Monthly Archives: November 2015
Milton Webdav 2.7.0.1 XXE Injection
Milton Webdav version 2.7.0.1 suffers from an XXE injection vulnerability.
The security review: Car hacking, internet at 46 and TalkTalk cyber-arrests
Welcome to our new weekly round-up, offering you a recap of the biggest stories, opinion pieces and reports from the world of information security from the past seven days.
The post The security review: Car hacking, internet at 46 and TalkTalk cyber-arrests appeared first on We Live Security.
Avast achieves ICSA Labs certification
We’re happy to announce that Avast Free Antivirus on Windows 10 64-bit has been certified by ICSA Labs! After being tested in the ICSA Labs Anti-Virus Certification Testing Laboratory, Avast Free Antivirus on Windows 10 64-bit has satisfied the requirements for the Desktop Server AV Detection module within the Anti-Virus Corporate Certification Testing Criteria.
The Desktop Server AV Detection is targeted at antivirus products designed to protect individual desktops, laptops, or servers of individuals and businesses from malicious code infection. In order to meet all the requirements within the Desktop Server AV Detection module, antivirus products must accomplish the following things:
• Detect malware on-demand
• Detect and prevent the replication of viruses on-access
• Report no false positives
• Log the results of attempted malware detections
• Perform necessary administrative functions
About ICSA Labs
ICSA Labs is the security industry’s principle antivirus product testing and certification facility. The company is a reliable source for finding which products are currently certified and also includes a collection of detailed lab reports of the tests that are conducted on the products.
Follow Avast on Facebook, Twitter, YouTube, and Google+ where we keep you updated on cybersecurity news every day.
Kaspersky Lab Q3 Threat Report Shows Mobile Malware Growth and Continued Attacks to Online Banking
Vodafone UK Hacked?
Vodafone is a giant when it comes to telecommunication, so it was only a matter of time for someone to try theirluck and get access to at least some of the customers’ data.
The post Vodafone UK Hacked? appeared first on Avira Blog.
USB Killer: the storage tool that destroys your computer
Despite the increase in the storage of files and documents on cloud-based systems, the humble USB is still playing an integral part in our lives. From offices to homes, this convenient tool is used for quickly and easily transferring files from one device to another.
However, just because they may seem harmless doesn’t mean they can’t give your cause for concern. If you have ever connected your USB to an infected computer it is likely that it has become infected with malware. What’s more, if you thought that a virus was the worst thing that could happen to your USB then you’re mistaken – a USB could, literally, fry your computer.
Russian security expert Dark Purple has recently proven this and has developed an updated version of his so-called USB Killer; a USB capable of destroying a laptop but by connecting the two devices.
His first device managed to discharge 110 volts of electricity on the USB port when it was connected, but the new USB Killer 2.0 has managed to increase further the voltage that it can transmit, making it capable of relative destruction. If we consider that a USB port can handle around 5 volts, his invention goes far beyond what it is capable of tolerating, and in just a few seconds the USB Killer can destroy the motherboard.
In order to achieve this, the USB that he uses has been modified to use a DC-to-DC converter and various condensers. When it is connected, it begin to transmit an electrical current to the condensers, which turn into tension points as a consequence of this powerful charge.
The Dark Purple system not only manages to destroy computers with this method, but also any technological device that has a USB port. It doesn’t matter if it is a laptop, a desktop computer, or a tablet – this USB is designed to destroy the motherboard of any device, regardless of its size.
Although the investigator hasn’t carried out tests on all devices, his demonstration of the USBs power in destroying a Lenovo ThinkPad X60 leaves us with little doubt as to the potential of the USB Killer 2.0. The effects of his demonstration were immediate, with the computer automatically shutting down and it was impossible to restart it.
You never know what they may have stored in them and it’s best not to take the risk, as they could contain dire malware. If you want to protect your computer or tablet you need to look beyond the programs that you have installed; you also need to be aware of the dangers that come from external sources.
The post USB Killer: the storage tool that destroys your computer appeared first on MediaCenter Panda Security.
SB15-306: Vulnerability Summary for the Week of October 26, 2015
Original release date: November 02, 2015
The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.
The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
-
High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0
-
Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9
-
Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9
Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.
High Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
adobe — shockwave_player | Adobe Shockwave Player before 12.2.1.171 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. | 2015-10-28 | 10.0 | CVE-2015-7649 CONFIRM |
apple — mac_os_x | The kernel in Apple OS X before 10.11.1 allows local users to gain privileges by leveraging an unspecified “type confusion” during Mach task processing. | 2015-10-23 | 7.2 | CVE-2015-5932 CONFIRM APPLE |
apple — mac_os_x | The Sandbox subsystem in Apple OS X before 10.11.1 allows local users to gain privileges via vectors involving NVRAM parameters. | 2015-10-23 | 7.2 | CVE-2015-5945 CONFIRM APPLE |
apple — iphone_os | IOHIDFamily in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | 2015-10-23 | 9.3 | CVE-2015-6974 CONFIRM CONFIRM CONFIRM APPLE APPLE APPLE |
apple — iphone_os | Double free vulnerability in Apple iOS before 9.1 and OS X before 10.11.1 allows attackers to write to arbitrary files via a crafted app that accesses AtomicBufferedFile descriptors. | 2015-10-23 | 8.8 | CVE-2015-6983 CONFIRM CONFIRM APPLE APPLE |
