch	Cross-site scripting (XSS) vulnerability in the googleSearch (CSE) (com_googlesearch_cse) component 3.0.2 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the q parameter to index.php.	2015-09-11	4.3	CVE-2015-6919 MISC
hp -- arcsight_logger	HP ArcSight Logger before 6.0 P2 allows remote authenticated users to bypass the intended authorization policy via unspecified vectors.	2015-09-16	4.0	CVE-2015-2136 HP
hp -- loadrunner	Unspecified vulnerability in HP LoadRunner Controller before 12.50 allows local users to gain privileges via unknown vectors, aka ZDI-CAN-2756.	2015-09-15	4.6	CVE-2015-5426 HP
hp -- universal_configuration_management_database	HP UCMDB 10.00 and 10.01 before 10.01CUP12, 10.10 and 10.11 before 10.11CUP6, and 10.2x before 10.21 allows local users to obtain sensitive information via unspecified vectors.	2015-09-16	4.9	CVE-2015-5440 HP
ibm -- websphere_mq	IBM WebSphere MQ 7.0.1 before 7.0.1.13 allows remote attackers to cause a denial of service (channel-agent abend and process outage) via a crafted selection string in an MQI call.	2015-09-13	5.0	CVE-2015-2013 CONFIRM AIXAPAR
ibm -- websphere_commerce	Unspecified vulnerability in IBM WebSphere Commerce 7.0.0.6 through 7.0.0.9 allows remote authenticated users to obtain sensitive personal information via unknown vectors.	2015-09-14	4.0	CVE-2015-4980 CONFIRM AIXAPAR
igniterealtime -- openfire	Multiple cross-site scripting (XSS) vulnerabilities in Ignite Realtime Openfire 3.10.2 allow remote attackers to inject arbitrary web script or HTML via the (1) groupchatName parameter to plugins/clientcontrol/create-bookmark.jsp; the (2) urlName parameter to plugins/clientcontrol/create-bookmark.jsp; the (3) hostname parameter to server-session-details.jsp; or the (4) search parameter to group-summary.jsp.	2015-09-16	4.3	CVE-2015-6972 EXPLOIT-DB MISC MISC
igniterealtime -- openfire	Multiple cross-site request forgery (CSRF) vulnerabilities in Ignite Realtime Openfire 3.10.2 allow remote attackers to hijack the authentication of administrators for requests that (1) change a password via a crafted request to user-password.jsp, (2) add users via a crafted request to user-create.jsp, (3) edit server setting or (4) disable SSL on the server via a crafted request to server-props.jsp, or (5) add clients via a crafted request to plugins/clientcontrol/permitted-clients.jsp.	2015-09-16	6.8	CVE-2015-6973 EXPLOIT-DB BUGTRAQ MISC
jsp/mysql_administrador_web_project -- jsp/mysql_administrador_web	Cross-site request forgery (CSRF) vulnerability in JSP/MySQL Administrador Web 1 allows remote attackers to hijack the authentication of users for requests that execute arbitrary SQL commands via the cmd parameter to sys/sys/listaBD2.jsp.	2015-09-15	6.8	CVE-2015-6944 BUGTRAQ MISC MISC
jsp/mysql_administrador_web_project -- jsp/mysql_administrador_web	Cross-site scripting (XSS) vulnerability in JSP/MySQL Administrador Web 1 allows remote attackers to inject arbitrary web script or HTML via the bd parameter to sys/sys/listaBD2.jsp.	2015-09-15	4.3	CVE-2015-6945 BUGTRAQ MISC MISC
moxa -- eds-405a_firmware	The GoAhead web server on Moxa EDS-405A and EDS-408A switches with firmware before 3.6 allows remote authenticated users to cause a denial of service (reboot) via a crafted URL.	2015-09-11	6.8	CVE-2015-6465 MISC CONFIRM
moxa -- eds-405a_firmware	Cross-site scripting (XSS) vulnerability in the Diagnosis Ping feature in the administrative web interface on Moxa EDS-405A and EDS-408A switches with firmware before 3.6 allows remote attackers to inject arbitrary web script or HTML via an unspecified field.	2015-09-11	4.3	CVE-2015-6466 MISC CONFIRM
nibbleblog -- nibbleblog	Multiple cross-site request forgery (CSRF) vulnerabilities in Nibbleblog before 4.0.5 allow remote attackers to hijack the authentication of administrators for requests that (1) create a post via a new_simple action to admin.php or (2) conduct cross-site scripting (XSS) attacks via the content parameter in a new_simple action to admin.php.	2015-09-16	6.8	CVE-2015-6966 CONFIRM FULLDISC MISC
nibbleblog -- nibbleblog	Unrestricted file upload vulnerability in the My Image plugin in Nibbleblog before 4.0.5 allows remote administrators to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in content/private/plugins/my_image/image.php.	2015-09-16	6.5	CVE-2015-6967 FULLDISC MISC CONFIRM MISC
nokia -- @vantage_commander	Multiple cross-site scripting (XSS) vulnerabilities in Nokia Networks (formerly Nokia Solutions and Networks and Nokia Siemens Networks) @vantage Commander allow remote attackers to inject arbitrary web script or HTML via the (1) idFilter or (2) nameFilter parameter to cftraces/filter/fl_copy.jsp; the (3) flName parameter to cftraces/filter/fl_crea1.jsp; the (4) serchStatus, (5) refreshTime, or (6) serchNode parameter to cftraces/process/pr_show_process.jsp; the (7) MaxActivationTime, (8) NumberOfBytes, (9) NumberOfTracefiles, (10) SessionName, or (11) serchSessionkind parameter to cftraces/session/se_crea.jsp; the (12) serchSessionDescription parameter to cftraces/session/se_show.jsp; the (13) serchApplication or (14) serchApplicationkind parameter to cftraces/session/tr_crea_filter.jsp; the (15) columKeyUnique, (16) columParameter, (17) componentName, (18) criteria1, (19) criteria2, (20) criteria3, (21) description, (22) filter, (23) id, (24) pathName, (25) tableName, or (26) component parameter to cftraces/session/tr_create_tagg_para.jsp; or the (27) userid parameter to home/certificate_association.jsp.	2015-09-16	4.3	CVE-2015-6929 MISC FULLDISC MISC
