[US-CERT: Bulletin(SB15-033)] 2015년 1월 26일까지 발표된 보안 취약점
The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
-
High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0
-
Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9
-
Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9
Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.
High Vulnerabilities
Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
adobe -- flash_player | Adobe Flash Player before 13.0.0.262 and 14.x through 16.x before 16.0.0.287 on Windows and OS X and before 11.2.202.438 on Linux does not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism on Windows, and have an unspecified impact on other platforms, via unknown vectors, as exploited in the wild in January 2015. | 2015-01-23 | 10.0 | CVE-2015-0310 |
adobe -- flash_player | Unspecified vulnerability in Adobe Flash Player through 13.0.0.262 and 14.x, 15.x, and 16.x through 16.0.0.287 on Windows and OS X and through 11.2.202.438 on Linux allows remote attackers to execute arbitrary code via unknown vectors, as exploited in the wild in January 2015. | 2015-01-23 | 10.0 | CVE-2015-0311 |
adobe -- flash_player | Double free vulnerability in Adobe Flash Player before 13.0.0.264 and 14.x through 16.x before 16.0.0.296 on Windows and OS X and before 11.2.202.440 on Linux allows attackers to execute arbitrary code via unspecified vectors. | 2015-01-28 | 10.0 | CVE-2015-0312 |
catbot_project -- catbot | SQL injection vulnerability in index.php in CatBot 0.4.2 allows remote attackers to execute arbitrary SQL commands via the lastcatbot parameter. | 2015-01-27 | 7.5 | CVE-2015-1367 XF MISC BUGTRAQ FULLDISC MISC |
cisco -- prime_service_catalog | The XML parser in Cisco Prime Service Catalog before 10.1 allows remote authenticated users to read arbitrary files or cause a denial of service (CPU and memory consumption) via an external entity declaration in conjunction with an entity reference, as demonstrated by reading private keys, related to an XML External Entity (XXE) issue, aka Bug ID CSCup92880. | 2015-01-28 | 7.5 | CVE-2015-0581 |
cisco -- ios | The Network-Based Application Recognition (NBAR) protocol implementation in Cisco IOS 15.3(100)M and earlier on Cisco 2900 Integrated Services Router (aka Cisco Internet Router) devices allows remote attackers to cause a denial of service (NBAR process hang) via IPv4 packets, aka Bug ID CSCuo73682. | 2015-01-28 | 7.8 | CVE-2015-0586 |
ferretcms_project -- ferretcms | Unrestricted file upload vulnerability in ferretCMS 1.0.4-alpha allows remote administrators to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in custom/uploads/. | 2015-01-27 | 7.5 | CVE-2015-1371 CONFIRM BID MLIST MISC FULLDISC |
ferretcms_project -- ferretcms | SQL injection vulnerability in ferretCMS 1.0.4-alpha allows remote attackers to execute arbitrary SQL commands via the p parameter in an update action to admin.php. | 2015-01-27 | 7.5 | CVE-2015-1372 CONFIRM BID MLIST MISC FULLDISC |
freereprintables -- articlefr | SQL injection vulnerability in the getProfile function in system/profile.functions.php in Free Reprintables ArticleFR 3.0.5 allows remote attackers to execute arbitrary SQL commands via the username parameter to register/. | 2015-01-27 | 7.5 | CVE-2015-1364 MISC EXPLOIT-DB FULLDISC |
gnome -- vala | The Gst.MapInfo function in Vala 0.26.0 and 0.26.1 uses an incorrect buffer length declaration for the Gstreamer bindings, which allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via unspecified vectors, which trigger a heap-based buffer overflow. | 2015-01-27 | 7.5 | CVE-2014-8154 MISC SUSE |
gnu -- glibc | Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 function, aka "GHOST." | 2015-01-28 | 10.0 | CVE-2015-0235 MISC BUGTRAQ BUGTRAQ |
google -- chrome | Skia, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via crafted data that is improperly handled during text drawing, related to gpu/GrBitmapTextContext.cpp and gpu/ |