apple — mac_os_x | libarchive in Apple OS X before 10.11.1 allows attackers to write to arbitrary files via a crafted app that conducts an unspecified symlink attack. | 2015-10-23 | 8.8 | CVE-2015-6984 CONFIRM APPLE |
apple — iphone_os | The kernel in Apple iOS before 9.1 and OS X before 10.11.1 does not initialize an unspecified data structure, which allows remote attackers to execute arbitrary code via vectors involving an unknown network-connectivity requirement. | 2015-10-23 | 10.0 | CVE-2015-6988 CONFIRM CONFIRM APPLE APPLE |
apple — iphone_os | The kernel in Apple iOS before 9.1 and OS X before 10.11.1 mishandles reuse of virtual memory, which allows attackers to cause a denial of service via a crafted app. | 2015-10-23 | 7.1 | CVE-2015-6994 CONFIRM CONFIRM APPLE APPLE |
apple — mac_os_x | Script Editor in Apple OS X before 10.11.1 allows remote attackers to bypass an intended user-confirmation requirement for AppleScript execution via unspecified vectors. | 2015-10-23 | 7.5 | CVE-2015-7007 CONFIRM APPLE |
apple — mac_os_x | The MCX Application Restrictions component in Apple OS X before 10.11.1, when Managed Configuration is enabled, mishandles provisioning profiles, which allows attackers to bypass intended entitlement restrictions and gain privileges via a crafted developer-signed app. | 2015-10-23 | 7.6 | CVE-2015-7016 CONFIRM APPLE |
apple — mac_os_x | The Graphics Drivers subsystem in Apple OS X before 10.11.1 allows local users to gain privileges or cause a denial of service (kernel memory corruption) via unspecified vectors. | 2015-10-23 | 7.2 | CVE-2015-7021 CONFIRM APPLE |
cisco — adaptive_security_appliance_software | The DHCPv6 relay implementation in Cisco Adaptive Security Appliance (ASA) software 9.0 before 9.0(4.37), 9.1 before 9.1(6.6), 9.2 before 9.2(4), 9.3 before 9.3(3.5), and 9.4 before 9.4(2) allows remote attackers to cause a denial of service (device reload) via crafted DHCPv6 packets, aka Bug IDs CSCus56252 and CSCus57142. | 2015-10-24 | 7.1 | CVE-2015-6324 CISCO |
cisco — adaptive_security_appliance_software | Cisco Adaptive Security Appliance (ASA) software 7.2 and 8.2 before 8.2(5.58), 8.3 and 8.4 before 8.4(7.29), 8.5 through 8.7 before 8.7(1.17), 9.0 before 9.0(4.37), 9.1 before 9.1(6.4), 9.2 before 9.2(4), 9.3 before 9.3(3.1), and 9.4 before 9.4(1.1) allows remote attackers to cause a denial of service (device reload) via a crafted DNS response, aka Bug ID CSCut03495. | 2015-10-24 | 7.1 | CVE-2015-6325 CISCO |
cisco — adaptive_security_appliance_software | Cisco Adaptive Security Appliance (ASA) software 7.2 and 8.2 before 8.2(5.58), 8.3 and 8.4 before 8.4(7.29), 8.5 through 8.7 before 8.7(1.17), 9.0 before 9.0(4.37), 9.1 before 9.1(6.6), 9.2 before 9.2(4), 9.3 before 9.3(3.5), and 9.4 before 9.4(1.5) allows remote attackers to cause a denial of service (device reload) via a crafted DNS response, aka Bug ID CSCuu07799. | 2015-10-24 | 7.8 | CVE-2015-6326 CISCO |
cisco — adaptive_security_appliance_software | The IKEv1 implementation in Cisco Adaptive Security Appliance (ASA) software 7.2 and 8.2 before 8.2(5.58), 8.3 and 8.4 before 8.4(7.29), 8.5 through 8.7 before 8.7(1.17), 9.0 before 9.0(4.37), 9.1 before 9.1(6.8), 9.2 before 9.2(4), and 9.3 before 9.3(3) allows remote attackers to cause a denial of service (device reload) via crafted ISAKMP UDP packets, aka Bug ID CSCus94026. | 2015-10-24 | 7.8 | CVE-2015-6327 CISCO |
cisco — firesight_system_software | The policy implementation in Cisco FireSIGHT Management Center 5.3.1.7, 5.4.0.4, and 6.0.0 for VMware allows remote authenticated administrators to bypass intended policy restrictions and execute Linux commands as root via unspecified vectors, aka Bug ID CSCuw12839. | 2015-10-24 | 9.0 | CVE-2015-6335 CISCO |
fedoraproject — 389_directory_server | 389 Directory Server (formerly Fedora Directory Server) before 1.3.3.12 does not enforce the nsSSL3Ciphers preference when creating an sslSocket, which allows remote attackers to have unspecified impact by requesting to use a disabled cipher. | 2015-10-29 | 7.5 | CVE-2015-3230 CONFIRM CONFIRM CONFIRM FEDORA |
ibm — general_parallel_file_system | IBM General Parallel File System (GPFS) 3.5.x before 3.5.0.27 and 4.1.x before 4.1.1.2 and Spectrum Scale 4.1.1.x before 4.1.1.2 allow local users to obtain root privileges for command execution via unspecified vectors. | 2015-10-25 | 7.2 | CVE-2015-4974 CONFIRM |
ibm — domino | Buffer overflow in IBM Domino 8.5.1 through 8.5.3 before 8.5.3 FP6 IF10 and 9.x before 9.0.1 FP4 IF3 allows remote attackers to execute arbitrary code or cause a denial of service (SMTP daemon crash) via a crafted GIF image, aka SPRs KLYH9ZDKRE and KLYH9ZTLEZ, a different vulnerability than CVE-2015-5040. | 2015-10-29 | 7.5 | CVE-2015-4994 CONFIRM |
ibm — cognos_disclosure_management | IBM Cognos Disclosure Management (CDM) 10.1.x and 10.2.x before 10.2.4 IF10 allows man-in-the-middle attackers to obtain access by spoofing an executable file during a client upload operation. | 2015-10-25 | 9.3 | CVE-2015-5014 CONFIRM |
ibm — domino | Buffer overflow in IBM Domino 8.5.1 through 8.5.3 before 8.5.3 FP6 IF10 and 9.x before 9.0.1 FP4 IF3 allows remote attackers to execute arbitrary code or cause a denial of service (SMTP daemon crash) via a crafted GIF image, aka SPRs KLYH9ZDKRE and KLYH9ZTLEZ, a different vulnerability than CVE-2015-4994. | 2015-10-29 | 7.5 | CVE-2015-5040 CONFIRM |
ininet_solutions — scada_web_server | Multiple stack-based buffer overflows in IniNet embeddedWebServer (aka eWebServer) before 2.02 allow remote attackers to execute arbitrary code via a long field in an HTTP request. | 2015-10-24 | 10.0 | CVE-2015-1001 MISC |
janitza — umg_508 | The FTP service on Janitza UMG 508, 509, 511, 604, and 605 devices has a default password, which makes it easier for remote attackers to read or write to files via a session on TCP port 21. | 2015-10-28 | 7.5 | CVE-2015-3968 MISC |
janitza — umg_508 | The debug interface on Janitza UMG 508, 509, 511, 604, and 605 devices does not require authentication, which allows remote attackers to read or write to files, or execute arbitrary JASIC code, via a session on TCP port 1239. | 2015-10-28 | 7.5 | CVE-2015-3971 MISC |
