VARIoT IoT vulnerabilities database

Zhejiang Dahua Technology Co., Ltd. is a leading supplier of surveillance products and solution services, providing leading series of video storage, front-end, display control, and intelligent transportation products to the world. The Dahua IPC-HF2100 camera has an authentication vulnerability based on man-in-the-middle attacks. By intercepting the data packet sent to the camera when a legitimate user changes the password, a quasi password equivalent to the original password can be obtained, thereby deceiving the identity authentication system to achieve successful login. Allows attackers to exploit this vulnerability for man-in-the-middle attacks.

Cisco WebEx Meeting Center does not properly determine authorization for reading a host calendar, which allows remote attackers to obtain sensitive information by obtaining a list of all meetings and then sending a calendar request for each one, aka Bug ID CSCur23913. Cisco WebEx Meeting Center is prone to an authorization-bypass vulnerability. Attackers can exploit this issue to gain unauthorized access and obtain sensitive information such as calendar files. This may aid in further attacks. This issue is being tracked by Cisco Bug ID CSCur23913. The product invites others to join the meeting via email or instant messaging (IM), enabling online product demonstrations, information sharing, and more

Untrusted search path vulnerability in Schneider Electric Wonderware System Platform before 2014 R2 Patch 01 allows local users to gain privileges via a Trojan horse DLL in an unspecified directory. Wonderware System Platform is a system platform applied in multiple fields. A fixed search path vulnerability exists in Schneider Electric's Wonderware InTouch, Application Server, Historian, and SuiteLink applications. Allows attackers to exploit this vulnerability to install and execute malicious code. Schneider Electric Wonderware System Platform is prone to a local arbitrary-code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code within the context of the affected application or cause the application to crash, resulting in a denial-of-service condition. Wonderware System Platform 2014 R2 and prior are vulnerable. The platform provides visual configuration and deployment, secure data connectivity and communication, data storage and management, and more

Cisco NX-OS 5.2(5) on Nexus 7000 devices allows remote attackers to cause a denial of service (device crash) by sending a malformed LLDP packet on the local network, aka Bug ID CSCud89415. Cisco NX-OS software is a data center-level operating system that reflects modular design, resiliency, and maintainability. A security vulnerability exists in the processing of LLDP packets by the Cisco NX-OS. The remote user on the local network can send the customized LLDP packets to the LLDP-enabled target interface. This can cause the target device to crash. Cisco NX-OS Software for Nexus 7000 Series is prone to a remote denial-of-service vulnerability. An attacker can leverage this issue to cause an affected device to crash; denying service to legitimate users. This issue is being tracked by Cisco Bug ID CSCud89415

Cross-site scripting (XSS) vulnerability in the web framework on Cisco Web Security Appliance (WSA) devices with software 8.5.0-497 allows remote attackers to inject arbitrary web script or HTML via an unspecified HTTP header, aka Bug ID CSCuu24409. A successful attack may allow attackers to insert a crafted HTTP header into an HTTP response that could cause a web page redirection to a possible malicious website; this may aid in launching further attacks. This issue is tracked by Cisco BugId CSCuu24409. The appliance provides SaaS-based access control, real-time network reporting and tracking, and security policy formulation

Cisco IOS 12.2SCH on uBR10000 router Cable Modem Termination Systems (CMTS) does not properly restrict access to the IP Detail Record (IPDR) service, which allows remote attackers to obtain potentially sensitive MAC address and network-utilization information via crafted IPDR packets, aka Bug ID CSCua39203. Vendors have confirmed this vulnerability Bug ID CSCua39203 It is released as.Skillfully crafted by a third party IPDR Important through the packet MAC Information about address and network usage may be obtained. The Cisco uBR 10000 Series is a router device from Cisco. Cisco uBR10000 Series Universal Broadband Routers are prone to information disclosure vulnerability. A remote attacker may exploit this issue to gain potentially sensitive information. This may aid in further attacks. This issue is tracked by Cisco Bug ID CSCua39203. Cisco IOS on uBR10000 router Cable Modem Termination Systems (CMTS) is a set of operating system running on uBR10000 CMTS (Cable Modem Termination System) router of Cisco (Cisco)