ntt-bp -- japan_connected-free_wi-fi	The NTT Broadband Platform Japan Connected-free Wi-Fi application 1.6.0 and earlier for Android and 1.0.2 and earlier for iOS allows attackers to bypass a URL whitelist protection mechanism via unspecified vectors.	2015-09-11	6.8	CVE-2015-5629 MISC MISC JVNDB JVN
ntt-bp -- japan_connected-free_wi-fi	Cross-site scripting (XSS) vulnerability in the NTT Broadband Platform Japan Connected-free Wi-Fi application 1.6.0 and earlier for Android and 1.0.2 and earlier for iOS allows remote attackers to inject arbitrary web script or HTML via a crafted SSID.	2015-09-11	4.3	CVE-2015-5630 MISC MISC JVNDB JVN
openldap -- openldap	The ber_get_next function in libraries/liblber/io.c in OpenLDAP 2.4.42 and earlier allows remote attackers to cause a denial of service (reachable assertion and application crash) via crafted BER data, as demonstrated by an attack against slapd.	2015-09-11	5.0	CVE-2015-6908 CONFIRM CONFIRM
phpmyadmin -- phpmyadmin	libraries/plugins/auth/AuthenticationCookie.class.php in phpMyAdmin 4.3.x before 4.3.13.2 and 4.4.x before 4.4.14.1 allows remote attackers to bypass a multiple-reCaptcha protection mechanism against brute-force credential guessing by providing a correct response to a single reCaptcha.	2015-09-13	5.0	CVE-2015-6830 CONFIRM CONFIRM
qlik -- qlikview	XML external entity (XXE) vulnerability in QlikTech Qlikview before 11.20 SR12 allows remote attackers to conduct server-side request forgery (SSRF) attacks and read arbitrary files via crafted XML data in a request to AccessPoint.aspx.	2015-09-16	6.4	CVE-2015-3623 EXPLOIT-DB BUGTRAQ MISC
s9y -- serendipity	SQL injection vulnerability in the serendipity_checkCommentToken function in include/functions_comments.inc.php in Serendipity before 2.0.2, when "Use Tokens for Comment Moderation" enabled, allows remote administrators to execute arbitrary SQL commands via the serendipity[id] parameter to serendipity_admin.php.	2015-09-15	6.0	CVE-2015-6943 NVD CONFIRM FULLDISC MISC MISC
s9y -- serendipity	Multiple incomplete blacklist vulnerabilities in the serendipity_isActiveFile function in include/functions_images.inc.php in Serendipity before 2.0.2 allow remote authenticated users to execute arbitrary PHP code by uploading a file with a (1) .pht or (2) .phtml extension.	2015-09-16	6.5	CVE-2015-6968 FULLDISC CONFIRM MISC MISC
s9y -- serendipity	Cross-site scripting (XSS) vulnerability in js/2k11.min.js in the 2k11 theme in Serendipity before 2.0.2 allows remote attackers to inject arbitrary web script or HTML via a user name in a comment, which is not properly handled in a Reply link.	2015-09-16	4.3	CVE-2015-6969 FULLDISC CONFIRM MISC MISC
securemoz -- securemoz_security_audit	The tweet_info function in class/__functions.php in the SecureMoz Security Audit plugin 1.0.5 and earlier for WordPress does not use an HTTPS session for downloading serialized data, which allows man-in-the-middle attackers to conduct PHP object injection attacks and execute arbitrary PHP code by modifying the client-server data stream. NOTE: some of these details are obtained from third party information.	2015-09-16	6.8	CVE-2015-6828 MISC MLIST MLIST
siemens -- ruggedcom_rugged_operating_system	Siemens RUGGEDCOM ROS 3.8.0 through 4.1.x permanently enables the IP forwarding feature, which allows remote attackers to bypass a VLAN isolation protection mechanism via IP traffic.	2015-09-11	4.3	CVE-2015-6675 MISC CONFIRM
sourceafrica_project -- sourceafrica	Cross-site scripting (XSS) vulnerability in js/window.php in the sourceAFRICA plugin 0.1.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the wpbase parameter.	2015-09-11	4.3	CVE-2015-6920 MISC MISC
sprymedia -- datatables	Cross-site scripting (XSS) vulnerability in the DataTables plugin 1.10.8 and earlier for jQuery allows remote attackers to inject arbitrary web script or HTML via the scripts parameter to media/unit_testing/templates/6776.php.	2015-09-11	4.3	CVE-2015-6584 MISC BUGTRAQ
structured_dynamics -- open_semantic_framework	Cross-site request forgery (CSRF) vulnerability in the OSF module 7.x-3.x before 7.x-3.1 for Drupal, when the OSF Import module is enabled, allows remote attackers to hijack the authentication of administrators for requests that create new OSF datasets via unspecified vectors.	2015-09-17	5.1	CVE-2015-7233 MISC CONFIRM
structured_dynamics -- open_semantic_framework	The OSF module 7.x-3.x before 7.x-3.1 for Drupal, when the OSF Ontology and OSF Import modules are enabled, allows user-assisted remote attackers to delete arbitrary files via unspecified vectors.	2015-09-17	4.0	CVE-2015-7234 MISC CONFIRM CONFIRM
synology -- download_station	Cross-site scripting (XSS) vulnerability in the "Create download task via file upload" feature in Synology Download Station before 3.5-2962 allows remote attackers to inject arbitrary web script or HTML via the name element in the Info dictionary in a torrent file.	2015-09-11	4.3	CVE-2015-6909 CONFIRM CONFIRM MISC BUGTRAQ FULLDISC MISC
synology -- download_station	Cross-site scripting (XSS) vulnerability in the "Create download task via URL" feature in Synology Download Station before 3.5-2967 allows remote attackers to inject arbitrary web script or HTML via the urls parameter in an add_url_task action to dlm/downloadman.cgi.	2015-09-11	4.3	CVE-2015-6913 CONFIRM MISC BUGTRAQ FULLDISC MISC