janitza — umg_508 | The web interface on Janitza UMG 508, 509, 511, 604, and 605 devices supports only short PIN values for authentication, which makes it easier for remote attackers to obtain access via a brute-force attack. | 2015-10-28 | 10.0 | CVE-2015-3972 MISC |
joomla — joomla! | SQL injection vulnerability in Joomla! 3.2 before 3.4.4 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2015-7858. | 2015-10-29 | 7.5 | CVE-2015-7297 MISC SECTRACK CONFIRM |
joomla — joomla! | SQL injection vulnerability in the getListQuery function in administrator/components/com_contenthistory/models/history.php in Joomla! 3.2 before 3.4.5 allows remote attackers to execute arbitrary SQL commands via the list[select] parameter to index.php. | 2015-10-29 | 7.5 | CVE-2015-7857 MISC SECTRACK CONFIRM |
joomla — joomla! | SQL injection vulnerability in Joomla! 3.2 before 3.4.4 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2015-7297. | 2015-10-29 | 7.5 | CVE-2015-7858 MISC SECTRACK CONFIRM |
medicomp — medcin_engine | The AddUserFinding implementation in Medicomp MEDCIN Engine 2.22.20153.x before 2.22.20153.226 might allow remote attackers to execute arbitrary code or cause a denial of service (integer truncation and heap-based buffer overflow) via a crafted packet on port 8190. | 2015-10-29 | 7.5 | CVE-2015-6006 CERT-VN MISC |
owncloud — owncloud | Directory traversal vulnerability in ownCloud Server before 8.0.6 and 8.1.x before 8.1.1 allows remote authenticated users to list directory contents and possibly cause a denial of service (CPU consumption) via a .. (dot dot) in the dir parameter to index.php/apps/files/ajax/scan.php. | 2015-10-26 | 7.5 | CVE-2015-6500 MISC CONFIRM |
owncloud — owncloud | The files_external app in ownCloud Server before 7.0.9, 8.0.x before 8.0.7, and 8.1.x before 8.1.2 allows remote authenticated users to instantiate arbitrary classes and possibly execute arbitrary code via a crafted mount point option, related to “objectstore.” | 2015-10-26 | 9.0 | CVE-2015-7699 CONFIRM CONFIRM DEBIAN |
rockwellautomation — micrologix_1100_firmware | Stack-based buffer overflow on Allen-Bradley MicroLogix 1100 devices before B FRN 15.000 and 1400 devices through B FRN 15.003 allows remote attackers to execute arbitrary code via unspecified vectors. | 2015-10-28 | 10.0 | CVE-2015-6490 MISC |
rockwellautomation — micrologix_1100_firmware | Allen-Bradley MicroLogix 1100 devices before B FRN 15.000 and 1400 devices before B FRN 15.003 allow remote attackers to cause a denial of service (memory corruption and device crash) via a crafted HTTP request. | 2015-10-28 | 7.8 | CVE-2015-6492 MISC |
sap — hana | The index server (hdbindexserver) in SAP HANA 1.00.095 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via an HTTP request, aka SAP Security Note 2197428. | 2015-10-27 | 7.5 | CVE-2015-7986 MISC MISC |
techno_project_japan — enisys_gw | SQL injection vulnerability in Techno Project Japan Enisys Gw before 1.4.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 2015-10-29 | 7.5 | CVE-2015-5668 CONFIRM JVNDB JVN |
Medium Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
3s-smart_software_solutions — codesys_gateway_server | 3S-Smart CODESYS Gateway Server before 2.3.9.48 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted (1) GET or (2) POST request. | 2015-10-24 | 5.0 | CVE-2015-6484 MISC |
afnetworking_project — afnetworking | The default AFSecurityPolicy.validatesDomainName configuration for AFSSLPinningModeNone in the AFNetworking framework before 2.5.3, as used in the ownCloud iOS Library, disables verification of a server hostname against the domain name in the subject’s Common Name (CN) of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | 2015-10-27 | 4.3 | CVE-2015-3996 CONFIRM CONFIRM CONFIRM BID |
apache — httpclient | http/conn/ssl/SSLConnectionSocketFactory.java in Apache HttpComponents HttpClient before 4.3.6 ignores the http.socket.timeout configuration setting during an SSL handshake, which allows remote attackers to cause a denial of service (HTTPS call hang) via unspecified vectors. | 2015-10-27 | 4.3 | CVE-2015-5262 CONFIRM CONFIRM UBUNTU SECTRACK CONFIRM FEDORA FEDORA FEDORA |
apple — iphone_os | The OpenGL implementation in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site. | 2015-10-23 | 6.8 | CVE-2015-5924 CONFIRM CONFIRM APPLE APPLE |
apple — iphone_os | The CoreGraphics component in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2015-5926. | 2015-10-23 | 6.8 | CVE-2015-5925 CONFIRM CONFIRM CONFIRM APPLE APPLE APPLE |
apple — iphone_os | The CoreGraphics component in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2015-5925. | 2015-10-23 | 6.8 | CVE-2015-5926 CONFIRM CONFIRM CONFIRM APPLE APPLE APPLE |
apple — iphone_os | FontParser in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-5942. | 2015-10-23 | 6.8 | CVE-2015-5927 CONFIRM CONFIRM CONFIRM APPLE APPLE APPLE |
apple — itunes | WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-1, APPLE-SA-2015-10-21-3, and APPLE-SA-2015-10-21-5. | 2015-10-23 | 6.8 | CVE-2015-5928 CONFIRM CONFIRM CONFIRM APPLE APPLE APPLE |
apple — itunes | WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-1, APPLE-SA-2015-10-21-3, and APPLE-SA-2015-10-21-5. | 2015-10-23 | 6.8 | CVE-2015-5929 APPLE CONFIRM CONFIRM CONFIRM APPLE APPLE |
apple — itunes | WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-1, APPLE-SA-2015-10-21-3, and APPLE-SA-2015-10-21-5. | 2015-10-23 | 6.8 | CVE-2015-5930 APPLE CONFIRM CONFIRM CONFIRM APPLE APPLE |
apple — itunes | WebKit, as used in Apple Safari before 9.0.1 and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-3 and APPLE-SA-2015-10-21-5. | 2015-10-23 | 6.8 | CVE-2015-5931 CONFIRM CONFIRM APPLE APPLE |
apple — mac_os_x | Audio in Apple OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted audio file, a different vulnerability than CVE-2015-5934. | 2015-10-23 | 6.8 | CVE-2015-5933 CONFIRM APPLE |
apple — mac_os_x | Audio in Apple OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted audio file, a different vulnerability than CVE-2015-5933. | 2015-10-23 | 6.8 | CVE-2015-5934 CONFIRM APPLE |
apple — iphone_os | ImageIO in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted metadata in an image, a different vulnerability than CVE-2015-5936, CVE-2015-5937, and CVE-2015-5939. | 2015-10-23 | 6.8 | CVE-2015-5935 CONFIRM CONFIRM CONFIRM APPLE APPLE APPLE |