The Gateway General Packet Radio Service Support Node (GGSN) component on Cisco ASR 5000 devices with software 17.2.0.59184 and 18.0.L0.59219 allows remote attackers to cause a denial of service (Session Manager restart) via an invalid TCP/IP header, aka Bug ID CSCut68058. Vendors have confirmed this vulnerability Bug ID CSCut68058 It is released as.Invalid by a third party TCP/IP Service disruption via header (Session Manager Restart ) There is a possibility of being put into a state. The Cisco ASR 5000 Series is a carrier-grade platform for deploying high-demand 3G networks and migrating to Long Term Evolution (LTE). Cisco ASR 5000 Series Software is prone to a denial-of-service vulnerability. Successful exploitation of the issue will cause the device to reload, denying service to legitimate users. This issue is being tracked by Cisco Bug ID CSCut68058

Multiple cross-site scripting (XSS) vulnerabilities in the web interface in Airties RT-210 allow remote attackers to inject arbitrary web script or HTML via the (1) ddns_domainame or (2) ddns_account parameter to ddns.stm. Airties RT-210 is a Turkish router product. User session. Airties RT-210 is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. The vulnerability stems from the fact that the ddns.stm file does not adequately filter the 'ddns_domainname' and 'ddns_account' parameters

Stack-based buffer overflow in AirTies Air 6372, 5760, 5750, 5650TT, 5453, 5444TT, 5443, 5442, 5343, 5342, 5341, and 5021 DSL modems with firmware 1.0.2.0 and earlier allows remote attackers to execute arbitrary code via a long string in the redirect parameter to cgi-bin/login. Airties Air 6372 and others are wireless modem products from Airties of Turkey. AirTiesAir 6372, 5760, 5750, 5650TT, 5453, 5444TT, 5443, 5442, 5343, 5342, 5341, 5021 DSL modems using firmware version 1.0.2.0 and earlier were affected by this vulnerability. Multiple AirTies Air products are prone to a stack-based buffer-overflow vulnerability because it fails to adequately bounds-check user-supplied data before copying it to an insufficiently sized memory buffer. A remote attacker may exploit this issue to execute arbitrary code in the context of the affected device. Failed attempts will likely cause a denial-of-service condition

Wind River VxWorks before 5.5.1, 6.5.x through 6.7.x before 6.7.1.1, 6.8.x before 6.8.3, 6.9.x before 6.9.4.4, and 7.x before 7 ipnet_coreip 1.2.2.0, as used on Schneider Electric SAGE RTU devices before J2 and other devices, does not properly generate TCP initial sequence number (ISN) values, which makes it easier for remote attackers to spoof TCP sessions by predicting an ISN value. VxWorks is a real-time operating system widely used on ICS-related devices. Schneider Electric SAGE RTU is a series of industrial data communication equipment of French Schneider Electric (Schneider Electric). Wind River VxWorks is a set of embedded real-time operating systems (RTOS) developed by Wind River in the United States. A security vulnerability exists in Wind River VxWorks used in previous versions of Schneider Electric SAGE RTU equipment J2. The following versions are affected: Wind River VxWorks before 5.5.1, 6.5.x, 6.6.x, 6.7.x before 6.7.1.1, 6.8.x before 6.8.3, and 6.9 before 6.9.4.4. x version, 7.x version before 7 ipnet_coreip 1.2.2.0. An attacker can exploit this issue to gain access to sensitive information, to cause a denial-of-service condition and perform certain unauthorized actions; this may lead to further attacks

