VARIoT IoT vulnerabilities database

IniNet embeddedWebServer (aka eWebServer) before 2.02 for Windows CE uses cleartext for password storage, which allows context-dependent attackers to obtain sensitive information via unspecified vectors. IniNet Solutions GmbH is a Swiss company whose product eWebServer is a third-party web-based server software. IniNet Solutions embeddedWebServer has a plain text preservation vulnerability that could be exploited by an attacker to elevate privileges. IniNet Solutions eWebServer is prone to a local information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information such as passwords that may aid in launching further attacks

The policy implementation in Cisco FireSIGHT Management Center 5.3.1.7, 5.4.0.4, and 6.0.0 for VMware allows remote authenticated administrators to bypass intended policy restrictions and execute Linux commands as root via unspecified vectors, aka Bug ID CSCuw12839. The Cisco FireSIGHT Management Center centrally manages the network security and operational features of Cisco ASA with FirePOWER Services and Cisco FirePOWER appliances. Attackers can exploit this issue to bypass security restrictions to perform unauthorized actions; this may aid in launching further attacks. This issue is being tracked by Cisco Bug ID CSCuw12839

The SSH server in Juniper Junos OS before 12.1X44-D50, 12.1X46 before 12.1X46-D35, 12.1X47 before 12.1X47-D25, 12.3 before 12.3R10, 12.3X48 before 12.3X48-D10, 13.2 before 13.2R8, 13.2X51 before 13.2X51-D35, 13.3 before 13.3R6, 14.1 before 14.1R5, 14.1X53 before 14.1X53-D25, 14.2 before 14.2R3, 15.1 before 15.1R1, and 15.1X49 before 15.1X49-D20 allows remote attackers to cause a denial of service (CPU consumption) via unspecified SSH traffic. Juniper Junos is a set of network operating system of Juniper Networks (Juniper Networks) dedicated to the company's hardware system. The operating system provides a secure programming interface and Junos SDK. The following versions are affected: Juniper Networks Junos OS prior to 12.1X44-D50, 12.1X46 prior to 12.1X46-D35, 12.1X47 prior to 12.1X47-D25, 12.3 prior to 12.3R10, 12.3X48 prior to 12.3X48-D10, 13.2 13.2 before R8, 13.2X51 before 13.2X51-D35, 13.3 before 13.3R6, 14.1 before 14.1R5, 14.1X53 before 14.1X53-D25, 14.2 before 14.2R3, 15.1 before 15.1R1, 15.1X49- Version 15.1X49 before D20

The L2TP packet processing functionality in Juniper Netscreen and ScreenOS Firewall products with ScreenOS before 6.3.0r13-dnd1, 6.3.0r14 through 6.3.0r18 before 6.3.0r18-dnc1, and 6.3.0r19 allows remote attackers to cause a denial of service via a crafted L2TP packet. Juniper Netscreen and ScreenOS Firewall with ScreenOS is a NetScreen series firewall running the ScreenOS operating system from Juniper Networks

Juniper Junos OS before 12.1X44-D50, 12.1X46 before 12.1X46-D35, 12.1X47 before 12.1X47-D25, 12.3 before 12.3R9, 12.3X48 before 12.3X48-D15, 13.2 before 13.2R7, 13.2X51 before 13.2X51-D35, 13.3 before 13.3R6, 14.1 before 14.1R5, 14.1X50 before 14.1X50-D105, 14.1X51 before 14.1X51-D70, 14.1X53 before 14.1X53-D25, 14.1X55 before 14.1X55-D20, 14.2 before 14.2R1, 15.1 before 15.1F2 or 15.1R1, and 15.1X49 before 15.1X49-D10 does not require a password for the root user when pam.conf is "corrupted," which allows local users to gain root privileges by modifying the file. Juniper Junos OS is a set of network operating system of Juniper Networks (Juniper Networks) dedicated to the company's hardware systems. The operating system provides a secure programming interface and Junos SDK. The following versions are affected: Juniper Networks Junos OS prior to 12.1X44-D50, 12.1X46 prior to 12.1X46-D35, 12.1X47 prior to 12.1X47-D25, 12.3 prior to 12.3R9, 12.3X48 prior to 12.3X48-D15, 13.2 Version 13.2 before R7, Version 13.2X51 before 13.2X51-D35, Version 13.3 before 13.3R6, Version 14.1 before 14.1R5, Version 14.1X50 before 14.1X50-D105, Version 14.1X51 before 14.1X51-D70, Version 14.1 before 14.1X53-D25 X53 version, 14.1X55 version before 14.1X55-D20, 14.2 version before 14.2R1, 15.1 version before 15.1F2, 15.1X49 version before 15.1X49-D10