2015-01-27 | 7.5 | CVE-2015-1360 CONFIRM CONFIRM CONFIRM |
ibm -- i_access | Buffer overflow in the Data Transfer Program in IBM i Access 5770-XE1 5R4, 6.1, and 7.1 on Windows allows local users to gain privileges via unspecified vectors. | 2015-01-28 | 7.2 | CVE-2014-8920 XF |
jasper_project -- jasper | Off-by-one error in the jpc_dec_process_sot function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 image, which triggers a heap-based buffer overflow. | 2015-01-26 | 7.5 | CVE-2014-8157 CONFIRM REDHAT |
mantisbt -- mantisbt | MantisBT before 1.2.19 and 1.3.x before 1.3.0-beta.2 does not properly restrict access to /*/install.php, which allows remote attackers to obtain database credentials via the install parameter with the value 4. | 2015-01-26 | 7.5 | CVE-2014-9572 CONFIRM MISC XF MLIST |
midgard-project -- midgard2 | The default D-Bus access control rule in Midgard2 10.05.7.1 allows local users to send arbitrary method calls or signals to any process on the system bus and possibly execute arbitrary code with root privileges. | 2015-01-26 | 7.2 | CVE-2014-8148 MLIST SUSE |
php -- php | Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer. |
2015-01-27 | 7.5 | CVE-2015-0231 CONFIRM CONFIRM |
pixabay_images_project -- pixabay_images | pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress does not properly restrict access to the upload functionality, which allows remote attackers to write to arbitrary files. | 2015-01-28 | 7.5 | CVE-2015-1375 CONFIRM BUGTRAQ OSVDB MLIST EXPLOIT-DB FULLDISC MISC |
polarssl -- polarssl | The asn1_get_sequence_of function in library/asn1parse.c in PolarSSL 1.0 through 1.2.12 and 1.3.x through 1.3.9 does not properly initialize a pointer in the asn1_sequence linked list, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ASN.1 sequence in a certificate. | 2015-01-27 | 7.5 | CVE-2015-1182 SECUNIA SECUNIA |
schneider-electric -- tsxetg3000 | The Schneider Electric ETG3000 FactoryCast HMI Gateway with firmware before 1.60 IR 04 stores rde.jar under the web root with insufficient access control, which allows remote attackers to obtain sensitive setup and configuration information via a direct request. | 2015-01-27 | 7.8 | CVE-2014-9197 |
schneider-electric -- tsxetg3000 | The FTP server on the Schneider Electric ETG3000 FactoryCast HMI Gateway with firmware through 1.60 IR 04 has hardcoded credentials, which makes it easier for remote attackers to obtain access via an FTP session. | 2015-01-27 | 10.0 | CVE-2014-9198 |
sequelize_project -- sequelize | SQL injection vulnerability in Sequelize before 2.0.0-rc7 for Node.js allows remote attackers to execute arbitrary SQL commands via the order parameter. | 2015-01-27 | 7.5 | CVE-2015-1369 CONFIRM CONFIRM MLIST |
two_pilots -- exif_pilot | Buffer overflow in the Customize 35mm tab in Two Pilots Exif Pilot 4.7.2 allows remote attackers to execute arbitrary code via a long string in the maker element in an XML file. | 2015-01-27 | 7.5 | CVE-2015-1362 EXPLOIT-DB MISC |
Medium Vulnerabilities
Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
ansible -- tower | Multiple cross-site scripting (XSS) vulnerabilities in Ansible Tower (aka Ansible UI) before 2.0.5 allow remote attackers to inject arbitrary web script or HTML via the (1) order_by parameter to credentials/, (2) inventories/, (3) projects/, or (4) users/3/permissions/ in api/v1/ or the (5) next_run parameter to api/v1/schedules/. | 2015-01-27 | 4.3 | CVE-2015-1368 MISC XF BID BUGTRAQ EXPLOIT-DB FULLDISC MISC OSVDB OSVDB OSVDB OSVDB OSVDB |
apple -- apple_tv | The mach_port_kobject interface in the kernel in Apple iOS before 8.1.3 and Apple TV before 7.0.3 does not properly restrict kernel-address and heap-permutation information, which makes it easier for attackers to bypass the ASLR protection mechanism via a crafted app. | 2015-01-30 | 5.0 | CVE-2014-4496 |