Low Vulnerabilities

Primary Vendor -- Product	Description	Published	CVSS Score	Source & Patch Info
apple -- iphone_os	The iTunes Store component in Apple iOS before 9 does not properly delete AppleID credentials from the keychain upon a signout action, which might allow physically proximate attackers to obtain sensitive information via unspecified vectors.	2015-09-18	2.1	CVE-2015-5832 CONFIRM APPLE
apple -- iphone_os	XNU in the kernel in Apple iOS before 9 does not properly initialize an unspecified data structure, which allows local users to obtain sensitive memory-layout information via unknown vectors.	2015-09-18	2.1	CVE-2015-5842 CONFIRM APPLE
apple -- iphone_os	AppleKeyStore in Apple iOS before 9 allows physically proximate attackers to reset the count of incorrect passcode attempts via a device backup.	2015-09-18	2.1	CVE-2015-5850 CONFIRM APPLE
apple -- iphone_os	The convenience initializer in the Multipeer Connectivity component in Apple iOS before 9 does not require an encrypted session, which allows local users to obtain cleartext multipeer data via an encrypted-to-unencrypted downgrade attack.	2015-09-18	2.1	CVE-2015-5851 CONFIRM APPLE
apple -- iphone_os	SpringBoard in Apple iOS before 9 allows physically proximate attackers to bypass a lock-screen preview-disabled setting, and reply to an audio message, via unspecified vectors.	2015-09-18	2.1	CVE-2015-5861 CONFIRM APPLE
apple -- iphone_os	IOStorageFamily in Apple iOS before 9 does not properly initialize an unspecified data structure, which allows local users to obtain sensitive information from kernel memory via unknown vectors.	2015-09-18	2.1	CVE-2015-5863 CONFIRM APPLE
apple -- iphone_os	The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Apple iOS before 9 allows remote attackers to reconfigure a hop-limit setting via a small hop_limit value in a Router Advertisement (RA) message.	2015-09-18	3.3	CVE-2015-5869 CONFIRM MLIST APPLE
apple -- iphone_os	Siri in Apple iOS before 9 allows physically proximate attackers to bypass an intended client-side protection mechanism and obtain sensitive content-notification information by listening to a device in the lock-screen state.	2015-09-18	2.1	CVE-2015-5892 CONFIRM APPLE
apple -- iphone_os	WebKit in Apple iOS before 9 allows man-in-the-middle attackers to conduct redirection attacks by leveraging the mishandling of the resource cache of an SSL web site with an invalid X.509 certificate.	2015-09-18	2.6	CVE-2015-5907 CONFIRM APPLE
structured_dynamics -- open_semantic_framework	Cross-site scripting (XSS) vulnerability in unspecified administration pages in the OSF module 7.x-3.x before 7.x-3.1 for Drupal, when the OSF Ontology module is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.	2015-09-17	2.6	CVE-2015-7232 MISC CONFIRM
typo3 -- typo3	The sanitizeLocalUrl function in TYPO3 6.x before 6.2.15, 7.x before 7.4.0, 4.5.40, and earlier allows remote authenticated users to bypass the XSS filter and conduct cross-site scripting (XSS) attacks via a base64 encoded data URI, as demonstrated by the (1) returnUrl parameter to show_rechis.php and the (2) redirect_url parameter to index.php.	2015-09-16	3.5	CVE-2015-5956 CONFIRM BUGTRAQ
zendesk -- zendesk_feedback_tab	Cross-site scripting (XSS) vulnerability in the Zendesk Feedback Tab module 7.x-1.x before 7.x-1.1 for Drupal allows remote administrators with the "Configure Zendesk Feedback Tab" permission to inject arbitrary web script or HTML via unspecified vectors.	2015-09-11	2.6	CVE-2015-6921 MISC CONFIRM

This product is provided subject to this Notification and this Privacy & Use policy.

VMware Releases Security Update

Thu, 17 Sep 2015 10:47:41 +0000

Original release date: September 17, 2015

VMware has released a security update to address a Lightweight Directory Access Protocol (LDAP) certificate validation vulnerability in vCenter Server. Exploitation of this vulnerability may allow an attacker to obtain sensitive information.

Available updates include:

VMware vCenter Server version 6.0 update 1
VMware vCenter Server version 5.5 update 3

Users and administrators are encouraged to review VMware security advisory VSMA-2015-0006 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

Cisco Releases Security Updates

Thu, 17 Sep 2015 10:38:19 +0000

Original release date: September 17, 2015

Cisco has released updates to address vulnerabilities in Prime Collaboration Assurance, Prime Collaboration Provisioning, and TelePresence Server software. Exploitation of these vulnerabilities could allow a remote attacker to escalate privileges, obtain sensitive information, or cause a denial-of-service condition.

US-CERT encourages users and administrators to review Cisco advisories cisco-sa-20150916-pca, cisco-sa-20150916-pcp, cisco-sa-20150916-tps and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

Apple Releases Security Updates for OS X Server, iTunes, Xcode, and iOS

Thu, 17 Sep 2015 00:53:35 +0000

Original release date: September 16, 2015

Apple has released security updates for OS X Server, iTunes, Xcode, and iOS to address multiple vulnerabilities. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system.

Available updates include:

OS X Server v5.0.3 for OS X Yosemite v10.10.4 or later
iTunes 12.3 for Windows 7 and later
Xcode 7.0 for OS X Yosemite v10.10.4 or later
iOS 9 for iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later

US-CERT encourages users and administrators to review Apple security updates for OS X Server, iTunes, Xcode, and iOS and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

Internet Systems Consortium (ISC) Releases Security Updates for BIND

Wed, 16 Sep 2015 17:44:44 +0000

Original release date: September 16, 2015

ISC has released security updates to address vulnerabilities in BIND. Exploitation of these vulnerabilities may allow a remote attacker to cause a denial-of-service condition.

Available updates include:

BIND 9 version 9.9.8
BIND 9 version 9.10.3
BIND 9 version 9.9.8-S1

Users and administrators are encouraged to review ISC Knowledge Base Articles AA-01305, AA-01306, and AA-01307 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

ST15-001: IRS and US-CERT Caution Users: Prepare for Heightened Phishing Risk This Tax Season

Fri, 30 Jan 2015 05:00:00 +0000

Original release date: January 30, 2015

Overview

Throughout the year, scam artists pose as legitimate entities—such as the Internal Revenue Service (IRS), other government agencies, and financial institutions—in an attempt to defraud taxpayers. They employ sophisticated phishing campaigns to lure users to malicious sites or entice them to activate malware in infected email attachments. To protect sensitive data, credentials, and payment information, US-CERT and the IRS recommend taxpayers prepare for heightened risk this tax season and remain vigilant year-round.

Remain alert

Phishing attacks use email or malicious websites to solicit personal information by posing as a trustworthy organization. In many successful incidents, recipients are fooled into believing the phishing communication is from someone they trust. An actor may take advantage of knowledge gained from research and earlier attempts to masquerade as a legitimate source, including the look and feel of authentic communications. These targeted messages can trick any user into taking action that may compromise enterprise security.

Spot common elements of the phishing lifecycle

A Lure: enticing email content.
- Example 1 of actual phishing email
- Example 2 of actual phishing email
A Hook: an email-based exploit.
- Email with embedded malicious content that is executed as a side effect of opening the email
- Email with malicious attachments that are activated as a side effect of opening an attachment
- Email with “clickable” URLs: the body of the email includes a link, which displays as a recognized, legitimate website, though the actual URL redirects the user to malicious content
A Catch: a transaction conducted by an actor following a successful attempt.
- Unexplainable charges
- Unexplainable password changes

Understand how the IRS communicates electronically with taxpayers

The IRS does not initiate contact with taxpayers by email, text messages or social media channels to request personal or financial information.
This includes requests for PIN numbers, passwords or similar access information for credit cards, banks or other financial accounts.
The official website of the IRS is www.irs.gov.

Take action to avoid becoming a victim

If you believe you might have revealed sensitive information about your organization or access credentials, report it to the appropriate contacts within the organization, including network administrators. They can be alert for any suspicious or unusual activity.

Watch for any unexplainable charges to your financial accounts. If you believe your accounts may be compromised, contact your financial institution immediately and close those accounts.

If you believe you might have revealed sensitive account information, immediately change the passwords you might have revealed. If you used the same password for multiple accounts, make sure to change the password for each account and do not use that password in the future.

Report suspicious phishing communications

Email: If you read an email claiming to be from the IRS, do not reply or click on attachments and/or links. Forward the email as-is to phishing@irs.gov, then delete the original email.
Website: If you find a website that claims to be the IRS and suspect it is fraudulent, send the URL of the suspicious site to phishing@irs.gov with subject line, “Suspicious website”.
Text Message: If you receive a suspicious text message, do not reply or click on attachments and/or links. Forward the text as-is to 202-552-1226 (standard text rates apply), and then delete the original message (if you clicked on links in SMS and entered confidential information, visit the IRS’ identity protection page).