The PFE daemon in Juniper vSRX virtual firewalls with Junos OS before 15.1X49-D20 allows remote attackers to cause a denial of service via an unspecified connection request to the "host-OS.". Juniper Networks vSRX virtual is a firewall simulator product of Juniper Networks (Juniper Networks)

Juniper chassis with Trio (Trinity) chipset line cards and Junos OS 13.3 before 13.3R8, 14.1 before 14.1R6, 14.2 before 14.2R5, and 15.1 before 15.1R2 allow remote attackers to cause a denial of service (MPC line card crash) via a crafted uBFD packet. Juniper Junos is prone to a denial-of-service vulnerability. Attackers can exploit this issue to cause denial-of-service conditions. Note: The issue does not affect Junos OS 13.2 and prior. The former is a chipset product. The latter is a network operating system dedicated to the company's hardware systems. A security vulnerability exists in Juniper Networks Trio Chipset (Trinity). The following products are affected: MX-Series, EX 9200, TXP and T-4000 Trio Chipset (Trinity) using the T-4000 Trio Chipset (Trinity)

Communication network for mobile terminals Long Term Evolution (LTE) Has spread around the world in recent years. these LTE All communication networks IP It uses a packet-switched system instead of the circuit-switched system as before. This change in method allows for attacks that were not possible in the past. LTE At present, some networks and mobile application implementations have multiple issues that can lead to privacy violations, unauthorized charges, and spoofing. Current LTE The communication network uses packet switching instead of the previous generation circuit switching. Packet switching and IP Protocols, especially Session Initiation Protocol (SIP) The use of allows new types of attack techniques that were not possible with previous generations. These attack techniques are well known in the security world. For example, Voice over IP (VoIP) See past attacks against. Several LTE As a result of security researchers investigating communication networks, the following vulnerabilities were discovered. LTE Communication network implementations vary from carrier to carrier, and all of these vulnerabilities are LTE Note that it does not exist on the network. Improper access rights to sensitive information (CW-732) Android OS The permission model of LTE It does not match the usage of the communication network. CALL_PHONE Even without permissions, INTERNET If you only have permissions, SIP/IP You can make a call by sending a packet, and you will not be notified. Such calls are made continuously, resulting in excessive billing and denial of service. (DoS) Could lead to CWE-732: Incorrect Permission Assignment for Critical Resource http://cwe.mitre.org/data/definitions/732.html Apple Is iOS Reports that it is not affected by this issue. Improper access control (CWE-284) In some networks, 2 Between two mobile phones ( peer to peer ) Establish a session directly with SIP Communication outside the control of the server is possible. These communications are not charged by the provider. Such communications could be used for spoofing phone numbers or for video calls over free data. CWE-284: Improper Access Control http://cwe.mitre.org/data/definitions/284.html Insufficient certification (CWE-287) In some networks, SIP The message is not properly authenticated. This can lead to spoofing of phone numbers. CWE-287: Improper Authentication http://cwe.mitre.org/data/definitions/287.html Session fixation (CWE-384) In some networks, 1 Voice communication per user 1 Not limited to sessions SIP It is possible to establish a session. As a result, service operation interruption to the communication network (DoS) Attack is possible. It can also be used by attackers to establish peer-to-peer communication. CWE-384: Session Fixation http://cwe.mitre.org/data/definitions/384.html Each provider's communication network LTE The implementation of may be affected by one or more of these issues. For more information, ACM CCS 2015 Announced at Kim Papers by the authors "Breaking and Fixing VoLTE: Exploiting Hidden Data Channels and Mis-Implementations" Please refer to. ACM CCS 2015 http://www.sigsac.org/ccs/CCS2015/pro_paper.html Breaking and Fixing VoLTE: Exploiting Hidden Data Channels and Mis-Implementations http://dl.acm.org/citation.cfm?id=2813718An attacker using the network could establish peer-to-peer communication to obtain data from other terminals or spoof a telephone number. Also, malicious Android Applications may make calls without the terminal user's knowledge. Authentication bypass vulnerability 2. Security bypass vulnerability 3. Session fixation vulnerability. Attackers can use these vulnerabilities to gain unauthorized access, bypass authentication mechanisms, inject arbitrary sessions, or gain access to sensitive information. Multiple security-bypass vulnerabilities 3