The web-based administrative interface in Cisco WebEx Meeting Center provides different error messages for failed login attempts depending on whether the username exists or corresponds to a privileged account, which allows remote attackers to enumerate account names and obtain sensitive information via a series of requests, aka Bug ID CSCuf28861. Vendors have confirmed this vulnerability Bug ID CSCuf28861 It is released as.A third party may enumerate account names and retrieve important information through a series of requests. Cisco WebEx Meeting Center is prone to a user-enumeration vulnerability. An attacker may leverage this issue to harvest valid administrator accounts, which may aid in brute-force attacks. This issue being tracked by Cisco Bug ID CSCuf28861. The product invites others to join the meeting via email or instant messaging (IM), enabling online product demonstrations, information sharing, and more. A security vulnerability exists in the web-based administration interface of Cisco WebEx Meeting Center due to a logic error in how the program handles invalid usernames

Cisco IOS XR 5.1.1.K9SEC allows remote authenticated users to cause a denial of service (vty error, and SSH and TELNET outage) via a crafted disconnect action within an SSH session, aka Bug ID CSCul63127. Cisco IOS XR is a member of the Cisco IOS Software family that uses a microkernel-based operating system architecture. An attacker may exploit this issue to cause a denial-of-service condition. This issue is being tracked by Cisco Bug ID CSCul63127

Cross-site scripting (XSS) vulnerability in the Alcatel-Lucent CellPipe 7130 router with firmware 1.0.0.20h.HOL allows remote attackers to inject arbitrary web script or HTML via the "Custom application" field in the "port triggering" menu. Alcatel-Lucent CellPipe 7130 Router is a router product from Alcatel-Lucent, France. A cross-site scripting vulnerability exists in the Alcatel-Lucent CellPipe 7130 router. An attacker could leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This could allow the attacker to steal cookie-based authentication credentials and launch other attacks. Alcatel-Lucent CellPipe 7130 Router running firmware 1.0.0.20h.HOL is vulnerable

Cisco IOS XR 5.2.1 allows remote attackers to cause a denial of service (ipv6_io service reload) via a malformed IPv6 packet, aka Bug ID CSCuq95565. Cisco IOS XR is a member of the Cisco IOS Software family that uses a microkernel-based operating system architecture. Attackers can exploit this issue to cause a denial-of-service condition. This issue is being tracked by Cisco Bug ID CSCuq95565