If you are a victim of any of the above scams involving IRS impersonation, please report to phishing@irs.gov, file a report with the Treasury Inspector General for Tax Administration (TIGTA), the Federal Trade Commission (FTC), and the police.

Additional Resources

For more information on phishing, other suspicious IRS-related communications including phone or fax scams, or additional guidance released by Treasury/IRS and DHS/US-CERT, visit:

To report a cybersecurity incident, vulnerability, or phishing attempt, visit US-CERT.gov/report.

Author: US-CERT and IRS

This product is provided subject to this Notification and this Privacy & Use policy.

ST14-001: Sochi 2014 Olympic Games

Tue, 04 Feb 2014 15:20:38 +0000

Original release date: February 04, 2014 | Last revised: March 10, 2014

Overview

Whether traveling to Sochi, Russia for the XXII Olympic Winter Games, or viewing the games from locations abroad, there are several cyber-related risks to consider. As with many international level media events, hacktivists may attempt to take advantage of the large audience to spread their own message. Additionally, cyber criminals may use the games as a lure in spam, phishing or drive-by-download campaigns to gain personally identifiable information or harvest credentials for financial gain. Lastly, those physically attending the games should be cognizant that their communications will likely be monitored.

Hacktivists

A number of hacktivist campaigns may attach themselves to the upcoming Olympics simply to take advantage of the on-looking audience. For example, the hacktivist group, Anonymous Caucasus, has launched what appears to be a threat against any company that finances or supports the winter games. This group states the Sochi games infrastructure was built on the graves of 1 million innocent Caucasians who were murdered by the Russians in 1864. According to Trusted Third Party analysis, the group has been linked to distributed denial of service (DDoS) attacks on Russian banks in October 2013. Therefore, the group is likely capable of waging similar attacks on the websites of organizations they believe financed Olympic related activities; however, no specific threat or target has been identified at the time of this report.

Olympic coverage

Whether viewing live coverage, event replays, or checking medal statistics online, it’s important to visit only trusted websites. Events which gain significant public interest and media coverage are often used as lures for spam or spearphishing campaigns. Malicious actors may also create fake websites and domains that appear to be official Olympic news or coverage that can be used to deliver malware to an end user upon visiting the site (also known as drive-by downloads or wateringholes).

NBCUniversal offers exclusive coverage of the games for viewers via NBC, NBCSN, MSNBC, USA Network, NBCOlympics.com and corresponding Twitter, Facebook and Instagram accounts. Viewers should be wary of any other source claiming to provide live coverage. As always, it is best to visit trusted resources directly rather than clicking on emailed links or opening attachments.

Purchasing tickets or merchandise at the Games

According to the official Winter Olympics website: http://www.sochi2014.com, Visa will be the only card accepted for all purchases including tickets and merchandise at the Games. Tickets may only be purchased through Authorized Ticket Resellers (ATR). Individuals can validate the authenticity of an ATR offering tickets by using the “Website Checker” tool available on the official Sochi website. The designated ATR in the United States is CoSport, and at the time of this report, individuals purchasing tickets through CoSport may only pick up their tickets at CoSport’s Host City Collection Center in Sochi, Russia. Any ticket offer from a site not recognized as an ATR or accepting payment methods outside of VISA are likely fraudulent and should be met with skepticism.

Traveling to Sochi

When traveling abroad it’s important to know your host countries laws and policies, particularly when it comes to privacy. Russia has a national system of lawful interception of all electronic communications. The System of Operative-Investigative Measures, or SORM, legally allows the Russian FSB to monitor, intercept, and block any communication sent electronically (i.e. cell phone or landline calls, internet traffic, etc.). SORM-1 captures telephone and mobile phone communications, SORM-2 intercepts internet traffic, and SORM-3 collects information from all forms of communication, providing long-term storage of all information and data on subscribers, including actual recordings and locations. Reports of Rostelecom, Russia’s national telecom operator, installing deep packet inspection (DPI ) means authorities can easily use key words to search and filter communications. Therefore, it is important that attendees understand communications while at the Games should not be considered private.

Russia also retains broad inbound encryption license requirements. Taking laptops and other devices into the country is unrestricted; however software may be inspected upon departure. This means, any computer or software containing sensitive or encrypted data may be confiscated by Russian authorities when individuals depart from the country . Travelers may want to consider leaving personal electronic devices (e.g. laptops, smartphones, tablets) at home or alternatively bring loaner devices that do not already store sensitive data on them and can be wiped upon return to your home country. If individuals decide to bring their personal devices, consider all communications and files on them to be vulnerable to interception or confiscation.

References

Author: NCCIC Watch & Warning

This product is provided subject to this Notification and this Privacy & Use policy.

ST13-003: Handling Destructive Malware

Mon, 04 Nov 2013 17:58:25 +0000

Original release date: November 04, 2013

Overview

Destructive malware presents a direct threat to an organization’s daily operations, directly impacting the availability of critical assets and data. Organizations should increase vigilance and evaluate their capabilities encompassing planning, preparation, detection, and response for such an event. This publication is focused on the threat of enterprise-scale distributed propagation methods for malware and provides recommended guidance and considerations for an organization to address as part of their network architecture, security baseline, continuous monitoring, and Incident Response practices.

While specific indicators and modules related to destructive malware may evolve over time, it is critical that an organization assess their capability to actively prepare for and respond to such an event.

Potential Distribution Vectors

Destructive malware has the capability to target a large scope of systems, and can potentially execute across multiple systems throughout a network. As a result, it is important for an organization to assess their environment for atypical channels for potential malware delivery and/or propagation throughout their systems. Systems to assess include:

Enterprise Applications – particularly those which have the capability to directly interface with and impact multiple hosts and endpoints. Common examples include
- Patch Management Systems,
- Asset Management Systems,
- Remote Assistance software (typically utilized by the corporate Help Desk),
- Anti-Virus,
- Systems assigned to system and network administrative personnel,
- Centralized Backup Servers, and
- Centralized File Shares.

While not applicable to malware specifically, threat actors could compromise additional resources to impact the availability of critical data and applications. Common examples include:

Centralized storage devices
- Potential Risk – direct access to partitions and data warehouses;
Network devices
- Potential Risk – capability to inject false routes within the routing table, delete specific routes from the routing table, or remove/modify configuration attributes - which could isolate or degrade availability of critical network resources.

Best Practices and Planning Strategies

Common strategies can be followed to strengthen an organization’s resilience against destructive malware. Targeted assessment and enforcement of best practices should be employed for enterprise components susceptible to destructive malware.