apple — iphone_os | ImageIO in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted metadata in an image, a different vulnerability than CVE-2015-5935, CVE-2015-5937, and CVE-2015-5939. | 2015-10-23 | 6.8 | CVE-2015-5936 CONFIRM CONFIRM CONFIRM APPLE APPLE APPLE |
apple — iphone_os | ImageIO in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted metadata in an image, a different vulnerability than CVE-2015-5935, CVE-2015-5936, and CVE-2015-5939. | 2015-10-23 | 6.8 | CVE-2015-5937 CONFIRM CONFIRM CONFIRM APPLE APPLE APPLE |
apple — mac_os_x | ImageIO in Apple OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted metadata in an image. | 2015-10-23 | 6.8 | CVE-2015-5938 CONFIRM APPLE |
apple — iphone_os | ImageIO in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted metadata in an image, a different vulnerability than CVE-2015-5935, CVE-2015-5936, and CVE-2015-5937. | 2015-10-23 | 6.8 | CVE-2015-5939 CONFIRM CONFIRM CONFIRM APPLE APPLE APPLE |
apple — iphone_os | The Accelerate Framework component in Apple iOS before 9.1 and OS X before 10.11.1, when multi-threading is enabled, omits certain validation and locking steps, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site. | 2015-10-23 | 6.8 | CVE-2015-5940 CONFIRM CONFIRM APPLE APPLE |
apple — iphone_os | FontParser in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-5927. | 2015-10-23 | 6.8 | CVE-2015-5942 CONFIRM CONFIRM CONFIRM APPLE APPLE APPLE |
apple — mac_os_x | SecurityAgent in Apple OS X before 10.11.1 does not prevent synthetic clicks from reaching keychain windows, which allows attackers to bypass intended access restrictions via a crafted app. | 2015-10-23 | 4.3 | CVE-2015-5943 CONFIRM APPLE |
apple — mac_os_x | CoreText in Apple OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file. | 2015-10-23 | 6.8 | CVE-2015-5944 CONFIRM APPLE |
apple — iphone_os | FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6977, CVE-2015-6978, CVE-2015-6990, CVE-2015-6991, CVE-2015-6993, CVE-2015-7008, CVE-2015-7009, CVE-2015-7010, and CVE-2015-7018. | 2015-10-23 | 6.8 | CVE-2015-6976 CONFIRM CONFIRM APPLE APPLE |
apple — iphone_os | FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6976, CVE-2015-6978, CVE-2015-6990, CVE-2015-6991, CVE-2015-6993, CVE-2015-7008, CVE-2015-7009, CVE-2015-7010, and CVE-2015-7018. | 2015-10-23 | 6.8 | CVE-2015-6977 CONFIRM CONFIRM APPLE APPLE |
apple — iphone_os | FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6976, CVE-2015-6977, CVE-2015-6990, CVE-2015-6991, CVE-2015-6993, CVE-2015-7008, CVE-2015-7009, CVE-2015-7010, and CVE-2015-7018. | 2015-10-23 | 6.8 | CVE-2015-6978 CONFIRM CONFIRM APPLE APPLE |
apple — mac_os_x | Apple Type Services (ATS) in Apple OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web page. | 2015-10-23 | 6.8 | CVE-2015-6985 CONFIRM APPLE |
apple — iphone_os | Grand Central Dispatch in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted package that is mishandled during dispatch calls. | 2015-10-23 | 6.8 | CVE-2015-6989 CONFIRM CONFIRM CONFIRM APPLE APPLE APPLE |
apple — iphone_os | FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6976, CVE-2015-6977, CVE-2015-6978, CVE-2015-6991, CVE-2015-6993, CVE-2015-7008, CVE-2015-7009, CVE-2015-7010, and CVE-2015-7018. | 2015-10-23 | 6.8 | CVE-2015-6990 CONFIRM CONFIRM APPLE APPLE |
apple — iphone_os | FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6976, CVE-2015-6977, CVE-2015-6978, CVE-2015-6990, CVE-2015-6993, CVE-2015-7008, CVE-2015-7009, CVE-2015-7010, and CVE-2015-7018. | 2015-10-23 | 6.8 | CVE-2015-6991 CONFIRM CONFIRM APPLE APPLE |
apple — iphone_os | FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6976, CVE-2015-6977, CVE-2015-6978, CVE-2015-6990, CVE-2015-6991, CVE-2015-7008, CVE-2015-7009, CVE-2015-7010, and CVE-2015-7018. | 2015-10-23 | 6.8 | CVE-2015-6993 CONFIRM CONFIRM APPLE APPLE |
apple — iphone_os | The Disk Images component in Apple iOS before 9.1 and OS X before 10.11.1 misparses images, which allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted app. | 2015-10-23 | 6.8 | CVE-2015-6995 CONFIRM CONFIRM APPLE APPLE |
apple — iphone_os | IOAcceleratorFamily in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted app. | 2015-10-23 | 6.8 | CVE-2015-6996 CONFIRM CONFIRM CONFIRM APPLE APPLE APPLE |
apple — itunes | WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-1, APPLE-SA-2015-10-21-3, and APPLE-SA-2015-10-21-5. | 2015-10-23 | 6.8 | CVE-2015-7002 CONFIRM CONFIRM CONFIRM APPLE APPLE APPLE |
apple — mac_os_x | coreaudiod in Audio in Apple OS X before 10.11.1 does not initialize an unspecified data structure, which allows attackers to execute arbitrary code via a crafted app. | 2015-10-23 | 6.8 | CVE-2015-7003 CONFIRM APPLE |
apple — iphone_os | Directory traversal vulnerability in the BOM (aka Bill of Materials) component in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows remote attackers to execute arbitrary code via a crafted CPIO archive. | 2015-10-23 | 6.8 | CVE-2015-7006 CONFIRM CONFIRM CONFIRM APPLE APPLE APPLE |
apple — iphone_os | FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6976, CVE-2015-6977, CVE-2015-6978, CVE-2015-6990, CVE-2015-6991, CVE-2015-6993, CVE-2015-7009, CVE-2015-7010, and CVE-2015-7018. | 2015-10-23 | 6.8 | CVE-2015-7008 CONFIRM CONFIRM APPLE APPLE |
apple — iphone_os | FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6976, CVE-2015-6977, CVE-2015-6978, CVE-2015-6990, CVE-2015-6991, CVE-2015-6993, CVE-2015-7008, CVE-2015-7010, and CVE-2015-7018. | 2015-10-23 | 6.8 | CVE-2015-7009 CONFIRM CONFIRM APPLE APPLE |
apple — iphone_os | FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6976, CVE-2015-6977, CVE-2015-6978, CVE-2015-6990, CVE-2015-6991, CVE-2015-6993, CVE-2015-7008, CVE-2015-7009, and CVE-2015-7018. | 2015-10-23 | 6.8 | CVE-2015-7010 CONFIRM CONFIRM APPLE APPLE |
apple — itunes | WebKit, as used in Apple Safari before 9.0.1 and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-3 and APPLE-SA-2015-10-21-5. | 2015-10-23 | 6.8 | CVE-2015-7011 CONFIRM CONFIRM APPLE APPLE |
apple — itunes | WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-1, APPLE-SA-2015-10-21-3, and APPLE-SA-2015-10-21-5. | 2015-10-23 | 6.8 | CVE-2015-7012 APPLE CONFIRM CONFIRM CONFIRM APPLE APPLE |