The Web Management GUI on Cisco Wireless LAN Controller (WLC) devices with software 7.4(140.0) and 8.0(120.0) allows remote attackers to cause a denial of service (client disconnection) via unspecified vectors, aka Bug ID CSCuw10610. Vendors have confirmed this vulnerability Bug ID CSCuw10610 It is released as.Service disruption by a third party ( Disconnecting clients ) There is a possibility of being put into a state. Attackers can exploit this issue to cause a denial-of-service condition. This issue is being tracked by Cisco Bug ID CSCuw10610. This product provides functions such as security policy and intrusion detection in wireless LAN. A remote attacker could exploit this vulnerability to cause a denial of service (client disconnection)

J-Web in Juniper vSRX virtual firewalls with Junos OS before 15.1X49-D20 allows remote attackers to cause a denial of service (system reboot) via unspecified vectors. Juniper Junos is prone to a remote denial-of-service vulnerability. A remote attacker may exploit this issue to reboot the vSRX instance, denying service to legitimate users. Juniper Networks vSRX virtual is a firewall simulator product of Juniper Networks (Juniper Networks). J-Web is one of the network management tools

Juniper Junos OS before 11.4R12-S4, 12.1X44 before 12.1X44-D41, 12.1X46 before 12.1X46-D26, 12.1X47 before 12.1X47-D11/D15, 12.2 before 12.2R9, 12.2X50 before 12.2X50-D70, 12.3 before 12.3R8, 12.3X48 before 12.3X48-D10, 12.3X50 before 12.3X50-D42, 13.1 before 13.1R4-S3, 13.1X49 before 13.1X49-D42, 13.1X50 before 13.1X50-D30, 13.2 before 13.2R6, 13.2X51 before 13.2X51-D26, 13.2X52 before 13.2X52-D15, 13.3 before 13.3R3-S3, 14.1 before 14.1R3, 14.2 before 14.2R1, 15.1 before 15.1R1, and 15.1X49 before 15.1X49-D10, when configured for IPv6, allow remote attackers to cause a denial of service (mbuf chain corruption and kernel panic) via crafted IPv6 packets. Juniper Junos OS is prone to a denial-of-service vulnerability. An attacker may exploit this issue to cause kernel panic, resulting in a a denial-of-service condition. Juniper Junos OS is a set of network operating system of Juniper Networks (Juniper Networks) dedicated to the company's hardware systems. The operating system provides a secure programming interface and Junos SDK. The following versions are affected: Juniper Networks Junos OS prior to 11.4R12-S4, 12.1X44 prior to 12.1X44-D41, 12.1X46 prior to 12.1X46-D26, 12.1X47 prior to 12.1X47-D11/D15, 12.2 prior to 12.2R9 , 12.2X50 version before 12.2X50-D70, 12.3 version before 12.3R8, 12.3X48 version before 12.3X48-D10, 12.3X50 version before 12.3X50-D42, 13.1 version before 13.1R4-S3, 13.1X49 version before 13.1X49-D42 , 13.1X50 version before 13.1X50-D30, 13.2 version before 13.2R6, 13.2X51 version before 13.2X51-D26, 13.2X52 version before 13.2X52-D15, 13.3 version before 13.3R3-S3, 14.1 version before 14.1R3, 14.2R1 Version 14.2 before, version 15.1 before 15.1R1, version 15.1X49 before 15.1X49-D10