Communication Flow

Ensure proper network segmentation.
Ensure that network-based access-control lists (ACLs) are configured to permit server-to-host and host-to-host connectivity via the minimum scope of ports and protocols – and that directional flows for connectivity are represented appropriately.
- Communication flow paths should be fully defined, documented, and authorized.
Increase awareness of systems which can be utilized as a gateway to pivot (lateral movement) or directly connect to additional endpoints throughout the enterprise.
- Ensure that these systems are contained within restrictive VLANs, with additional segmentation and network access-controls.
Ensure that centralized network and storage devices’ management interfaces are resident on restrictive VLANs.
- Layered access-control, and
- Device-level access-control enforcement – restricting access from only pre-defined VLANs and trusted IP ranges.

Access Control

For Enterprise systems which can directly interface with multiple endpoints:
- Require two factor authentication for interactive logons.
- Ensure that authorized users are mapped to a specific subset of enterprise personnel.
  - If possible, the “Everyone” , “Domain Users” or the “Authenticated Users” groups should not be permitted the capability to directly access or authenticate to these systems.
- Ensure that unique domain accounts are utilized and documented for each Enterprise application service.
  - Context of permissions assigned to these accounts should be fully documented and configured based upon the concept of least privilege.
  - Provides an enterprise with the capability to track and monitor specific actions correlating to an application’s assigned service account.
- If possible, do not grant a service account with local or interactive logon permissions.
  - Service accounts should be explicitly denied permissions to access network shares and critical data locations.
- Accounts which are utilized to authenticate to centralized enterprise application servers or devices should not contain elevated permissions on downstream systems and resources throughout the enterprise.
Continuously review centralized file share access-control lists and assigned permissions.
- Restrict Write/Modify/Full Control permissions when possible.

Monitoring

Audit and review security logs for anomalous references to enterprise-level administrative (privileged) and service accounts.
- Failed logon attempts,
- File share access, and
- Interactive logons via a remote session.
Review network flow data for signs of anomalous activity.
- Connections utilizing ports which do not correlate to the standard communication flow associated with an application,
- Activity correlating to port scanning or enumeration, and
- Repeated connections utilizing ports which can be utilized for command and control purposes.
Ensure that network devices log and audit all configuration changes.
- Continually review network device configurations and rule sets, to ensure that communication flows are restricted to the authorized subset of rules.

File Distribution

When deploying patches or AV signatures throughout an enterprise, stage the distributions to include a specific grouping of systems (staggered over a pre-defined time period).
- This action can minimize the overall impact in the event that an enterprise patch management or AV system is leveraged as a distribution vector for a malicious payload.
Monitor and assess the integrity of patches and AV signatures which are distributed throughout the enterprise.
- Ensure updates are received only from trusted sources,
- Perform file and data integrity checks, and
- Monitor and audit – as related to the data that is distributed from an enterprise application.

System and Application Hardening

Ensure that the underlying Operating System (OS) and dependencies (ex: IIS, Apache, SQL) supporting an application are configured and hardened based upon industry-standard best practice recommendations. Implement application-level security controls based upon best practice guidance provided by the vendor. Common recommendations include:
- Utilize role-based access control,
- Prevent end-user capabilities to bypass application-level security controls,
  - Example – disabling Antivirus on a local workstation
- Disable un-necessary or un-utilized features or packages, and
- Implement robust application logging and auditing
Thoroughly test and implement vendor patches in a timely manner.

Recovery and Reconstitution Planning

A Business Impact Analysis (BIA) is a key component of contingency planning and preparation. The overall output of a BIA will provide an organization with two key components (as related to critical mission/business operations):

Characterization and classification of system components, and
Interdependencies.

Based upon the identification of an organization’s mission critical assets (and their associated interdependencies), in the event that an organization is impacted by a potentially destructive condition, recovery and reconstitution efforts should be considered.

To plan for this scenario, an organization should address the availability and accessibility for the following resources (and should include the scope of these items within Incident Response exercises and scenarios):

Comprehensive inventory of all mission critical systems and applications:
- Versioning information,
- System / application dependencies,
- System partitioning/ storage configuration and connectivity, and
- Asset Owners / Points of Contact.
Comprehensive inventory of all mission critical systems and applications:
- Versioning information,
- System / application dependencies,
- System partitioning/ storage configuration and connectivity, and
- Asset Owners / Points of Contact.
Contact information for all essential personnel within the organization,
Secure communications channel for recovery teams,
Contact information for external organizational-dependant resources:
- Communication Providers,
- Vendors (hardware / software), and
- Outreach partners / External Stakeholders
Service Contract Numbers - for engaging vendor support,
Organizational Procurement Points of Contact,
ISO / image files for baseline restoration of critical systems and applications:
- Operating System installation media,
- Service Packs / Patches,
- Firmware, and
- Application software installation packages.
Licensing/activation keys for Operating Systems (OS) and dependant applications,
Enterprise Network Topology and Architecture diagrams,
System and application documentation,
Hard copies of operational checklists and playbooks,
System and application configuration backup files,
Data backup files (full/differential),
System and application security baseline and hardening checklists/guidelines, and
System and application integrity test and acceptance checklists.

Containment

In the event that an organization observes a large-scale outbreak that may be reflective of a destructive malware attack, in accordance with Incident Response best practices, the immediate focus should be to contain the outbreak, and reduce the scope of additional systems which could be further impacted.

Strategies for containment include:

Determining a vector common to all systems experiencing anomalous behavior (or having been rendered unavailable) – from which a malicious payload could have been delivered:
- Centralized Enterprise Application,
- Centralized File Share (for which the identified systems were mapped or had access),
- Privileged User Account common to the identified systems,
- Network Segment or Boundary, and
- Common DNS Server for name resolution.
Based upon the determination of a likely distribution vector, additional mitigation controls can be enforced to further minimize impact:
- Implement network-based access-control lists to deny the identified application(s) the capability to directly communicate with additional systems,
  - Provides an immediate capability to isolate and sandbox specific systems or resources
- Implement null network routes for specific IP addresses (or IP ranges) – from which the payload may be distributed,
  - An organization’s internal DNS can also be leveraged for this task – as a null pointer record could be added within a DNS zone for an identified server or application
- Readily disable access for suspected user or service account(s), and
- For suspect file shares (which may be hosting the infection vector), remove access or disable the share path from being accessed by additional systems.

As related to incident response and incident handling, organizations are reminded to:

Report the incident to US-CERT and/or ICS-CERT for tracking and correlation purposes, and
Preserve forensic data for use in internal investigation of the incident or for possible law enforcement purposes.

Author: ICS-CERT and US-CERT

This product is provided subject to this Notification and this Privacy & Use policy.

13-002: International Mobile Safety Tips

Tue, 29 Oct 2013 17:32:47 +0000

Original release date: October 29, 2013 | Last revised: November 04, 2013

October 29, 2013 marks the 4th Annual Asia Pacific Economic Cooperation Cyber Security Awareness Day. To recognize this occasion and in observance of the 10th year of National Cyber Security Awareness Month in the United States, US-CERT, along with its international partners from Asia and Europe, is promoting a set of International Mobile Safety Tips that were developed by the National Cyber Security Alliance, InfollutionZero, the Cyber Security Awareness Alliance in Singapore, and the iZ HERO Project.