apple -- mac_os_x | The Security component in Apple OS X before 10.10.2 does not properly process cached information about app certificates, which allows attackers to bypass the Gatekeeper protection mechanism by leveraging access to a revoked Developer ID certificate for signing a crafted app. | 2015-01-30 | 4.3 | CVE-2014-8838 |
apple -- mac_os_x | Spotlight in Apple OS X before 10.10.2 does not enforce the Mail "Load remote content in messages" configuration, which allows remote attackers to discover recipient IP addresses by including an inline image in an HTML e-mail message and logging HTTP requests for this image's URL. | 2015-01-30 | 5.0 | CVE-2014-8839 MISC SECTRACK MISC |
apple -- iphone_os | The iTunes Store component in Apple iOS before 8.1.3 allows remote attackers to bypass a Safari sandbox protection mechanism by leveraging redirection of an SSL URL to the iTunes Store. | 2015-01-30 | 6.8 | CVE-2014-8840 MISC |
attachmate -- reflection_ftp_client | Stack-based buffer overflow in the Attachmate Reflection FTP Client before 14.1.433 allows remote FTP servers to execute arbitrary code via a large PWD response. | 2015-01-27 | 6.8 | CVE-2014-5211 MISC SECUNIA |
beasts -- vsftpd | Unspecified vulnerability in vsftp 3.0.2 and earlier allows remote attackers to bypass access restrictions via unknown vectors, related to deny_file parsing. | 2015-01-28 | 5.0 | CVE-2015-1419 SECUNIA |
eventsentry -- eventsentry | Cross-site scripting (XSS) vulnerability in the Web Reports in EventSentry 3.1.0 allows remote attackers to inject arbitrary web script or HTML via the pageId parameter to networktile/bullet. | 2015-01-23 | 4.3 | CVE-2015-1180 BUGTRAQ MISC |
ferretcms_project -- ferretcms | Multiple cross-site scripting (XSS) vulnerabilities in admin.php in ferretCMS 1.0.4-alpha allow remote attackers to inject arbitrary web script or HTML via the (1) action parameter in a search request, (2) username in a login request, which is not properly handled when logging the event, or (3) page title in an insert action. | 2015-01-27 | 4.3 | CVE-2015-1373 CONFIRM BID MLIST MISC FULLDISC |
ferretcms_project -- ferretcms | Multiple cross-site request forgery (CSRF) vulnerabilities in admin.php in ferretCMS 1.0.4-alpha allow remote attackers to hijack the authentication of administrators for requests that conduct (1) cross-site scripting (XSS), (2) SQL injection, or (3) unrestricted file upload attacks. | 2015-01-27 | 6.8 | CVE-2015-1374 MISC MLIST |
freereprintables -- articlefr | Cross-site scripting (XSS) vulnerability in Free Reprintables ArticleFR 3.0.5 allows remote attackers to inject arbitrary web script or HTML via the q parameter to search/v/. | 2015-01-27 | 4.3 | CVE-2015-1363 MISC FULLDISC MISC |
genetechsolutions -- pie_register | The Pie Register plugin before 2.0.14 for WordPress does not properly restrict access to certain functions in pie-register.php, which allows remote attackers to (1) add a user by uploading a crafted CSV file or (2) activate a user account via a verifyit action. | 2015-01-23 | 5.0 | CVE-2014-8802 MISC SECUNIA |
google -- chrome | Unquoted Windows search path vulnerability in the GoogleChromeDistribution:: |
2015-01-27 | 4.6 | CVE-2014-9646 CONFIRM CONFIRM CONFIRM |
google -- chrome | Use-after-free vulnerability in PDFium, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF document, related to fpdfsdk/src/fpdfview.cpp and fpdfsdk/src/fsdk_mgr.cpp, a different vulnerability than CVE-2015-1205. | 2015-01-27 | 6.8 | CVE-2014-9647 CONFIRM CONFIRM CONFIRM |
google -- chrome | components/navigation_ |
2015-01-27 | 4.3 | CVE-2014-9648 CONFIRM CONFIRM |
google -- chrome | Multiple off-by-one errors in fpdfapi/fpdf_font/font_int.h in PDFium, as used in Google Chrome before 40.0.2214.91, allow remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted PDF document, related to an "intra-object-overflow" issue, a different vulnerability than CVE-2015-1205. | 2015-01-27 | 6.8 | CVE-2015-1359 CONFIRM CONFIRM CONFIRM |
google -- chrome | platform/image-decoders/ |
2015-01-27 | 6.8 | CVE-2015-1361 CONFIRM CONFIRM CONFIRM |