apple — itunes | WebKit, as used in Apple Safari before 9.0.1 and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-3 and APPLE-SA-2015-10-21-5. | 2015-10-23 | 6.8 | CVE-2015-7013 CONFIRM CONFIRM APPLE APPLE |
apple — itunes | WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-1, APPLE-SA-2015-10-21-3, and APPLE-SA-2015-10-21-5. | 2015-10-23 | 6.8 | CVE-2015-7014 APPLE CONFIRM CONFIRM CONFIRM APPLE APPLE |
apple — iphone_os | Heap-based buffer overflow in the DNS client library in configd in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows attackers to execute arbitrary code via a crafted app that sends a spoofed configd response to a client. | 2015-10-23 | 6.8 | CVE-2015-7015 CONFIRM CONFIRM CONFIRM APPLE APPLE APPLE |
apple — iphone_os | FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6976, CVE-2015-6977, CVE-2015-6978, CVE-2015-6990, CVE-2015-6991, CVE-2015-6993, CVE-2015-7008, CVE-2015-7009, and CVE-2015-7010. | 2015-10-23 | 6.8 | CVE-2015-7018 CONFIRM CONFIRM APPLE APPLE |
apple — mac_os_x | The NVIDIA driver in the Graphics Drivers subsystem in Apple OS X before 10.11.1 allows local users to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read and system crash) via unspecified vectors, a different vulnerability than CVE-2015-7020. | 2015-10-23 | 5.6 | CVE-2015-7019 CONFIRM APPLE |
apple — mac_os_x | The NVIDIA driver in the Graphics Drivers subsystem in Apple OS X before 10.11.1 allows local users to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read and system crash) via unspecified vectors, a different vulnerability than CVE-2015-7019. | 2015-10-23 | 5.6 | CVE-2015-7020 CONFIRM APPLE |
apple — iphone_os | CFNetwork in Apple iOS before 9.1 and OS X before 10.11.1 does not properly consider the uppercase-versus-lowercase distinction during cookie parsing, which allows remote web servers to overwrite cookies via unspecified vectors. | 2015-10-23 | 5.8 | CVE-2015-7023 CONFIRM CONFIRM APPLE APPLE |
cisco — asr_5000_software | The Proxy Mobile IPv6 (PMIPv6) component in the CDMA implementation on Cisco ASR 5000 devices with software 19.0.M0.60737 allows remote attackers to cause a denial of service (hamgr process restart) via a crafted header in a PMIPv6 packet, aka Bug ID CSCuv63280. | 2015-10-26 | 5.0 | CVE-2015-6340 CISCO |
cisco — wireless_lan_controller_software | The Web Management GUI on Cisco Wireless LAN Controller (WLC) devices with software 7.4(140.0) and 8.0(120.0) allows remote attackers to cause a denial of service (client disconnection) via unspecified vectors, aka Bug ID CSCuw10610. | 2015-10-24 | 5.0 | CVE-2015-6341 CISCO |
cisco — asa_cx_context-aware_security_software | The web-based GUI in Cisco Adaptive Security Appliance (ASA) CX Context-Aware Security 9.3(4.1.11) allows remote authenticated users to bypass intended access restrictions and obtain sensitive user information via an unspecified HTTP request, aka Bug ID CSCuv74105. | 2015-10-30 | 4.0 | CVE-2015-6344 CISCO |
cisco — secure_access_control_server | SQL injection vulnerability in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCuw24700. | 2015-10-30 | 6.5 | CVE-2015-6345 CISCO |
cisco — secure_access_control_server | Cross-site scripting (XSS) vulnerability in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | 2015-10-30 | 4.3 | CVE-2015-6346 CISCO |
cisco — secure_access_control_server | The Solution Engine in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote authenticated users to bypass intended RBAC restrictions, and create a dashboard or portlet, by visiting an unspecified web page. | 2015-10-30 | 4.0 | CVE-2015-6347 CISCO |
cisco — secure_access_control_server | The report-generation web interface in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote authenticated users to bypass intended RBAC restrictions, and read report or status information, by visiting an unspecified web page. | 2015-10-30 | 4.0 | CVE-2015-6348 CISCO |
cisco — secure_access_control_server | Cross-site scripting (XSS) vulnerability in the web interface in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | 2015-10-30 | 4.3 | CVE-2015-6349 CISCO |
cisco — prime_service_catalog | SQL injection vulnerability in the web framework in Cisco Prime Service Catalog 11.0 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuw50843. | 2015-10-30 | 6.5 | CVE-2015-6350 CISCO |
cisco — asr_5000_software | Cisco ASR 5500 System Architecture Evolution (SAE) Gateway devices with software 19.1.0.61559 and 19.2.0 allow remote attackers to cause a denial of service (BGP process restart) via a crafted header in a BGP packet, aka Bug ID CSCuw65781. | 2015-10-30 | 5.0 | CVE-2015-6351 CISCO |
cisco — hosted_collaboration_solution | Cisco Unified Communications Domain Manager before 10.6(1) provides different error messages for pathname access attempts depending on whether the pathname exists, which allows remote attackers to map a filesystem via a series of requests, aka Bug ID CSCut67891. | 2015-10-30 | 4.3 | CVE-2015-6352 CISCO |
digia — qt | ownCloud Desktop Client before 2.0.1, when compiled with a Qt release after 5.3.x, does not call QNetworkReply::ignoreSslErrors with the list of errors to be ignored, which makes it easier for remote attackers to conduct man-in-the-middle (MITM) attacks by leveraging a server using a self-signed certificate. NOTE: this vulnerability exists because of a partial CVE-2015-4456 regression. | 2015-10-26 | 5.1 | CVE-2015-7298 CONFIRM |
epson — network_utility | EPSON Network Utility 4.10 uses weak permissions (Everyone: Full Control) for eEBSVC.exe, which allows local users to gain privileges via a Trojan horse file. | 2015-10-28 | 6.9 | CVE-2015-6034 CERT-VN CONFIRM |
fedoraproject — sssd | Memory leak in the Privilege Attribute Certificate (PAC) responder plugin (sssd_pac_plugin.so) in System Security Services Daemon (SSSD) 1.10 before 1.13.1 allows remote authenticated users to cause a denial of service (memory consumption) via a large number of logins that trigger parsing of PAC blobs during Kerberos authentication. | 2015-10-29 | 6.8 | CVE-2015-5292 CONFIRM CONFIRM CONFIRM MLIST FEDORA |
gnome — gdk-pixbuf | io-tga.c in gdk-pixbuf before 2.32.0 uses heap memory after its allocation failed, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) and possibly execute arbitrary code via a crafted Truevision TGA (TARGA) file. | 2015-10-26 | 6.8 | CVE-2015-7673 UBUNTU CONFIRM CONFIRM CONFIRM MLIST MLIST CONFIRM |