The goal of the campaign is to use harmonized messaging to reach out to children, families, and schools across the world, and to provide them with core principles and simple tips that can help people of all ages enjoy safer and more secure use of digital devices and the Internet.

US-CERT encourages users and administrators to view the International Mobile Safety Tips at the following link and share them with their respective communities.

http://stopthinkconnect.org/campaigns/details/?id=442

The guidelines below provide core principles and recommendations for more secure use of digital devices and the Internet.

Keep software updated. Running the most recent versions of your mobile operating system, security software, apps and Web browsers is among the best defenses against malware, viruses and other online threats.
Keep your device secure by using a strong password to lock your smartphone or tablet.
Enable two-step authentication when offered, and change passwords to any accounts you accessed while connected to an unfamiliar network.
Before downloading an application (app), make sure you understand what information (i.e., location, your contacts, social networking profiles, etc.) the app would access and share before you download it. Download apps from trusted sources.
Back up your contacts, photos, videos and other mobile device data with another device or cloud service on a weekly basis.
When using a public or unsecured wireless connection, avoid using sites and apps that require personal information like log-ins.
Automatically connecting to networks can create vulnerabilities exploitable by hackers and others. Switch off your Wi-Fi and Bluetooth connections when not in use.
Delete any online communications (i.e., texts, emails, social media posts) that look suspicious, even if you think you know the source.
When banking or shopping online, use only trusted apps or websites that begin with https://.
The Golden Rule. Be respectful on your device. Treat others as you would like to be treated when texting, calling or using social networks.
Share with care. Be a true friend when taking and sharing photos and videos with your smartphone. Get permission from friends before you share them via text or social networks.
Be Web wise. Stay informed of the latest updates to your device and apps. Know what to do if something goes wrong.

References

International Mobile Safety Tips - Stop Think Connect

Author: US-CERT

This product is provided subject to this Notification and this Privacy & Use policy.

ST04-017: Protecting Portable Devices: Physical Security

Mon, 19 Dec 2011 18:01:34 +0000

Original release date: December 19, 2011 | Last revised: February 06, 2013

Many computer users, especially those who travel for business, rely on laptops and personal internet-enabled devices like smartphones and tablets because they are small and easily transported. But while these characteristics make them popular and convenient, they also make them an ideal target for thieves. Make sure to secure your mobile devices to protect both the machine and the information they contain.

What is at risk?

Only you can determine what is actually at risk. If a thief steals your laptop or mobile device, the most obvious loss is the machine itself. However, if the thief is able to access the information on the computer or mobile device, all of the information stored on the device is at risk, as well as any additional information that could be accessed as a result of the data stored on the device itself.

Sensitive corporate information or customer account information should not be accessed by unauthorized people. You've probably heard news stories about organizations panicking because laptops with confidential information on them have been lost or stolen. But even if there isn't any sensitive corporate information on your laptop or mobile device, think of the other information at risk: information about appointments, passwords, email addresses and other contact information, personal information for online accounts, etc.

How can you protect your laptop or internet-enabled device?

Password-protect your computer - Make sure that you have to enter a password to log in to your computer or mobile device (see Choosing and Protecting Passwords for more information).
Keep your valuables with you at all times - When traveling, keep your device with you. Meal times are optimum times for thieves to check hotel rooms for unattended laptops. If you are attending a conference or trade show, be especially wary—these venues offer thieves a wider selection of devices that are likely to contain sensitive information, and the conference sessions offer more opportunities for thieves to access guest rooms.
Downplay your laptop or mobile device - There is no need to advertise to thieves that you have a laptop or mobile device. Avoid using your device in public areas, and consider non-traditional bags for carrying your laptop.
Be aware of your surroundings - If you do use your laptop or mobile device in a public area, pay attention to people around you. Take precautions to shield yourself from "shoulder surfers"—make sure that no one can see you type your passwords or see any sensitive information on your screen.
Consider an alarm or lock - Many companies sell alarms or locks that you can use to protect or secure your laptop. If you travel often or will be in a heavily populated area, you may want to consider investing in an alarm for your laptop bag or a lock to secure your laptop to a piece of furniture.
Back up your files - If your mobile device is stolen, it's bad enough that someone else may be able to access your information. To avoid losing all of the information, make backups of important information and store the backups in a separate location (see Good Security Habits for more information). Not only will you still be able to access the information, but you'll be able to identify and report exactly what information is at risk.

What can you do if your laptop or mobile device is lost or stolen?

Report the loss or theft to the appropriate authorities. These parties may include representatives from law enforcement agencies, as well as hotel or conference staff. If your device contained sensitive corporate or customer account information, immediately report the loss or theft to your organization so that they can act quickly.

Author: Mindi McDowell

This product is provided subject to this Notification and this Privacy & Use policy.

ST11-001: Holiday Traveling with Personal Internet-Enabled Devices

Mon, 19 Dec 2011 17:42:27 +0000

Original release date: December 19, 2011 | Last revised: February 06, 2013

The internet is at our fingertips with the widespread use of internet-enabled devices such as smart phones and tablets. When traveling and shopping anytime, and especially during the holidays, consider the wireless network you are using when you complete transactions on your device.

Know the risks

Your smart phone, tablet, or other device is a full-fledged computer. It is susceptible to risks inherent in online transactions. When shopping, banking, or sharing personal information online, take the same precautions with your smart phone or other device that you do with your personal computer — and then some. The mobile nature of these devices means that you should also take precautions for the physical security of your device (see Protecting Portable Devices: Physical Security for more information) and consider the way you are accessing the internet.

Do not use public Wi-Fi networks

Avoid using open Wi-Fi networks to conduct personal business, bank, or shop online. Open Wi-Fi networks at places such as airports, coffee shops, and other public locations present an opportunity for attackers to intercept sensitive information that you would provide to complete an online transaction.

If you simply must check your bank balance or make an online purchase while you are traveling, turn off your device's Wi-Fi connection and use your mobile device's cellular data internet connection instead of making the transaction over an unsecure Wi-Fi network.

Turn off Bluetooth when not in use

Bluetooth-enabled accessories can be helpful, such as earpieces for hands-free talking and external keyboards for ease of typing. When these devices are not in use, turn off the Bluetooth setting on your phone. Cyber criminals have the capability to pair with your phone's open Bluetooth connection when you are not using it and steal personal information.

Be cautious when charging

Avoid connecting your mobile device to any computer or charging station that you do not control, such as a charging station at an airport terminal or a shared computer at a library. Connecting a mobile device to a computer using a USB cable can allow software running on that computer to interact with the phone in ways that a user may not anticipate. As a result, a malicious computer could gain access to your sensitive data or install new software. Don't Fall Victim to Phishing Scams If you are in the shopping mode, an email that appears to be from a legitimate retailer might be difficult to resist. If the deal looks too good to be true, or the link in the email or attachment to the text seems suspicious, do not click on it!