The pit_ioport_read in i8254.c in the Linux kernel before 2.6.33 and QEMU before 2.3.1 does not distinguish between read lengths and write lengths, which might allow guest OS users to execute arbitrary code on the host OS by triggering use of an invalid index. QEMU is prone to a memory-corruption vulnerability because it fails to perform adequate boundary-checks on user-supplied data. An attacker can exploit this issue to execute arbitrary code on the host with the privileges of the hosting QEMU process. Failed exploit attempts may result in a denial-of-service condition. The Linux kernel is the kernel used by the open source operating system Linux released by the American Linux Foundation. The NFSv4 implementation is one of the distributed file system protocols. QEMU (also known as Quick Emulator) is a set of analog processor software developed by French programmer Fabrice Bellard. The software has the characteristics of fast speed and cross-platform. There is a security vulnerability in the 'pit_ioport_read' function in the i8254.c file of Linux kernel 2.6.32 and earlier versions and QEMU 2.3.0 and earlier versions. The vulnerability is due to the fact that the program does not distinguish between read length and write length. Relevant releases/architectures: RHEV-H and VDSM for 7 Hosts - x86_64 3. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: qemu-kvm security and bug fix update Advisory ID: RHSA-2015:1507-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1507.html Issue date: 2015-07-27 CVE Names: CVE-2015-3214 CVE-2015-5154 ===================================================================== 1. Summary: Updated qemu-kvm packages that fix two security issues and one bug are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. A heap buffer overflow flaw was found in the way QEMU's IDE subsystem handled I/O buffer access while processing certain ATAPI commands. (CVE-2015-5154) An out-of-bounds memory access flaw, leading to memory corruption or possibly an information leak, was found in QEMU's pit_ioport_read() function. (CVE-2015-3214) Red Hat would like to thank Matt Tait of Google's Project Zero security team for reporting the CVE-2015-3214 issue. The CVE-2015-5154 issue was discovered by Kevin Wolf of Red Hat. This update also fixes the following bug: * Due to an incorrect implementation of portable memory barriers, the QEMU emulator in some cases terminated unexpectedly when a virtual disk was under heavy I/O load. This update fixes the implementation in order to achieve correct synchronization between QEMU's threads. As a result, the described crash no longer occurs. (BZ#1233643) All qemu-kvm users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1229640 - CVE-2015-3214 qemu/kvm: i8254: out-of-bounds memory access in pit_ioport_read function 1243563 - CVE-2015-5154 qemu: ide: atapi: heap overflow during I/O buffer memory access 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: qemu-kvm-1.5.3-86.el7_1.5.src.rpm x86_64: libcacard-1.5.3-86.el7_1.5.i686.rpm libcacard-1.5.3-86.el7_1.5.x86_64.rpm qemu-img-1.5.3-86.el7_1.5.x86_64.rpm qemu-kvm-1.5.3-86.el7_1.5.x86_64.rpm qemu-kvm-common-1.5.3-86.el7_1.5.x86_64.rpm qemu-kvm-debuginfo-1.5.3-86.el7_1.5.i686.rpm qemu-kvm-debuginfo-1.5.3-86.el7_1.5.x86_64.rpm qemu-kvm-tools-1.5.3-86.el7_1.5.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: libcacard-devel-1.5.3-86.el7_1.5.i686.rpm libcacard-devel-1.5.3-86.el7_1.5.x86_64.rpm libcacard-tools-1.5.3-86.el7_1.5.x86_64.rpm qemu-kvm-debuginfo-1.5.3-86.el7_1.5.i686.rpm qemu-kvm-debuginfo-1.5.3-86.el7_1.5.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): Source: qemu-kvm-1.5.3-86.el7_1.5.src.rpm x86_64: libcacard-1.5.3-86.el7_1.5.i686.rpm libcacard-1.5.3-86.el7_1.5.x86_64.rpm libcacard-devel-1.5.3-86.el7_1.5.i686.rpm libcacard-devel-1.5.3-86.el7_1.5.x86_64.rpm libcacard-tools-1.5.3-86.el7_1.5.x86_64.rpm qemu-img-1.5.3-86.el7_1.5.x86_64.rpm qemu-kvm-1.5.3-86.el7_1.5.x86_64.rpm qemu-kvm-common-1.5.3-86.el7_1.5.x86_64.rpm qemu-kvm-debuginfo-1.5.3-86.el7_1.5.i686.rpm qemu-kvm-debuginfo-1.5.3-86.el7_1.5.x86_64.rpm qemu-kvm-tools-1.5.3-86.el7_1.5.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: qemu-kvm-1.5.3-86.el7_1.5.src.rpm ppc64: qemu-img-1.5.3-86.el7_1.5.ppc64.rpm qemu-kvm-debuginfo-1.5.3-86.el7_1.5.ppc64.rpm x86_64: libcacard-1.5.3-86.el7_1.5.i686.rpm libcacard-1.5.3-86.el7_1.5.x86_64.rpm qemu-img-1.5.3-86.el7_1.5.x86_64.rpm qemu-kvm-1.5.3-86.el7_1.5.x86_64.rpm qemu-kvm-common-1.5.3-86.el7_1.5.x86_64.rpm qemu-kvm-debuginfo-1.5.3-86.el7_1.5.i686.rpm qemu-kvm-debuginfo-1.5.3-86.el7_1.5.x86_64.rpm qemu-kvm-tools-1.5.3-86.el7_1.5.