US-CERT Alerts – Alerts warn about vulnerabilities, incidents, and other security issues that pose a significant risk.
Original release date: October 13, 2015
Google has released Chrome version 46.0.2490.71 to address multiple vulnerabilities for Windows, Mac, and Linux. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system.
Users and administrators are encouraged to review the Chrome Releases page and apply the necessary update.
This product is provided subject to this Notification and this Privacy & Use policy.
Original release date: October 13, 2015
Microsoft has released six updates to address vulnerabilities in Microsoft Windows. Exploitation of some of these vulnerabilities could allow an attacker to take control of an affected system.
US-CERT encourages users and administrators to review Microsoft Security Bulletins MS15-106 through MS15-111 and apply the necessary updates.
This product is provided subject to this Notification and this Privacy & Use policy.
Original release date: October 13, 2015
Adobe has released security updates to address multiple vulnerabilities in Reader, Acrobat, and Flash Player. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system.
Users and administrators are encouraged to review Adobe Security Bulletins APSB15-24 and APSB15-25 and apply the necessary updates.
This product is provided subject to this Notification and this Privacy & Use policy.
Original release date: October 13, 2015
Microsoft Windows
Dridex is a multifunctional malware package that leverages obfuscated macros in Microsoft Office and extensible markup language (XML) files to infect systems. The primary goal of Dridex is to infect computers, steal credentials, and obtain money from victims’ bank accounts. Operating primarily as a banking Trojan, Dridex is generally distributed through phishing email messages. The emails appear legitimate and are carefully crafted to entice the victim to click on a hyperlink or to open a malicious attached file. Once a computer has been infected, Dridex is capable of stealing user credentials through the use of surreptitious keystroke logging and web injects.
Users are recommended to take the following actions to remediate Dridex infections:
F-Secure
https://www.f-secure.com/en/web/home_global/online-scanner
McAfee
http://www.mcafee.com/uk/downloads/free-tools/stinger.aspx
Microsoft
http://www.microsoft.com/security/scanner/en-us/default.aspx
Sophos
https://www.sophos.com/en-us/products/free-tools/virus-removal-tool.aspx
Trend Micro
http://housecall.trendmicro.com/
The above are examples only and do not constitute an exhaustive list. The U.S. Government does not endorse or support any particular product or vendor.
This product is provided subject to this Notification and this Privacy & Use policy.
Original release date: October 12, 2015
The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.
The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0
Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9
Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9
Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| anchorcms — anchor_cms | system/session/drivers/cookie.php in Anchor CMS 0.9.x allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object in a cookie. | 2015-10-05 | 7.5 | CVE-2015-5687 CONFIRM FULLDISC FULLDISC |
| apple — safari | The Safari Extensions implementation in Apple Safari before 9 does not require user confirmation before replacing an installed extension, which has unspecified impact and attack vectors. | 2015-10-09 | 10.0 | CVE-2015-5780 CONFIRM APPLE |
| apple — mac_os_x | The Intel Graphics Driver component in Apple OS X before 10.11 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5877. | 2015-10-09 | 7.2 | CVE-2015-5830 CONFIRM APPLE |
| apple — mac_os_x | The Login Window component in Apple OS X before 10.11 does not ensure that the screen is locked at the intended time, which allows physically proximate attackers to obtain access by visiting an unattended workstation. | 2015-10-09 | 7.2 | CVE-2015-5833 CONFIRM APPLE |
| apple — mac_os_x | IOHIDFamily in Apple OS X before 10.11 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | 2015-10-09 | 9.3 | CVE-2015-5866 CONFIRM APPLE |