What to do if your accounts are compromised

If you notice that one of your online accounts has been hacked, call the bank, store, or credit card company that owns your account. Reporting fraud in a timely manner helps minimize the impact and lessens your personal liability. You should also change your account passwords for any online services associated with your mobile device using a different computer that you control. If you are the victim of identity theft, additional information is available from http://www.idtheft.gov/.

For even more information about keeping your devices safe, read Cybersecurity for Electronic Devices.

References

For even more information about keeping your devices safe, read Cybersecurity for Electronic Devices.

Author: Amanda Parente

This product is provided subject to this Notification and this Privacy & Use policy.

ST05-017: Cybersecurity for Electronic Devices

Mon, 19 Dec 2011 17:27:06 +0000

Original release date: December 19, 2011 | Last revised: February 06, 2013

When you think about cybersecurity, remember that electronics such as smartphones and other internet-enabled devices may also be vulnerable to attack. Take appropriate precautions to limit your risk.

Why does cybersecurity extend beyond computers?

Actually, the issue is not that cybersecurity extends beyond computers; it is that computers extend beyond traditional laptops and desktops. Many electronic devices are computers—from cell phones and tablets to video games and car navigation systems. While computers provide increased features and functionality, they also introduce new risks. Attackers may be able to take advantage of these technological advancements to target devices previously considered "safe." For example, an attacker may be able to infect your cell phone with a virus, steal your phone or wireless service, or access the data on your device. Not only do these activities have implications for your personal information, but they could also have serious consequences if you store corporate information on the device.

What types of electronics are vulnerable?

Any piece of electronic equipment that uses some kind of computerized component is vulnerable to software imperfections and vulnerabilities. The risks increase if the device is connected to the internet or a network that an attacker may be able to access. Remember that a wireless connection also introduces these risks (see Securing Wireless Networks for more information). The outside connection provides a way for an attacker to send information to or extract information from your device.

How can you protect yourself?

Remember physical security - Having physical access to a device makes it easier for an attacker to extract or corrupt information. Do not leave your device unattended in public or easily accessible areas (see Protecting Portable Devices: Physical Security for more information).
Keep software up to date - If the vendor releases updates for the software operating your device, install them as soon as possible. Installing them will prevent attackers from being able to take advantage of known problems or vulnerabilities (see Understanding Patches for more information).
Use good passwords - Choose devices that allow you to protect your information with passwords. Select passwords that will be difficult for thieves to guess, and use different passwords for different programs and devices (see Choosing and Protecting Passwords for more information). Do not choose options that allow your computer to remember your passwords.
Disable remote connectivity - Some mobile devices are equipped with wireless technologies, such as Bluetooth, that can be used to connect to other devices or computers. You should disable these features when they are not in use (see Understanding Bluetooth Technology for more information).
Encrypt files - If you are storing personal or corporate information, see if your device offers the option to encrypt the files. By encrypting files, you ensure that unauthorized people can't view data even if they can physically access it. When you use encryption, it is important to remember your passwords and passphrases; if you forget or lose them, you may lose your data.

Authors: Mindi McDowell and Matt Lytle

This product is provided subject to this Notification and this Privacy & Use policy.

ST06-001: Understanding Hidden Threats: Rootkits and Botnets

Thu, 25 Aug 2011 02:41:31 +0000

Original release date: August 24, 2011 | Last revised: February 06, 2013

Attackers are continually finding new ways to access computer systems. The use of hidden methods such as rootkits and botnets has increased, and you may be a victim without even realizing it.

What are rootkits and botnets?

A rootkit is a piece of software that can be installed and hidden on your computer without your knowledge. It may be included in a larger software package or installed by an attacker who has been able to take advantage of a vulnerability on your computer or has convinced you to download it (see Avoiding Social Engineering and Phishing Attacks for more information). Rootkits are not necessarily malicious, but they may hide malicious activities. Attackers may be able to access information, monitor your actions, modify programs, or perform other functions on your computer without being detected.

Botnet is a term derived from the idea of bot networks. In its most basic form, a bot is simply an automated computer program, or robot. In the context of botnets, bots refer to computers that are able to be controlled by one, or many, outside sources. An attacker usually gains control by infecting the computers with a virus or other malicious code that gives the attacker access. Your computer may be part of a botnet even though it appears to be operating normally. Botnets are often used to conduct a range of activities, from distributing spam and viruses to conducting denial-of-service attacks (see Understanding Denial-of-Service Attacks for more information).

Why are they considered threats?

The main problem with both rootkits and botnets is that they are hidden. Although botnets are not hidden the same way rootkits are, they may be undetected unless you are specifically looking for certain activity. If a rootkit has been installed, you may not be aware that your computer has been compromised, and traditional anti-virus software may not be able to detect the malicious programs. Attackers are also creating more sophisticated programs that update themselves so that they are even harder to detect.

Attackers can use rootkits and botnets to access and modify personal information, attack other computers, and commit other crimes, all while remaining undetected. By using multiple computers, attackers increase the range and impact of their crimes. Because each computer in a botnet can be programmed to execute the same command, an attacker can have each of them scanning multiple computers for vulnerabilities, monitoring online activity, or collecting the information entered in online forms.

What can you do to protect yourself?

If you practice good security habits, you may reduce the risk that your computer will be compromised:

Use and maintain anti-virus software - Anti-virus software recognizes and protects your computer against most known viruses, so you may be able to detect and remove the virus before it can do any damage (see Understanding Anti-Virus Software for more information). Because attackers are continually writing new viruses, it is important to keep your definitions up to date. Some anti-virus vendors also offer anti-rootkit software.
Install a firewall - Firewalls may be able to prevent some types of infection by blocking malicious traffic before it can enter your computer and limiting the traffic you send (see Understanding Firewalls for more information). Some operating systems actually include a firewall, but you need to make sure it is enabled.
Use good passwords - Select passwords that will be difficult for attackers to guess, and use different passwords for different programs and devices (see Choosing and Protecting Passwords for more information). Do not choose options that allow your computer to remember your passwords.
Keep software up to date - Install software patches so that attackers can't take advantage of known problems or vulnerabilities (see Understanding Patches for more information). Many operating systems offer automatic updates. If this option is available, you should enable it.
Follow good security practices - Take appropriate precautions when using email and web browsers to reduce the risk that your actions will trigger an infection (see other US-CERT security tips for more information).

Unfortunately, if there is a rootkit on your computer or an attacker is using your computer in a botnet, you may not know it. Even if you do discover that you are a victim, it is difficult for the average user to effectively recover. The attacker may have modified files on your computer, so simply removing the malicious files may not solve the problem, and you may not be able to safely trust a prior version of a file. If you believe that you are a victim, consider contacting a trained system administrator.

As an alternative, some vendors are developing products and tools that may remove a rootkit from your computer. If the software cannot locate and remove the infection, you may need to reinstall your operating system, usually with a system restore disk that is often supplied with a new computer. Note that reinstalling or restoring the operating system typically erases all of your files and any additional software that you have installed on your computer. Also, the infection may be located at such a deep level that it cannot be removed by simply reinstalling or restoring the operating system.