Juniper Junos OS before 12.1X44-D50, 12.1X46 before 12.1X46-D35, 12.1X47 before 12.1X47-D25, 12.3 before 12.3R10, 12.3X48 before 12.3X48-D15, 13.2 before 13.2R8, 13.3 before 13.3R7, 14.1 before 14.1R5, and 14.2 before 14.2R1 do not properly handle TCP packet reassembly, which allows remote attackers to cause a denial of service (buffer consumption) via a crafted sequence of packets "destined to the device.". Juniper Junos is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause a high buffers consumption, resulting in a denial-of-service condition. Juniper Junos OS is a set of network operating system of Juniper Networks (Juniper Networks) dedicated to the company's hardware systems. The operating system provides a secure programming interface and Junos SDK. The following versions are affected: Juniper Networks Junos OS prior to 12.1X44-D50, 12.1X46 prior to 12.1X46-D35, 12.1X47 prior to 12.1X47-D25, 12.3 prior to 12.3R10, 12.3X48 prior to 12.3X48-D15, 13.2 Version 13.2 before R8, version 13.3 before 13.3R7, version 14.1 before 14.1R5, version 14.2 before 14.2R1

Adobe Flash Player before 18.0.0.255 and 19.x before 19.0.0.226 on Windows and OS X and before 11.2.202.540 on Linux allows attackers to execute arbitrary code by leveraging an unspecified "type confusion," a different vulnerability than CVE-2015-7647. This vulnerability CVE-2015-7647 Is a different vulnerability. Supplementary information : CWE Vulnerability type by CWE-843:Access of Resource Using Incompatible Type ( Mixing of molds ) Has been identified. http://cwe.mitre.org/data/definitions/843.htmlUnspecified by attacker " Mixing of molds (type confusion)" May be used to execute arbitrary code. Failed exploit attempts will likely cause a denial-of-service condition. The product enables viewing of applications, content and video across screens and browsers. Background ========== The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Please review the CVE identifiers referenced below for details. Impact ====== A remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, obtain sensitive information, or bypass security restrictions. Workaround ========== There is no known workaround at this time. Resolution ========== All Adobe Flash Player users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=www-plugins/adobe-flash-11.2.202.548" References ========== [ 1 ] CVE-2015-5569 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5569 [ 2 ] CVE-2015-7625 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7625 [ 3 ] CVE-2015-7626 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7626 [ 4 ] CVE-2015-7627 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7627 [ 5 ] CVE-2015-7628 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7628 [ 6 ] CVE-2015-7629 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7629 [ 7 ] CVE-2015-7630 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7630 [ 8 ] CVE-2015-7631 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7631 [ 9 ] CVE-2015-7632 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7632 [ 10 ] CVE-2015-7633 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7633 [ 11 ] CVE-2015-7634 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7634 [ 12 ] CVE-2015-7643 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7643 [ 13 ] CVE-2015-7644 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7644 [ 14 ] CVE-2015-7645 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7645 [ 15 ] CVE-2015-7646 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7646 [ 16 ] CVE-2015-7647 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7647 [ 17 ] CVE-2015-7648 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7648 [ 18 ] CVE-2015-7651 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7651 [ 19 ] CVE-2015-7652 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7652 [ 20 ] CVE-2015-7653 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7653 [ 21 ] CVE-2015-7654 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7654 [ 22 ] CVE-2015-7655 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7655 [ 23 ] CVE-2015-7656 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7656 [ 24 ] CVE-2015-7657 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7657 [ 25 ] CVE-2015-7658 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7658 [ 26 ] CVE-2015-7659 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7659 [ 27 ] CVE-2015-7660 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7660 [ 28 ] CVE-2015-7661 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7661 [ 29 ] CVE-2015-7662 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7662 [ 30 ] CVE-2015-7663 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7663 [ 31 ] CVE-2015-8042 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8042 [ 32 ] CVE-2015-8043 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8043 [ 33 ] CVE-2015-8044 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8044 [ 34 ] CVE-2015-8046 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8046 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201511-02 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2015 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: flash-plugin security update Advisory ID: RHSA-2015:1913-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1913.html Issue date: 2015-10-16 CVE Names: CVE-2015-7645 CVE-2015-7647 CVE-2015-7648 ===================================================================== 1. Summary: An updated Adobe Flash Player package that fixes three security issues is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. These vulnerabilities, detailed in the Adobe Security Bulletin APSB15-27 listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1271966 - CVE-2015-7645 CVE-2015-7647 CVE-2015-7648 flash-plugin: multiple code execution issue fixed in APSB15-27 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: flash-plugin-11.2.202.540-1.el6_7.i686.rpm x86_64: flash-plugin-11.2.202.540-1.el6_7.i686.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: flash-plugin-11.2.202.540-1.el6_7.i686.rpm x86_64: flash-plugin-11.2.202.540-1.el6_7.i686.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: flash-plugin-11.2.202.540-1.el6_7.i686.rpm x86_64: flash-plugin-11.2.202.540-1.el6_7.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-7645 https://access.redhat.com/security/cve/CVE-2015-7647 https://access.redhat.com/security/cve/CVE-2015-7648 https://access.redhat.com/security/updates/classification/#critical https://helpx.adobe.com/security/products/flash-player/apsb15-27.html 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFWIW/NXlSAg2UNWIIRApqoAJoDDP+CRbgmKdj4oKw5jnkbbFEuiQCfQZ34 X58Rs0/PxDIcNbEglTImjS8= =0kyk -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