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: libcacard-1.5.3-86.el7_1.5.ppc.rpm libcacard-1.5.3-86.el7_1.5.ppc64.rpm libcacard-devel-1.5.3-86.el7_1.5.ppc.rpm libcacard-devel-1.5.3-86.el7_1.5.ppc64.rpm libcacard-tools-1.5.3-86.el7_1.5.ppc64.rpm qemu-kvm-debuginfo-1.5.3-86.el7_1.5.ppc.rpm qemu-kvm-debuginfo-1.5.3-86.el7_1.5.ppc64.rpm x86_64: libcacard-devel-1.5.3-86.el7_1.5.i686.rpm libcacard-devel-1.5.3-86.el7_1.5.x86_64.rpm libcacard-tools-1.5.3-86.el7_1.5.x86_64.rpm qemu-kvm-debuginfo-1.5.3-86.el7_1.5.i686.rpm qemu-kvm-debuginfo-1.5.3-86.el7_1.5.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: qemu-kvm-1.5.3-86.el7_1.5.src.rpm x86_64: libcacard-1.5.3-86.el7_1.5.i686.rpm libcacard-1.5.3-86.el7_1.5.x86_64.rpm qemu-img-1.5.3-86.el7_1.5.x86_64.rpm qemu-kvm-1.5.3-86.el7_1.5.x86_64.rpm qemu-kvm-common-1.5.3-86.el7_1.5.x86_64.rpm qemu-kvm-debuginfo-1.5.3-86.el7_1.5.i686.rpm qemu-kvm-debuginfo-1.5.3-86.el7_1.5.x86_64.rpm qemu-kvm-tools-1.5.3-86.el7_1.5.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: libcacard-devel-1.5.3-86.el7_1.5.i686.rpm libcacard-devel-1.5.3-86.el7_1.5.x86_64.rpm libcacard-tools-1.5.3-86.el7_1.5.x86_64.rpm qemu-kvm-debuginfo-1.5.3-86.el7_1.5.i686.rpm qemu-kvm-debuginfo-1.5.3-86.el7_1.5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-3214 https://access.redhat.com/security/cve/CVE-2015-5154 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFVtjQAXlSAg2UNWIIRAubOAJ9jPmZf7ZF+FHd+a7JxYxxRPAGx0wCgv5dX hlTFJ96W8Yn4W+ZR2yhsbBU= =i68a -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . ============================================================================ Ubuntu Security Notice USN-2692-1 July 28, 2015 qemu vulnerabilities ============================================================================ A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 15.04 - Ubuntu 14.04 LTS Summary: Several security issues were fixed in QEMU. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. (CVE-2015-5154) Zhu Donghai discovered that QEMU incorrectly handled the SCSI driver. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. This issue only affected Ubuntu 15.04. (CVE-2015-5158) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 15.04: qemu-system 1:2.2+dfsg-5expubuntu9.3 qemu-system-aarch64 1:2.2+dfsg-5expubuntu9.3 qemu-system-arm 1:2.2+dfsg-5expubuntu9.3 qemu-system-mips 1:2.2+dfsg-5expubuntu9.3 qemu-system-misc 1:2.2+dfsg-5expubuntu9.3 qemu-system-ppc 1:2.2+dfsg-5expubuntu9.3 qemu-system-sparc 1:2.2+dfsg-5expubuntu9.3 qemu-system-x86 1:2.2+dfsg-5expubuntu9.3 Ubuntu 14.04 LTS: qemu-system 2.0.0+dfsg-2ubuntu1.15 qemu-system-aarch64 2.0.0+dfsg-2ubuntu1.15 qemu-system-arm 2.0.0+dfsg-2ubuntu1.15 qemu-system-mips 2.0.0+dfsg-2ubuntu1.15 qemu-system-misc 2.0.0+dfsg-2ubuntu1.15 qemu-system-ppc 2.0.0+dfsg-2ubuntu1.15 qemu-system-sparc 2.0.0+dfsg-2ubuntu1.15 qemu-system-x86 2.0.0+dfsg-2ubuntu1.15 After a standard system update you need to restart all QEMU virtual machines to make all the necessary changes. CVE-2015-5165 Donghai Zhu discovered that the QEMU model of the RTL8139 network card did not sufficiently validate inputs in the C+ mode offload emulation, allowing a malicious guest to read uninitialized memory from the QEMU process's heap. CVE-2015-5225 Mr Qinghao Tang from QIHU 360 Inc. For the oldstable distribution (wheezy), these problems have been fixed in version 1.1.2+dfsg-6a+deb7u9. The oldstable distribution is only affected by CVE-2015-5165 and CVE-2015-5745. For the stable distribution (jessie), these problems have been fixed in version 1:2.1+dfsg-12+deb8u2. For the unstable distribution (sid), these problems have been fixed in version 1:2.4+dfsg-1a. We recommend that you upgrade your qemu packages. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201510-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: QEMU: Arbitrary code execution Date: October 31, 2015 Bugs: #551752, #555680, #556050, #556052 ID: 201510-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== A heap-based buffer overflow in QEMU could result in execution of arbitrary code. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 app-emulation/qemu < 2.3.0-r4 >= 2.3.0-r4 Description =========== Heap-based buffer overflow has been found in QEMU's PCNET controller. Workaround ========== There is no known workaround at this time. Resolution ========== All QEMU users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-emulation/qemu-2.3.0-r4" References ========== [ 1 ] CVE-2015-3209 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3209 [ 2 ] CVE-2015-3214 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3214 [ 3 ] CVE-2015-5154 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5154 [ 4 ] CVE-2015-5158 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5158 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201510-02 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2015 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5