Author: Mindi McDowell

This product is provided subject to this Notification and this Privacy & Use policy.

ST04-024: Understanding ISPs

Wed, 06 Jul 2011 14:10:11 +0000

Original release date: July 06, 2011 | Last revised: February 06, 2013

ISPs offer services like email and internet access. In addition to availability, you may want to consider other factors so that you find an ISP that supports all of your needs.

What is an ISP?

An ISP, or internet service provider, is a company that provides its customers access to the internet and other web services. In addition to maintaining a direct line to the internet, the company usually maintains web servers. By supplying necessary software, a password-protected user account, and a way to connect to the internet (e.g., modem), ISPs offer their customers the capability to browse the web and exchange email with other people. Some ISPs also offer additional services. With the development of smart phones, many cell phone providers are also ISPs.

ISPs can vary in size—some are operated by one individual, while others are large corporations. They may also vary in scope—some only support users in a particular city, while others have regional or national capabilities.

What services do ISPs provide?

Almost all ISPs offer email and web browsing capabilities. They also offer varying degrees of user support, usually in the form of an email address or customer support hotline. Most ISPs also offer web hosting capabilities, allowing users to create and maintain personal web pages; and some may even offer the service of developing the pages for you. Some ISPs bundle internet service with other services, such as television and telephone service. Many ISPs offer a wireless modem as part of their service so that customers can use devices equipped with Wi-Fi.

As part of normal operation, most ISPs perform backups of email and web files. If the ability to recover email and web files is important to you, check with your ISP to see if they back up the data; it might not be advertised as a service. Additionally, most ISPs implement firewalls to block some portion of incoming traffic, although you should consider this a supplement to your own security precautions, not a replacement (see Understanding Firewalls for more information).

How do you choose an ISP?

Traditional, broadband ISPs typically offer internet access through cable, DSL, or fiberoptic options. The availability of these options may depend where you live. In addition to the type of access, there are other factors that you may want to consider:

security - Do you feel that the ISP is concerned about security? Does it use encryption and SSL (see Protecting Your Privacy for more information) to protect any information you submit (e.g., user name, password)? If the ISP provides a wireless modem, what wireless security standards does it support, and are those standards compatible with your existing devices?
privacy - Does the ISP have a published privacy policy? Are you comfortable with who has access to your information and how it is being handled and used?
services - Does your ISP offer the services you want? Do they meet your requirements? Is there adequate support for the services? If the ISP provides a wireless modem, are its wireless standards compatible with your existing devices?
cost - Are the ISP's costs affordable? Are they reasonable for the number of services you receive, as well as the level of those services? Are you sacrificing quality and security to get the lowest price?
reliability - Are the services your ISP provides reliable, or are they frequently unavailable due to maintenance, security problems, a high volume of users, or other reasons? If the ISP knows that services will be unavailable for a particular reason, does it adequately communicate that information?
user support - Are there published methods for contacting customer support? Do you receive prompt and friendly service? Do their hours of availability accommodate your needs? Do the consultants have the appropriate level of knowledge?
speed - How fast is your ISP's connection? Is it sufficient for accessing your email or navigating the internet?
recommendations - Have you heard or seen positive reviews about the ISP? Were they from trusted sources? Does the ISP serve your geographic area? If you've uncovered negative points, are they factors you are concerned about?

Author: Mindi McDowell

This product is provided subject to this Notification and this Privacy & Use policy.

ST06-005: Dealing with Cyberbullies

Wed, 01 Jun 2011 16:26:45 +0000

Original release date: June 01, 2011 | Last revised: February 06, 2013

Bullies are taking advantage of technology to intimidate and harass their victims. Dealing with cyberbullying can be difficult, but there are steps you can take.

What is cyberbullying?

Cyberbullying refers to practice of using technology to harass, or bully, someone else. Bullies used to be restricted to methods such as physical intimidation, postal mail, or the telephone. Now, developments in electronic media offer forums such as email, instant messaging, web pages, and digital photos to add to the arsenal. Computers, cell phones, and PDAs are current tools that are being used to conduct an old practice.

Forms of cyberbullying can range in severity from cruel or embarrassing rumors to threats, harassment, or stalking. It can affect any age group; however, teenagers and young adults are common victims, and cyberbullying is a growing problem in schools.

Why has cyberbullying become such a problem?

The relative anonymity of the internet is appealing for bullies because it enhances the intimidation and makes tracing the activity more difficult. Some bullies also find it easier to be more vicious because there is no personal contact. Unfortunately, the internet and email can also increase the visibility of the activity. Information or pictures posted online or forwarded in mass emails can reach a larger audience faster than more traditional methods, causing more damage to the victims. And because of the amount of personal information available online, bullies may be able to arbitrarily choose their victims.

Cyberbullying may also indicate a tendency toward more serious behavior. While bullying has always been an unfortunate reality, most bullies grow out of it. Cyberbullying has not existed long enough to have solid research, but there is evidence that it may be an early warning for more violent behavior.

How can you protect yourself or your children?

Teach your children good online habits - Explain the risks of technology, and teach children how to be responsible online (see Keeping Children Safe Online for more information). Reduce their risk of becoming cyberbullies by setting guidelines for and monitoring their use of the internet and other electronic media (cell phones, PDAs, etc.).
Keep lines of communication open - Regularly talk to your children about their online activities so that they feel comfortable telling you if they are being victimized.
Watch for warning signs - If you notice changes in your child's behavior, try to identify the cause as soon as possible. If cyberbullying is involved, acting early can limit the damage.
Limit availability of personal information - Limiting the number of people who have access to contact information or details about interests, habits, or employment reduces exposure to bullies that you or your child do not know. This may limit the risk of becoming a victim and may make it easier to identify the bully if you or your child are victimized.
Avoid escalating the situation - Responding with hostility is likely to provoke a bully and escalate the situation. Depending on the circumstances, consider ignoring the issue. Often, bullies thrive on the reaction of their victims. Other options include subtle actions. For example, you may be able to block the messages on social networking sites or stop unwanted emails by changing the email address. If you continue to get messages at the new email address, you may have a stronger case for legal action.
Document the activity - Keep a record of any online activity (emails, web pages, instant messages, etc.), including relevant dates and times. In addition to archiving an electronic version, consider printing a copy.
Report cyberbullying to the appropriate authorities - If you or your child are being harassed or threatened, report the activity. Many schools have instituted bullying programs, so school officials may have established policies for dealing with activity that involves students. If necessary, contact your local law enforcement. Law enforcement agencies have different policies, but your local police department or FBI branch are good starting points. Unfortunately, there is a distinction between free speech and punishable offenses, but the legal implications should be decided by the law enforcement officials and the prosecutors.

Additional information

The following organizations offer additional information about this topic:

National Crime Prevention Council - http://www.ncpc.org/cyberbullying
StopBullying.gov - http://www.stopbullying.gov/

Author: Mindi McDowell

This product is provided subject to this Notification and this Privacy & Use policy.