Adobe Flash Player before 18.0.0.255 and 19.x before 19.0.0.226 on Windows and OS X and before 11.2.202.540 on Linux allows attackers to execute arbitrary code by leveraging an unspecified "type confusion," a different vulnerability than CVE-2015-7648. This vulnerability CVE-2015-7648 Is a different vulnerability. Supplementary information : CWE Vulnerability type by CWE-843:Access of Resource Using Incompatible Type ( Mixing of molds ) Has been identified. http://cwe.mitre.org/data/definitions/843.htmlUnspecified by attacker " Mixing of molds (type confusion)" May be used to execute arbitrary code. Failed exploit attempts will likely cause a denial-of-service condition. The product enables viewing of applications, content and video across screens and browsers. Background ========== The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Please review the CVE identifiers referenced below for details. Impact ====== A remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, obtain sensitive information, or bypass security restrictions. Workaround ========== There is no known workaround at this time. Resolution ========== All Adobe Flash Player users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=www-plugins/adobe-flash-11.2.202.548" References ========== [ 1 ] CVE-2015-5569 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5569 [ 2 ] CVE-2015-7625 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7625 [ 3 ] CVE-2015-7626 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7626 [ 4 ] CVE-2015-7627 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7627 [ 5 ] CVE-2015-7628 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7628 [ 6 ] CVE-2015-7629 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7629 [ 7 ] CVE-2015-7630 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7630 [ 8 ] CVE-2015-7631 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7631 [ 9 ] CVE-2015-7632 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7632 [ 10 ] CVE-2015-7633 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7633 [ 11 ] CVE-2015-7634 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7634 [ 12 ] CVE-2015-7643 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7643 [ 13 ] CVE-2015-7644 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7644 [ 14 ] CVE-2015-7645 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7645 [ 15 ] CVE-2015-7646 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7646 [ 16 ] CVE-2015-7647 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7647 [ 17 ] CVE-2015-7648 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7648 [ 18 ] CVE-2015-7651 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7651 [ 19 ] CVE-2015-7652 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7652 [ 20 ] CVE-2015-7653 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7653 [ 21 ] CVE-2015-7654 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7654 [ 22 ] CVE-2015-7655 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7655 [ 23 ] CVE-2015-7656 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7656 [ 24 ] CVE-2015-7657 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7657 [ 25 ] CVE-2015-7658 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7658 [ 26 ] CVE-2015-7659 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7659 [ 27 ] CVE-2015-7660 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7660 [ 28 ] CVE-2015-7661 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7661 [ 29 ] CVE-2015-7662 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7662 [ 30 ] CVE-2015-7663 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7663 [ 31 ] CVE-2015-8042 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8042 [ 32 ] CVE-2015-8043 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8043 [ 33 ] CVE-2015-8044 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8044 [ 34 ] CVE-2015-8046 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8046 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201511-02 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2015 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: flash-plugin security update Advisory ID: RHSA-2015:1913-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1913.html Issue date: 2015-10-16 CVE Names: CVE-2015-7645 CVE-2015-7647 CVE-2015-7648 ===================================================================== 1. Summary: An updated Adobe Flash Player package that fixes three security issues is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. These vulnerabilities, detailed in the Adobe Security Bulletin APSB15-27 listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1271966 - CVE-2015-7645 CVE-2015-7647 CVE-2015-7648 flash-plugin: multiple code execution issue fixed in APSB15-27 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: flash-plugin-11.2.202.540-1.el6_7.i686.rpm x86_64: flash-plugin-11.2.202.540-1.el6_7.i686.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: flash-plugin-11.2.202.540-1.el6_7.i686.rpm x86_64: flash-plugin-11.2.202.540-1.el6_7.i686.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: flash-plugin-11.2.202.540-1.el6_7.i686.rpm x86_64: flash-plugin-11.2.202.540-1.el6_7.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-7645 https://access.redhat.com/security/cve/CVE-2015-7647 https://access.redhat.com/security/cve/CVE-2015-7648 https://access.redhat.com/security/updates/classification/#critical https://helpx.adobe.com/security/products/flash-player/apsb15-27.html 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFWIW/NXlSAg2UNWIIRApqoAJoDDP+CRbgmKdj4oKw5jnkbbFEuiQCfQZ34 X58Rs0/PxDIcNbEglTImjS8= =0kyk -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