gnome — gdk-pixbuf | Integer overflow in the pixops_scale_nearest function in pixops/pixops.c in gdk-pixbuf before 2.32.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted GIF image file, which triggers a heap-based buffer overflow. | 2015-10-26 | 6.8 | CVE-2015-7674 UBUNTU CONFIRM MLIST MLIST MLIST MLIST CONFIRM |
ibm — websphere_portal | IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 through 8.0.0.1 CF18, and 8.5.0 before CF08 improperly restricts resource access, which allows remote attackers to obtain sensitive information via unspecified vectors, as demonstrated by configuration information. | 2015-10-28 | 5.0 | CVE-2014-8912 CONFIRM AIXAPAR |
ibm — websphere_portal | IBM WebSphere Portal 8.5.0 before CF08 allows remote attackers to bypass intended access restrictions via a crafted request. | 2015-10-29 | 6.8 | CVE-2015-4997 CONFIRM AIXAPAR |
infinite_automation_systems — mango_automation | Cross-site request forgery (CSRF) vulnerability in Infinite Automation Mango Automation 2.5.x and 2.6.x through 2.6.0 build 430 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors. | 2015-10-28 | 6.8 | CVE-2015-6493 MISC |
infinite_automation_systems — mango_automation | Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 build 430 allows remote attackers to obtain sensitive debugging information by entering a crafted URL to trigger an exception, and then visiting a certain status page. | 2015-10-28 | 4.3 | CVE-2015-7900 MISC |
infinite_automation_systems — mango_automation | Infinite Automation Mango Automation 2.5.x and 2.6.x through 2.6.0 build 430 allows remote authenticated users to execute arbitrary OS commands via unspecified vectors. | 2015-10-28 | 6.5 | CVE-2015-7901 MISC |
infinite_automation_systems — mango_automation | Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 build 430 provides different error messages for failed login attempts in unspecified circumstances, which allows remote attackers to obtain sensitive information via a series of requests. | 2015-10-28 | 5.0 | CVE-2015-7902 MISC |
infinite_automation_systems — mango_automation | SQL injection vulnerability in Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 build 430 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | 2015-10-28 | 6.5 | CVE-2015-7903 MISC |
infinite_automation_systems — mango_automation | Unrestricted file upload vulnerability in Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 build 430 allows remote authenticated users to execute arbitrary JSP code via vectors involving an upload of an image file. | 2015-10-28 | 6.5 | CVE-2015-7904 MISC |
ininet_solutions — scada_web_server | IniNet embeddedWebServer (aka eWebServer) before 2.02 mishandles URL encoding, which allows remote attackers to write to or delete files via a crafted string. | 2015-10-24 | 6.4 | CVE-2015-1002 MISC |
ininet_solutions — scada_web_server | Directory traversal vulnerability in IniNet embeddedWebServer (aka eWebServer) before 2.02 allows remote attackers to read arbitrary files via a crafted pathname. | 2015-10-24 | 5.0 | CVE-2015-1003 MISC |
janitza — umg_508 | Cross-site request forgery (CSRF) vulnerability on Janitza UMG 508, 509, 511, 604, and 605 devices allows remote attackers to hijack the authentication of arbitrary users. | 2015-10-28 | 6.8 | CVE-2015-3967 MISC |
janitza — umg_508 | Janitza UMG 508, 509, 511, 604, and 605 devices allow remote attackers to obtain sensitive network-connection information via a request to UDP port (1) 1234 or (2) 1235. | 2015-10-28 | 5.0 | CVE-2015-3969 MISC |
janitza — umg_508 | Multiple cross-site scripting (XSS) vulnerabilities in the web interface on Janitza UMG 508, 509, 511, 604, and 605 devices allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2015-10-28 | 4.3 | CVE-2015-3970 MISC |
janitza — umg_508 | Janitza UMG 508, 509, 511, 604, and 605 devices improperly generate session tokens, which makes it easier for remote attackers to determine a PIN value via unspecified computations on session-token values. | 2015-10-28 | 5.0 | CVE-2015-3973 MISC |
joomla — joomla! | The com_contenthistory component in Joomla! 3.2 before 3.4.5 does not properly check ACLs, which allows remote attackers to obtain sensitive information via unspecified vectors. | 2015-10-29 | 5.0 | CVE-2015-7859 SECTRACK CONFIRM |
joomla — joomla! | The com_content component in Joomla! 3.x before 3.4.5 does not properly check ACLs, which allows remote attackers to obtain sensitive information via unspecified vectors. | 2015-10-29 | 5.0 | CVE-2015-7899 SECTRACK CONFIRM |
kallithea — kallithea | CRLF injection vulnerability in Kallithea before 0.3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the came_from parameter to _admin/login. | 2015-10-29 | 5.0 | CVE-2015-5285 CONFIRM EXPLOIT-DB MISC MISC |
librsync_project — librsync | librsync before 1.0.0 uses a truncated MD4 checksum to match blocks, which makes it easier for remote attackers to modify transmitted data via a birthday attack. | 2015-10-26 | 5.8 | CVE-2014-8242 CONFIRM CONFIRM MISC CONFIRM MLIST MLIST MLIST SUSE FEDORA FEDORA FEDORA |
lockon — ec-cube | Cross-site request forgery (CSRF) vulnerability in LOCKON EC-CUBE 2.11.0 through 2.13.3 allows remote attackers to hijack the authentication of arbitrary users for requests that write to PHP scripts, related to the doValidToken function. | 2015-10-26 | 5.1 | CVE-2015-5665 CONFIRM CONFIRM JVNDB JVN |
medicomp — medcin_engine | Multiple stack-based buffer overflows in Medicomp MEDCIN Engine before 2.22.20153.226 might allow remote attackers to execute arbitrary code via a crafted packet on port 8190, related to (1) the SetGroupSequenceEx na_setgroupsequenceex function, (2) the FormatDate julptostr function, and (3) the UserFindingCodes addtocl function. | 2015-10-29 | 6.8 | CVE-2015-2898 CERT-VN MISC |
medicomp — medcin_engine | Heap-based buffer overflow in the QualifierList retrieve_qualifier_list function in Medicomp MEDCIN Engine before 2.22.20153.226 might allow remote attackers to execute arbitrary code via a long list name in a packet on port 8190. | 2015-10-29 | 6.8 | CVE-2015-2899 CERT-VN MISC |
medicomp — medcin_engine | The AddUserFinding add_userfinding2 function in Medicomp MEDCIN Engine before 2.22.20153.226 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted packet on port 8190. | 2015-10-29 | 6.8 | CVE-2015-2900 CERT-VN MISC |
medicomp — medcin_engine | Multiple stack-based buffer overflows in Medicomp MEDCIN Engine 2.22.20142.166 might allow remote attackers to execute arbitrary code via a crafted packet on port 8190, related to (1) the GetProperty info_getproperty function and (2) the GetProperty UdfCodeList function. | 2015-10-29 | 6.8 | CVE-2015-2901 CERT-VN MISC |
openstack — compute | OpenStack Compute (nova) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) does not properly delete instances from compute nodes, which allows remote authenticated users to cause a denial of service (disk consumption) by deleting instances while in the resize state. | 2015-10-26 | 6.8 | CVE-2015-3280 CONFIRM CONFIRM REDHAT |
openstack — swift | OpenStack Object Storage (Swift) before 2.4.0 allows attackers to obtain sensitive information via a PUT tempurl and a DLO object manifest that references an object in another container. | 2015-10-26 | 5.0 | CVE-2015-5223 CONFIRM CONFIRM CONFIRM MLIST REDHAT |
openstack — image_registry_and_delivery_service_(glance) | OpenStack Image Service (Glance) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) allow remote authenticated users to change the status of their images and bypass access restrictions via the HTTP x-image-meta-status header to images/*. | 2015-10-26 | 5.5 | CVE-2015-5251 CONFIRM CONFIRM REDHAT |
openstack — image_registry_and_delivery_service_(glance) | OpenStack Image Service (Glance) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) allows remote authenticated users to bypass the storage quota and cause a denial of service (disk consumption) by deleting images that are being uploaded using a token that expires during the process. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-9623. | 2015-10-26 | 6.8 | CVE-2015-5286 CONFIRM CONFIRM REDHAT |
openstack — compute | OpenStack Compute (Nova) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) do not properly apply security group changes, which allows remote attackers to bypass intended restriction by leveraging an instance that was running when the change was made. | 2015-10-29 | 5.0 | CVE-2015-7713 CONFIRM CONFIRM CONFIRM |
owncloud — owncloud | ownCloud iOS app before 3.4.4 does not properly switch state between multiple instances, which might allow remote instance administrators to obtain sensitive credential and cookie information by reading authentication headers. | 2015-10-29 | 5.0 | CVE-2015-5955 CONFIRM |
owncloud — owncloud | ownCloud Server before 7.0.8, 8.0.x before 8.0.6, and 8.1.x before 8.1.1 does not properly check ownership of calendars, which allows remote authenticated users to read arbitrary calendars via the calid parameter to apps/calendar/export.php. | 2015-10-26 | 4.0 | CVE-2015-6670 CONFIRM |
phpmyadmin — phpmyadmin | The redirection feature in url.php in phpMyAdmin 4.4.x before 4.4.15.1 and 4.5.x before 4.5.1 allows remote attackers to spoof content via the url parameter. | 2015-10-28 | 5.0 | CVE-2015-7873 CONFIRM CONFIRM |
polkit_project — polkit | The polkit_backend_action_pool_init function in polkitbackend/polkitbackendactionpool.c in PolicyKit (aka polkit) before 0.113 might allow local users to gain privileges via duplicate action IDs in action descriptions. | 2015-10-26 | 4.6 | CVE-2015-3255 CONFIRM CONFIRM SUSE MLIST |
polkit_project — polkit | PolicyKit (aka polkit) before 0.113 allows local users to cause a denial of service (memory corruption and polkitd daemon crash) and possibly gain privileges via unspecified vectors, related to “javascript rule evaluation.” | 2015-10-26 | 4.6 | CVE-2015-3256 CONFIRM SUSE MLIST |
polkit_project — polkit | Integer overflow in the authentication_agent_new_cookie function in PolicyKit (aka polkit) before 0.113 allows local users to gain privileges by creating a large number of connections, which triggers the issuance of a duplicate cookie value. | 2015-10-26 | 4.6 | CVE-2015-4625 BID MLIST MLIST MLIST SUSE MLIST MLIST MLIST FEDORA FEDORA |
postgresql — postgresql | The crypt function in contrib/pgcrypto in PostgreSQL before 9.0.23, 9.1.x before 9.1.19, 9.2.x before 9.2.14, 9.3.x before 9.3.10, and 9.4.x before 9.4.5 allows attackers to cause a denial of service (server crash) or read arbitrary server memory via a “too-short” salt. | 2015-10-26 | 6.4 | CVE-2015-5288 SECTRACK CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM FEDORA |
postgresql — postgresql | Multiple stack-based buffer overflows in json parsing in PostgreSQL before 9.3.x before 9.3.10 and 9.4.x before 9.4.5 allow attackers to cause a denial of service (server crash) via unspecified vectors, which are not properly handled in (1) json or (2) jsonb values. | 2015-10-26 | 6.4 | CVE-2015-5289 SECTRACK CONFIRM CONFIRM CONFIRM FEDORA CONFIRM |
redhat — jboss_enterprise_application_platform | The Management Console in Red Hat Enterprise Application Platform before 6.4.4 and WildFly (formerly JBoss Application Server) does not send an X-Frame-Options HTTP header, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web page that contains a (1) FRAME or (2) IFRAME element. | 2015-10-27 | 4.3 | CVE-2015-5178 CONFIRM SECTRACK REDHAT REDHAT REDHAT REDHAT REDHAT |
redhat — jboss_enterprise_application_platform | Cross-site request forgery (CSRF) vulnerability in the Web Console (web-console) in Red Hat Enterprise Application Platform before 6.4.4 and WildFly (formerly JBoss Application Server) before 2.0.0.CR9 allows remote attackers to hijack the authentication of administrators for requests that make arbitrary changes to an instance via vectors involving a file upload using a multipart/form-data submission. | 2015-10-27 | 6.8 | CVE-2015-5188 CONFIRM CONFIRM SECTRACK REDHAT REDHAT REDHAT REDHAT REDHAT |
redhat — jboss_enterprise_application_platform | The Web Console in Red Hat Enterprise Application Platform (EAP) before 6.4.4 and WildFly (formerly JBoss Application Server) allows remote attackers to cause a denial of service (memory consumption) via a large request header. | 2015-10-27 | 5.0 | CVE-2015-5220 CONFIRM SECTRACK REDHAT REDHAT REDHAT REDHAT REDHAT |
rockwellautomation — micrologix_1100_firmware | SQL injection vulnerability on Allen-Bradley MicroLogix 1100 devices before B FRN 15.000 and 1400 devices before B FRN 15.003 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | 2015-10-28 | 6.5 | CVE-2015-6486 MISC |
rockwellautomation — micrologix_1100_firmware | Cross-site scripting (XSS) vulnerability in the web server on Allen-Bradley MicroLogix 1100 devices before B FRN 15.000 and 1400 devices before B FRN 15.003 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2015-10-28 | 4.3 | CVE-2015-6488 MISC |
rockwellautomation — micrologix_1100_firmware | Allen-Bradley MicroLogix 1100 devices before B FRN 15.000 and 1400 devices before B FRN 15.003 allow remote authenticated users to insert the content of an arbitrary file into a FRAME element via unspecified vectors. | 2015-10-28 | 4.0 | CVE-2015-6491 MISC |
techno_project_japan — enisys_gw | Techno Project Japan Enisys Gw before 1.4.1 allows remote authenticated users to write to arbitrary files and consequently execute arbitrary code via unspecified vectors. | 2015-10-29 | 6.5 | CVE-2015-5669 CONFIRM JVNDB JVN |
techno_project_japan — enisys_gw | Cross-site scripting (XSS) vulnerability in Techno Project Japan Enisys Gw before 1.4.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2015-10-29 | 4.3 | CVE-2015-5670 CONFIRM JVNDB JVN |
techno_project_japan — enisys_gw | Techno Project Japan Enisys Gw before 1.4.1 allows remote attackers to bypass intended access restrictions and read arbitrary uploaded files via unspecified vectors. | 2015-10-29 | 5.0 | CVE-2015-5671 CONFIRM JVNDB JVN |
tibco — spotfire_analytics_platform_for_aws | Spotfire Parsing Library and Spotfire Security Filter in TIBCO Spotfire Server 5.5.x before 5.5.4, 6.0.x before 6.0.5, 6.5.x before 6.5.4, and 7.0.x before 7.0.1 and Spotfire Analytics Platform before 7.0.2 for AWS Marketplace allow remote authenticated users to obtain sensitive system information by visiting an unspecified URL. | 2015-10-28 | 4.0 | CVE-2015-5712 CONFIRM CONFIRM |
tibco — spotfire_analytics_platform_for_aws | Spotfire Parsing Library and Spotfire Security Filter in TIBCO Spotfire Server 5.5.x before 5.5.4, 6.0.x before 6.0.5, 6.5.x before 6.5.4, and 7.0.x before 7.0.1 and Spotfire Analytics Platform before 7.0.2 for AWS Marketplace allow remote attackers to obtain sensitive log information by visiting an unspecified URL. | 2015-10-28 | 5.0 | CVE-2015-5713 CONFIRM CONFIRM |
Low Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
apple — mac_os_x | The File Bookmark component in Apple OS X before 10.11.1 allows local users to cause a denial of service (application crash) via crafted bookmark metadata in a folder. | 2015-10-23 | 2.1 | CVE-2015-6987 CONFIRM APPLE |
colorbox_project — colorbox | The Colorbox module 7.x-2.x before 7.x-2.10 for Drupal allows remote authenticated users with certain permissions to bypass intended access restrictions and “add unexpected content to a Colorbox” via unspecified vectors, possibly related to a link in a comment. | 2015-10-26 | 3.5 | CVE-2015-7881 MISC CONFIRM |
ibm — general_parallel_file_system | IBM General Parallel File System (GPFS) 3.5.x before 3.5.0.27 and 4.1.x before 4.1.1.2 and Spectrum Scale 4.1.1.x before 4.1.1.2 allow local users to obtain sensitive information from system memory via unspecified vectors. | 2015-10-25 | 2.1 | CVE-2015-4981 CONFIRM |
ibm — integration_bus | IBM WebSphere Message Broker 8 before 8.0.0.6 and Integration Bus 9 before 9.0.0.4 do not check authorization for MQSISTARTMSGFLOW and MQSISTOPMSGFLOW commands, which allows local users to bypass intended access restrictions, and start or stop a service, by issuing a command. | 2015-10-25 | 3.2 | CVE-2015-5011 AIXAPAR CONFIRM |
infinite_automation_systems — mango_automation | Cross-site scripting (XSS) vulnerability in Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 build 430 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 2015-10-28 | 3.5 | CVE-2015-6494 MISC |
ininet_solutions — scada_web_server | IniNet embeddedWebServer (aka eWebServer) before 2.02 for Windows CE uses cleartext for password storage, which allows context-dependent attackers to obtain sensitive information via unspecified vectors. | 2015-10-24 | 2.1 | CVE-2015-1005 MISC |
numara — asset_manager | HP Asset Manager 9.40 and 9.41 before 9.41.11103 P4-rev1 and 9.50 before 9.50.11925 P3 allows local users to obtain sensitive information via unspecified vectors. | 2015-10-25 | 2.1 | CVE-2015-5448 HP |
openstack — neutron | Race condition in OpenStack Neutron before 2014.2.4 and 2015.1 before 2015.1.2, when using the ML2 plugin or the security groups AMQP API, allows authenticated users to bypass IP anti-spoofing controls by changing the device owner of a port to start with network: before the security group rules are applied. | 2015-10-27 | 3.5 | CVE-2015-5240 CONFIRM CONFIRM CONFIRM MLIST REDHAT |
owncloud — owncloud_desktop_client | ownCloud Desktop Client before 1.8.2 does not call QNetworkReply::ignoreSslErrors with the list of errors to be ignored, allows man-in-the-middle attackers to bypass the user’s certificate distrust decision and obtain sensitive information by leveraging a self-signed certificate and a connection to a server using its own self-signed certificate. | 2015-10-26 | 2.6 | CVE-2015-4456 CONFIRM CONFIRM |
polkit_project — polkit | The authentication_agent_new function in polkitbackend/polkitbackendinteractiveauthority.c in PolicyKit (aka polkit) before 0.113 allows local users to cause a denial of service (NULL pointer dereference and polkitd daemon crash) by calling RegisterAuthenticationAgent with an invalid object path. | 2015-10-26 | 2.1 | CVE-2015-3218 BID SUSE MLIST MLIST MLIST FEDORA FEDORA |
siemens — ruggedcom_rugged_operating_system | Siemens RUGGEDCOM ROS before 4.2.1 allows remote attackers to obtain sensitive information by sniffing the network for VLAN data within the padding section of an Ethernet frame. | 2015-10-28 | 3.3 | CVE-2015-7836 MISC CONFIRM |
This product is provided subject to this Notification and this Privacy & Use policy.
GLSA 201511-01: MirBSD Korn Shell: Arbitrary code execution
DSA-3390 xen – security update
It was discovered that the code to validate level 2 page table entries
is bypassed when certain conditions are satisfied. A malicious PV guest
administrator can take advantage of this flaw to gain privileges via a
crafted superpage mapping.