Adobe Photoshop CC before 16.0 (aka 2015.0.0) and Adobe Bridge CC before 6.11 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. An attacker can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely result in denial-of-service conditions. Adobe PS CC is a set of the latest image processing and drawing software. Adobe Bridge CC is the control center of Adobe Creative Suite (a product suite integrating graphic design, video editing, web design and other applications)

Directory traversal vulnerability in the SwiftKey language-pack update implementation on Samsung Galaxy S4, S4 Mini, S5, and S6 devices allows remote web servers to write to arbitrary files, and consequently execute arbitrary code in a privileged context, by leveraging control of the skslm.swiftkey.net domain name and providing a .. (dot dot) in an entry in a ZIP archive, as demonstrated by a traversal to the /data/dalvik-cache directory. Samsung Galaxy S4 and so on are all smart mobile devices released by South Korea's Samsung. A directory traversal vulnerability exists in the implementation of the SwiftKey language-pack upgrade for several Samsung Galaxy devices. SwiftKey is prone to a directory-traversal vulnerability. This may aid in further attacks

SQL injection vulnerability in the Manager interface in Cisco Prime Collaboration 10.5(1) allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug IDs CSCuu29910, CSCuu29928, and CSCuu59104. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. This issue being tracked by Cisco Bug IDs CSCuu29910, CSCuu29928, and CSCuu59104. This solution supports simplified unified communication and video collaboration network management through a unified management console, and rapid deployment of communication sites

Cisco Cloud Portal in Cisco Prime Service Catalog 9.4.1_vortex on Cloud Portal appliances allows man-in-the-middle attackers to modify data via unspecified vectors, aka Bug ID CSCuh19683. Vendors have confirmed this vulnerability Bug ID CSCuh19683 It is released as. Supplementary information : CWE Vulnerability type by CWE-701: Weaknesses Introduced During Design ( Vulnerabilities introduced during design ) Has been identified. https://cwe.mitre.org/data/definitions/701.htmlMan-in-the-middle attacks (man-in-the-middle attack) May change the data. Successfully exploiting these issues may allow attackers to perform unauthorized actions by conducting a man-in-the-middle attack. This issue is being tracked by Cisco BugId CSCuh19683

The Cavium cryptographic-module firmware on Cisco Adaptive Security Appliance (ASA) devices with software 9.3(3) and 9.4(1.1) does not verify the AES-GCM Integrity Check Value (ICV) octets, which makes it easier for man-in-the-middle attackers to spoof IPSec and IKEv2 traffic by modifying packet data, aka Bug ID CSCuu66218. An attacker can exploit this issue to bypass security restrictions and perform unauthorized actions. This may aid in further attacks. This issue is tracked by Cisco Bug ID CSCuu66218