The Apple iWork application before 2.6 for iOS, Apple Keynote before 6.6, Apple Pages before 5.6, and Apple Numbers before 3.6 allow remote attackers to obtain sensitive information via a crafted document. plural Apple The product contains a vulnerability that could capture important information.It is possible for a third party to obtain important information through crafted documents. Multiple Apple Products are prone to an information-disclosure vulnerability. Successful exploits will allow attackers to obtain sensitive information that may aid in further attacks. This issue is fixed in: Keynote 6.6 Pages 5.6 Numbers 3.6 iWork for iOS 2.6. in the United States. These issues were addressed through improved input validation. CVE-ID CVE-2015-3784 : Bruno Morisson of INTEGRITY S.A. CVE-2015-7032 : Behrouz Sadeghipour (@Nahamsec) and Patrik Fehrenbach (@ITSecurityguard) Keynote, Pages, and Numbers Available for: OS X Yosemite v10.10.4 or later, iOS 8.4 or later Impact: Opening a maliciously crafted document may lead to unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in parsing a maliciously crafted document. This issue was addressed through improved memory handling. CVE-ID CVE-2015-7033 : Felix Groebert of the Google Security Team Pages Available for: OS X Yosemite v10.10.4 or later, iOS 8.4 or later Impact: Opening a maliciously crafted Pages document may lead to unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in parsing a maliciously crafted Pages document. This issue was addressed through improved memory handling. Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJWIChpAAoJEBcWfLTuOo7tm6wP/A7VLym8s1mxvtZtkL6rlP9G LDuDKD6Q+ukd4EU41unLvgJC3DrC5XmJKBySrReX7hLBbHMElCFOa971+GVZl4aE 9gbX3zJvNf9uIzP3VSpmYw1tIdZVXr275ypdG+Nlc1YBCpcdMD6ohD9dJD1zdG8l ieuEvRFFUFGdgtIk5PO6YKHstYFkcQbbmt/uy61y3CglIDWyPOeJ7m6DWlCPYB3I PtY82ust1XPpJT0WSH3sfLyhluoq89VFPmiZhwDnOUopWuLmNoLntoQFnbCnRNwd 5nGzjukKGe8eQQ5guZP8wo+t57Rz37povvDWOXxvuk2mjjr0+ejQpRk+c7/4aIkX Uyz4nW4DGCEjXDA8/yT5HXWHb7m28WehV5fnUiNVkl0PltwLY5nlSk29sD2BMiT6 DY3KUXT6ppZxqVMm3HEzM3VQKD5kfiFJkzXx1QtOzx4mAyTUKqN98Ni7ijf/O7CI xjyNOCBNcMRtqA0ySUncvMiCeRo1b7Y2hthqY6GtmRjKbq2D8ooZyiEHGv6E10g1 Hn46jPJWPKcOMudszPUc2/AIaj94+Xb7Esq3wUSkz5e7c068oxUFBZLjVDeH8P8i /3AUN6OXLVoGCkQvdv0kvsmQDsTJqq3iUkBSDSzE5RD8GDYh+cyi+54ZFV7BKhCi ikrC4CqPxEcf3lk6bXKi =Zci4 -----END PGP SIGNATURE-----