ibm -- tririga_application_platform | Open redirect vulnerability in IBM TRIRIGA Application Platform 3.2.1.x, 3.3.2 before 3.3.2.3, and 3.4.1 before 3.4.1.1 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via the out parameter. | 2015-01-28 | 4.9 | CVE-2014-8894 XF |
ibm -- tririga_application_platform | IBM TRIRIGA Application Platform 3.2.1.x, 3.3.2 before 3.3.2.3, and 3.4.1 before 3.4.1.1 allows remote attackers to bypass intended access restrictions and read the image files of arbitrary users via a crafted URL. | 2015-01-28 | 4.3 | CVE-2014-8895 XF |
ibm -- social_media_analytics | Multiple cross-site scripting (XSS) vulnerabilities in (1) dojox/form/resources/uploader. |
2015-01-28 | 4.3 | CVE-2014-8917 XF |
infinite_automation_systems -- mango_automation | Multiple cross-site scripting (XSS) vulnerabilities in data_point_details.shtm in Mango Automation 2.4.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) dpid, (2) dpxid, or (3) pid parameter. | 2015-01-26 | 4.3 | CVE-2015-1179 BUGTRAQ MISC |
jakweb -- gecko_cms | Multiple SQL injection vulnerabilities in Gecko CMS 2.2 and 2.3 allow remote administrators to execute arbitrary SQL commands via the (1) jak_delete_log[] or (2) ssp parameter to admin/index.php. | 2015-01-29 | 6.5 | CVE-2015-1423 XF MISC EXPLOIT-DB MISC OSVDB |
jakweb -- gecko_cms | Cross-site request forgery (CSRF) vulnerability in Gecko CMS 2.2 and 2.3 allows remote attackers to hijack the authentication of administrators for requests that add an administrator user via a newuser request to admin/index.php. | 2015-01-29 | 6.8 | CVE-2015-1424 XF MISC EXPLOIT-DB MISC OSVDB |
jasper_project -- jasper | Multiple stack-based buffer overflows in jpc_qmfb.c in JasPer 1.900.1 and earlier allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 image. | 2015-01-26 | 6.8 | CVE-2014-8158 REDHAT |
kde -- plasma-workspace | plasma-workspace before 5.1.95 allows remote attackers to obtain passwords via a Trojan horse Look and Feel package. | 2015-01-26 | 4.3 | CVE-2015-1307 BID MLIST |
kde -- kde-workspace | kde-workspace 4.2.0 and plasma-workspace before 5.1.95 allows remote attackers to obtain input events, and consequently obtain passwords, by leveraging access to the X server when the screen is locked. | 2015-01-26 | 4.3 | CVE-2015-1308 CONFIRM BID MLIST SECUNIA |
mantisbt -- mantisbt | Cross-site scripting (XSS) vulnerability in admin/install.php in MantisBT before 1.2.19 and 1.3.x before 1.3.0-beta.2 allows remote attackers to inject arbitrary web script or HTML via the (1) admin_username or (2) admin_password parameter. | 2015-01-26 | 4.3 | CVE-2014-9571 CONFIRM MISC CONFIRM CONFIRM XF MLIST |
mantisbt -- mantisbt | SQL injection vulnerability in manage_user_page.php in MantisBT before 1.2.19 and 1.3.x before 1.3.0-beta.2 allows remote administrators with FILE privileges to execute arbitrary SQL commands via the MANTIS_MANAGE_USERS_COOKIE cookie. | 2015-01-26 | 6.0 | CVE-2014-9573 CONFIRM CONFIRM MISC CONFIRM CONFIRM XF MLIST |
marked_project -- marked | Incomplete blacklist vulnerability in marked 0.3.2 and earlier for Node.js allows remote attackers to conduct cross-site scripting (XSS) attacks via a vbscript tag in a link. | 2015-01-27 | 4.3 | CVE-2015-1370 MISC MISC MISC MLIST |
openstack -- image_registry_and_delivery_ |
OpenStack Glance 2014.2.x through 2014.2.1, 2014.1.3, and earlier allows remote authenticated users to bypass the storage quote and cause a denial of service (disk consumption) by deleting an image in the saving state. | 2015-01-23 | 4.0 | CVE-2014-9623 CONFIRM CONFIRM MLIST SECUNIA |
osticket -- osticket | Cross-site scripting (XSS) vulnerability in upload/scp/tickets.php in osTicket before 1.9.5 allows remote attackers to inject arbitrary web script or HTML via the status parameter in a search action. | 2015-01-23 | 4.3 | CVE-2015-1176 CONFIRM CONFIRM BID BUGTRAQ MISC |
osticket -- osticket | Cross-site scripting (XSS) vulnerability in client.inc.php in osTicket before 1.9.5.1 allows remote attackers to inject arbitrary web script or HTML via the lang parameter. | 2015-01-23 | 4.3 | CVE-2015-1347 CONFIRM CONFIRM |
