CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0CVE-2015-7818 – IBM System Networking Switch Center Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2015-7818
The administration-panel web service in IBM System Networking Switch Center (SNSC) before 7.3.1.5 and Lenovo Switch Center before 8.1.2.0 allows local users to execute arbitrary JSP code with SYSTEM privileges by using the Apache Axis AdminService deployment method to install a .jsp file. El servicio web administration-panel en IBM System Networking Switch Center (SNSC) en versiones anteriores a 7.3.1.5 y Lenovo Switch Center en versiones anteriores a 8.1.2.0 permite a usuarios locales ejecutar código JSP arbitrario con privilegios SYSTEM usando el método de lanzamiento Apache Axis AdminService para instalar un archivo .jsp. This vulnerability allows local unprivileged attackers to execute arbitrary code on vulnerable installations of IBM System Networking Switch Center. Authentication is not required to exploit this vulnerability. The specific flaw exists within the IBM SNSC Web Service, which listens by default on ports 40080 (HTTP) or 40443 (HTTPS) for requests to the administration panel. Because this service offers access to the Apache Axis AdminService, an unprivileged local attacker can publish arbitrary classes with the deployment method. • http://www.zerodayinitiative.com/advisories/ZDI-15-551 https://support.lenovo.com/us/en/product_security/len_2015_074 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.1EPSS: 24%CPEs: 2EXPL: 0CVE-2015-7819 – IBM System Networking Switch Center DB Service Remote Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2015-7819
The DB service in IBM System Networking Switch Center (SNSC) before 7.3.1.5 and Lenovo Switch Center before 8.1.2.0 allows remote attackers to obtain sensitive administrator-account information via a request on port 40999, as demonstrated by an improperly encrypted password. El servicio DB en IBM System Networking Switch Center (SNSC) en versiones anteriores a 7.3.1.5 y Lenovo Switch Center en versiones anteriores a 8.1.2.0 permite a atacantes remotos obtener información sensible de la cuenta administrador a través de una petición al puerto 40999, según lo demostrado por una contraseña cifrada incorrectamente. This vulnerability allows remote attackers to disclose information on vulnerable installations of IBM System Networking Switch Center. Authentication is not required to exploit this vulnerability. The specific flaw exists within the IBM SNSC DB Service, that listens by default on port 40999. This service allows an unauthenticated user to obtain the account details for the SNSC Administrator, including the password. • http://www.zerodayinitiative.com/advisories/ZDI-15-552 https://support.lenovo.com/us/en/product_security/len_2015_074 • CWE-255: Credentials Management Errors •
CVSS: 7.1EPSS: 25%CPEs: 2EXPL: 0CVE-2015-7820 – IBM System Networking Switch Center ZipDownload.jsp Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2015-7820
Race condition in the administration-panel web service in IBM System Networking Switch Center (SNSC) before 7.3.1.5 and Lenovo Switch Center before 8.1.2.0 allows remote attackers to obtain privileged-account access, and consequently provide ZipDownload.jsp input containing directory traversal sequences to read arbitrary files, via a request to port 40080 or 40443. Condición de carrera en el servicio web administration-panel en IBM System Networking Switch Center (SNSC) en versiones anteriores a 7.3.1.5 y Lenovo Switch Center en versiones anteriores a 8.1.2.0 permite a atacantes remotos obtener acceso a cuentas privilegiadas, y consecuentemente proveer una entrada ZipDownload.jsp que contiene secuencias de salto de directorio para leer archivos de texto arbitrarios, a través de una petición al puerto 40080 o 40443. This vulnerability allows remote attackers to disclose information on vulnerable installations of IBM System Networking Switch Center. Authentication is not required to exploit this vulnerability. The specific flaws exist within the IBM SNSC Web Service, which listens by default on ports 40080 (HTTP) or 40443 (HTTPS) for requests to the administration panel. The first is a race condition, which allows the for the temporary use of a fixed privileged account which is forbidden from interactive login, and the second is the ability to specify any file on the system in ZipDownload.jsp. • http://www.zerodayinitiative.com/advisories/ZDI-15-554 https://support.lenovo.com/us/en/product_security/len_2015_074 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.1EPSS: 25%CPEs: 2EXPL: 0CVE-2015-7817 – IBM System Networking Switch Center FileReader.jsp Directory Traversal Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2015-7817
Race condition in the administration-panel web service in IBM System Networking Switch Center (SNSC) before 7.3.1.5 and Lenovo Switch Center before 8.1.2.0 allows remote attackers to obtain privileged-account access, and consequently provide FileReader.jsp input containing directory traversal sequences to read arbitrary text files, via a request to port 40080 or 40443. Condición de carrera en el servicio web administration-panel en IBM System Networking Switch Center (SNSC) en versiones anteriores a 7.3.1.5 y Lenovo Switch Center en versiones anteriores a 8.1.2.0 permite a atacantes remotos obtener acceso a cuentas privilegiadas, y consecuentemente proveer una entrada FileReader.jsp que contiene secuencias de salto de directorio para leer archivos de texto arbitrarios, a través de una petición al puerto 40080 o 40443. This vulnerability allows remote attackers to disclose information on vulnerable installations of IBM System Networking Switch Center. Authentication is not required to exploit this vulnerability. The specific flaws exist within the IBM SNSC Web Service, which listens by default on ports 40080 (HTTP) or 40443 (HTTPS) for requests to the administration panel. The first is a race condition, which allows the for the temporary use of a fixed privileged account which is forbidden from interactive login, and the second is a directory traversal vulnerability in FileReader.jsp. • http://www.zerodayinitiative.com/advisories/ZDI-15-553 https://support.lenovo.com/us/en/product_security/len_2015_074 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 6.9EPSS: 0%CPEs: 51EXPL: 1CVE-2015-3214 – QEMU - Programmable Interrupt Timer Controller Heap Overflow
https://notcve.org/view.php?id=CVE-2015-3214
The pit_ioport_read in i8254.c in the Linux kernel before 2.6.33 and QEMU before 2.3.1 does not distinguish between read lengths and write lengths, which might allow guest OS users to execute arbitrary code on the host OS by triggering use of an invalid index. Vulnerabilidad en pit_ioport_read en i8254.c en el kernel de Linux en versiones anteriores a 2.6.33 y en QEMU en versiones anteriores a 2.3.1, no distingue entre longitudes de lectura y longitudes de escritura, lo que podría permitir a los usuarios invitados del SO ejecutar código arbitrario en el host del SO desencadenando el uso de un índice no válido. An out-of-bounds memory access flaw, leading to memory corruption or possibly an information leak, was found in QEMU's pit_ioport_read() function. A privileged guest user in a QEMU guest, which had QEMU PIT emulation enabled, could potentially, in rare cases, use this flaw to execute arbitrary code on the host with the privileges of the hosting QEMU process. • https://www.exploit-db.com/exploits/37990 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ee73f656a604d5aa9df86a97102e4e462dd79924 http://mirror.linux.org.au/linux/kernel/v2.6/ChangeLog-2.6.33 http://rhn.redhat.com/errata/RHSA-2015-1507.html http://rhn.redhat.com/errata/RHSA-2015-1508.html http://rhn.redhat.com/errata/RHSA-2015-1512.html http://www.debian.org/security/2015/dsa-3348 http://www.openwall.com/lists/oss-security/2015/06/25/7 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •