Severity Rating: Critical
Revision Note: V1.0 (October 13, 2015): Bulletin published.
Summary: This security update resolves vulnerabilities in the VBScript and JScript scripting engines in Microsoft Windows. The more severe of the vulnerabilities could allow remote code execution if an attacker hosts a specially crafted website that is designed to exploit the vulnerabilities through Internet Explorer (or leverages a compromised website or a website that accepts or hosts user-provided content or advertisements) and then convinces a user to view the website. An attacker could also embed an ActiveX control marked “safe for initialization” in an application or Microsoft Office document that uses the IE rendering engine to direct the user to the specially crafted website.
Monthly Archives: October 2015
MS15-109 – Critical: Security Update for Windows Shell to Address Remote Code Execution (3096443) – Version: 1.0
Severity Rating: Critical
Revision Note: V1.0 (October 13, 2015): Bulletin published.
Summary: This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow remote code execution if a user opens a specially crafted toolbar object in Windows or an attacker convinces a user to view specially crafted content online.
MS15-107 – Important: Cumulative Security Update for Microsoft Edge (3096448) – Version: 1.0
Severity Rating: Important
Revision Note: V1.0 (October 13, 2015): Bulletin published.
Summary: This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow information disclosure if a user views a specially crafted webpage using Microsoft Edge. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
Netgear Voice Gateway 2.3.0.23_2.3.23 XSS / Code Execution
Netgear Voice Gateway with firmware version 2.3.0.23_2.3.23 suffers from command injection, insecurely configured passwords, and cross site scripting vulnerabilities.
Bugtraq: Multiple Remote Code Execution found in ZHONE
Multiple Remote Code Execution found in ZHONE
Bugtraq: CVE-2015-7377: Unauthenticated Reflected XSS in Pie Register WordPress Plugin
CVE-2015-7377: Unauthenticated Reflected XSS in Pie Register WordPress Plugin
Bugtraq: CVE-2015-7682: Multiple Blind SQL Injections in Pie Register WordPress Plugin
CVE-2015-7682: Multiple Blind SQL Injections in Pie Register WordPress Plugin
Bugtraq: CVE-2015-7683: Absolute Path Traversal in the Font WordPress Plugin
CVE-2015-7683: Absolute Path Traversal in the Font WordPress Plugin
RHSA-2015:1890-1: Important: spice security update
Red Hat Enterprise Linux: Updated spice packages that fix two security issues are now available for
Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having Important security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.
CVE-2015-5260, CVE-2015-5261
RHSA-2015:1889-1: Important: spice-server security update
Red Hat Enterprise Linux: An updated spice-server package that fixes two security issues is now
available for Red Hat Enterprise Linux 6.
Red Hat Product Security has rated this update as having Important security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.
CVE-2015-5260, CVE-2015-5261