php -- php | The exif_process_unicode function in ext/exif/exif.c in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized pointer free and application crash) via crafted EXIF data in a JPEG image. | 2015-01-27 | 6.8 | CVE-2015-0232 CONFIRM CONFIRM CONFIRM |
pivotal_software -- rabbitmq | Cross-site scripting (XSS) vulnerability in the management plugin in RabbitMQ 2.1.0 through 3.4.x before 3.4.1 allows remote attackers to inject arbitrary web script or HTML via the path info to api/, which is not properly handled in an error message. | 2015-01-27 | 4.3 | CVE-2014-9649 CONFIRM MLIST |
pivotal_software -- rabbitmq | CRLF injection vulnerability in the management plugin in RabbitMQ 2.1.0 through 3.4.x before 3.4.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the download parameter to api/definitions. | 2015-01-27 | 5.0 | CVE-2014-9650 CONFIRM MLIST |
pixabay_images_project -- pixabay_images | Directory traversal vulnerability in pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress allows remote attackers to write to arbitrary files via a .. (dot dot) in the q parameter. | 2015-01-27 | 5.0 | CVE-2015-1365 MISC CONFIRM XF BUGTRAQ MLIST EXPLOIT-DB FULLDISC MISC OSVDB |
pixabay_images_project -- pixabay_images | Cross-site scripting (XSS) vulnerability in pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the image_user parameter. | 2015-01-27 | 4.3 | CVE-2015-1366 MISC CONFIRM XF BUGTRAQ MLIST EXPLOIT-DB FULLDISC MISC OSVDB |
pixabay_images_project -- pixabay_images | pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress does not validate hostnames, which allows remote authenticated users to write to arbitrary files via an upload URL with a host other thanpixabay.com. | 2015-01-28 | 4.0 | CVE-2015-1376 CONFIRM BUGTRAQ MLIST EXPLOIT-DB FULLDISC MISC |
qualiteam -- x-cart | Multiple cross-site scripting (XSS) vulnerabilities in cart.php in X-Cart 5.1.8 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) product_id or (2) category_id parameter. | 2015-01-26 | 4.3 | CVE-2015-1178 BID BUGTRAQ MISC |
xiph -- vorbis-tools | oggenc in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (divide-by-zero error and crash) via a WAV file with the number of channels set to zero. | 2015-01-23 | 5.0 | CVE-2014-9638 MISC MLIST MLIST FULLDISC |
xiph -- vorbis-tools | Integer overflow in oggenc in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (crash) via a crafted number of channels in a WAV file, which triggers an out-of-bounds memory access. | 2015-01-23 | 5.0 | CVE-2014-9639 MISC MLIST MLIST FULLDISC |
xiph -- vorbis-tools | oggenc/oggenc.c in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted raw file. | 2015-01-23 | 5.0 | CVE-2014-9640 CONFIRM CONFIRM MLIST MLIST |
Low Vulnerabilities
Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
ibm -- tririga_application_platform | Multiple cross-site scripting (XSS) vulnerabilities in (1) mainpage.jsp and (2) GetImageServlet.img in IBM TRIRIGA Application Platform 3.2.1.x, 3.3.2 before 3.3.2.3, and 3.4.1 before 3.4.1.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | 2015-01-28 | 3.5 | CVE-2014-8893 XF |
pxz_project -- pxz | Race condition in pxz 4.999.99 Beta 3 uses weak file permissions for the output file when compressing a file before changing the permission to match the original file, which allows local users to bypass the intended access restrictions. | 2015-01-23 | 2.1 | CVE-2015-1200 XF BID MLIST |
'IT 와 Social 이야기 > Security' 카테고리의 다른 글
[Anastasios Economides] Internet of things and security challenges (0) | 2015.02.03 |
---|---|
[National Retail Federation] What retailers want you to know about data security (0) | 2015.02.03 |
[ahoernecke] The Joy of Proactive Security 선제적 보안 (0) | 2015.02.02 |
[Dell] Cost of Neglecting Security (0) | 2015.02.02 |
[US-CERT: Bulletin(SB15-026)] 2015년 1월 19일까지 발표된 보안 취약점 (0) | 2015.01.27 |