PNPSCADA 2.200816204020 allows cross-site scripting (XSS), which can execute arbitrary JavaScript in the victim's browser. PNPSCADA Contains a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. SDG Technologies Plug and Play SCADA fails to adequately filter user-submitted input, allowing remote attackers to exploit vulnerabilities to inject malicious scripts or HTML code to capture sensitive information or hijack user sessions when malicious data is viewed. SDG Technologies Plug and Play SCADA is a set of Web-based SCADA (Data Acquisition and Monitoring Control) and HMI software used by SDG Technologies of South Africa in the energy industry. A cross-site scripting vulnerability exists in the SDG Technologies Plug and Play SCADA, which is caused by the program's insufficient filtering of user-submitted input. When a user browses an affected website, their browser executes arbitrary script code provided by the attacker. This could lead to attackers stealing cookie-based authentication and launching other attacks

Runtime Toolkit before 2.4.7.48 in 3S-Smart CODESYS before 2.3.9.48 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted request. Supplementary information : CWE Vulnerability type by CWE-476: NULL Pointer Dereference (NULL Pointer dereference ) Has been identified. The CODESYS Runtime Toolkit is an embedded third-party software for a variety of industries. CODESYS Runtime Toolkit is prone to a remote denial-of-service vulnerability. 3S-Smart Software Solutions CoDeSys is a set of PLC (Programmable Logic Controller) software programming tools from 3S-Smart Software Solutions in Germany

The Apple iWork application before 2.6 for iOS and Apple Pages before 5.6 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Pages document. Apple Pages is prone to a remote memory-corruption vulnerability. Failed exploit attempts may result in a denial-of-service condition. Both Apple iWork for iOS and Apple Pages are products of Apple. The former is a set of office software developed for the iOS operating system. The latter is a suite of word processing and page layout applications (APP). -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2015-10-15-1 Keynote 6.6, Pages 5.6, Numbers 3.6, and iWork for iOS 2.6 Keynote 6.6, Pages 5.6, Numbers 3.6, and iWork for iOS 2.6 are now available which address the following: Keynote, Pages, and Numbers Available for: OS X Yosemite v10.10.4 or later, iOS 8.4 or later Impact: Opening a maliciously crafted document may lead to compromise of user information Description: Multiple input validation issues existed in parsing a maliciously crafted document. These issues were addressed through improved input validation. CVE-ID CVE-2015-3784 : Bruno Morisson of INTEGRITY S.A. This issue was addressed through improved memory handling. This issue was addressed through improved memory handling. CVE-ID CVE-2015-7034 : Felix Groebert of the Google Security Team Keynote 6.6, Pages 5.6, Numbers 3.6, and iWork for iOS 2.6 may be obtained from the App Store. Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJWIChpAAoJEBcWfLTuOo7tm6wP/A7VLym8s1mxvtZtkL6rlP9G LDuDKD6Q+ukd4EU41unLvgJC3DrC5XmJKBySrReX7hLBbHMElCFOa971+GVZl4aE 9gbX3zJvNf9uIzP3VSpmYw1tIdZVXr275ypdG+Nlc1YBCpcdMD6ohD9dJD1zdG8l ieuEvRFFUFGdgtIk5PO6YKHstYFkcQbbmt/uy61y3CglIDWyPOeJ7m6DWlCPYB3I PtY82ust1XPpJT0WSH3sfLyhluoq89VFPmiZhwDnOUopWuLmNoLntoQFnbCnRNwd 5nGzjukKGe8eQQ5guZP8wo+t57Rz37povvDWOXxvuk2mjjr0+ejQpRk+c7/4aIkX Uyz4nW4DGCEjXDA8/yT5HXWHb7m28WehV5fnUiNVkl0PltwLY5nlSk29sD2BMiT6 DY3KUXT6ppZxqVMm3HEzM3VQKD5kfiFJkzXx1QtOzx4mAyTUKqN98Ni7ijf/O7CI xjyNOCBNcMRtqA0ySUncvMiCeRo1b7Y2hthqY6GtmRjKbq2D8ooZyiEHGv6E10g1 Hn46jPJWPKcOMudszPUc2/AIaj94+Xb7Esq3wUSkz5e7c068oxUFBZLjVDeH8P8i /3AUN6OXLVoGCkQvdv0kvsmQDsTJqq3iUkBSDSzE5RD8GDYh+cyi+54ZFV7BKhCi ikrC4CqPxEcf3lk6bXKi =Zci4 -----END PGP SIGNATURE-----

The Apple iWork application before 2.6 for iOS, Apple Keynote before 6.6, Apple Pages before 5.6, and Apple Numbers before 3.6 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted document. Multiple Apple Products are prone to a remote memory-corruption vulnerability. A remote attacker can leverage this issue to execute arbitrary code in the context of the user running the application. Failed exploit attempts may result in a denial-of-service condition. in the United States. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2015-10-15-1 Keynote 6.6, Pages 5.6, Numbers 3.6, and iWork for iOS 2.6 Keynote 6.6, Pages 5.6, Numbers 3.6, and iWork for iOS 2.6 are now available which address the following: Keynote, Pages, and Numbers Available for: OS X Yosemite v10.10.4 or later, iOS 8.4 or later Impact: Opening a maliciously crafted document may lead to compromise of user information Description: Multiple input validation issues existed in parsing a maliciously crafted document. These issues were addressed through improved input validation. CVE-ID CVE-2015-3784 : Bruno Morisson of INTEGRITY S.A. This issue was addressed through improved memory handling. This issue was addressed through improved memory handling. CVE-ID CVE-2015-7034 : Felix Groebert of the Google Security Team Keynote 6.6, Pages 5.6, Numbers 3.6, and iWork for iOS 2.6 may be obtained from the App Store. Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJWIChpAAoJEBcWfLTuOo7tm6wP/A7VLym8s1mxvtZtkL6rlP9G LDuDKD6Q+ukd4EU41unLvgJC3DrC5XmJKBySrReX7hLBbHMElCFOa971+GVZl4aE 9gbX3zJvNf9uIzP3VSpmYw1tIdZVXr275ypdG+Nlc1YBCpcdMD6ohD9dJD1zdG8l ieuEvRFFUFGdgtIk5PO6YKHstYFkcQbbmt/uy61y3CglIDWyPOeJ7m6DWlCPYB3I PtY82ust1XPpJT0WSH3sfLyhluoq89VFPmiZhwDnOUopWuLmNoLntoQFnbCnRNwd 5nGzjukKGe8eQQ5guZP8wo+t57Rz37povvDWOXxvuk2mjjr0+ejQpRk+c7/4aIkX Uyz4nW4DGCEjXDA8/yT5HXWHb7m28WehV5fnUiNVkl0PltwLY5nlSk29sD2BMiT6 DY3KUXT6ppZxqVMm3HEzM3VQKD5kfiFJkzXx1QtOzx4mAyTUKqN98Ni7ijf/O7CI xjyNOCBNcMRtqA0ySUncvMiCeRo1b7Y2hthqY6GtmRjKbq2D8ooZyiEHGv6E10g1 Hn46jPJWPKcOMudszPUc2/AIaj94+Xb7Esq3wUSkz5e7c068oxUFBZLjVDeH8P8i /3AUN6OXLVoGCkQvdv0kvsmQDsTJqq3iUkBSDSzE5RD8GDYh+cyi+54ZFV7BKhCi ikrC4CqPxEcf3lk6bXKi =Zci4 -----END PGP SIGNATURE-----

Multiple cross-site scripting (XSS) vulnerabilities in the Wind Farm Portal application in Nordex Control 2 (NC2) SCADA 16 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Nordex Control 2 is a web-based SCADA system for wind power plants. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. Nordex Control 2 (NC2) SCADA 16 and prior versions are vulnerable