| apple — mac_os_x | IOGraphics in Apple OS X before 10.11 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5872, CVE-2015-5873, and CVE-2015-5890. | 2015-10-09 | 7.2 | CVE-2015-5871 CONFIRM APPLE |
| apple — mac_os_x | IOGraphics in Apple OS X before 10.11 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5871, CVE-2015-5873, and CVE-2015-5890. | 2015-10-09 | 7.2 | CVE-2015-5872 CONFIRM APPLE |
| apple — mac_os_x | IOGraphics in Apple OS X before 10.11 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5871, CVE-2015-5872, and CVE-2015-5890. | 2015-10-09 | 7.2 | CVE-2015-5873 CONFIRM APPLE |
| apple — mac_os_x | The Intel Graphics Driver component in Apple OS X before 10.11 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5830. | 2015-10-09 | 7.2 | CVE-2015-5877 CONFIRM APPLE |
| apple — mac_os_x | The TLS Handshake Protocol implementation in Secure Transport in Apple OS X before 10.11 accepts a Certificate Request message within a session in which no Server Key Exchange message has been sent, which allows remote attackers to have an unspecified impact via crafted TLS data. | 2015-10-09 | 10.0 | CVE-2015-5887 CONFIRM APPLE |
| apple — mac_os_x | The Install Framework Legacy component in Apple OS X before 10.11 allows local users to obtain root privileges via vectors involving a privileged executable file. | 2015-10-09 | 7.2 | CVE-2015-5888 CONFIRM APPLE |
| apple — mac_os_x | rsh in the remote_cmds component in Apple OS X before 10.11 allows local users to obtain root privileges via vectors involving environment variables. | 2015-10-09 | 7.2 | CVE-2015-5889 CONFIRM APPLE |
| apple — mac_os_x | IOGraphics in Apple OS X before 10.11 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5871, CVE-2015-5872, and CVE-2015-5873. | 2015-10-09 | 7.2 | CVE-2015-5890 CONFIRM APPLE |
| apple — mac_os_x | The SMB implementation in the kernel in Apple OS X before 10.11 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors. | 2015-10-09 | 7.2 | CVE-2015-5891 CONFIRM APPLE |
| apple — mac_os_x | The protected range register in the EFI component in Apple OS X before 10.11 has an incorrect value, which allows attackers to cause a denial of service (boot failure) via a crafted app that writes to an unintended address. | 2015-10-09 | 7.1 | CVE-2015-5900 CONFIRM APPLE |
| apple — watch_os | GasGauge in Apple watchOS before 2 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5919. | 2015-10-09 | 7.2 | CVE-2015-5918 CONFIRM APPLE |
| apple — watch_os | GasGauge in Apple watchOS before 2 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5918. | 2015-10-09 | 7.2 | CVE-2015-5919 CONFIRM APPLE |
| arkeia — western_digital_arkeia | The arkeiad daemon in the Arkeia Backup Agent in Western Digital Arkeia 11.0.12 and earlier allows remote attackers to bypass authentication and execute arbitrary commands via a series of crafted requests involving the ARKFS_EXEC_CMD operation. | 2015-10-05 | 10.0 | CVE-2015-7709 EXPLOIT-DB MISC MISC |
| canarylabs — trendweb | Buffer overflow in Canary Labs Trend Web Server before 9.5.2 allows remote attackers to execute arbitrary code via a crafted TCP packet. | 2015-10-02 | 7.5 | CVE-2015-5653 JVNDB JVN |
| cisco — vpn_client | Cisco VPN Client 5.x through 5.0.07.0440 uses weak permissions for vpnclient.ini, which allows local users to gain privileges by entering an arbitrary program name in the Command field of the ApplicationLauncher section. | 2015-10-06 | 7.2 | CVE-2015-7600 MISC |
| cybozu — garoon | Cybozu Garoon 3.x through 3.7.5 and 4.x through 4.0.3 mishandles authentication requests, which allows remote authenticated users to conduct LDAP injection attacks, and consequently bypass intended login restrictions or obtain sensitive information, by leveraging certain group-administration privileges. | 2015-10-08 | 7.0 | CVE-2015-5649 CONFIRM JVNDB JVN |
| email-address_project — email-address | Algorithmic complexity vulnerability in Address.pm in the Email-Address module 1.908 and earlier for Perl allows remote attackers to cause a denial of service (CPU consumption) via a crafted string containing a list of e-mail addresses in conjunction with parenthesis characters that can be associated with nested comments. NOTE: the default configuration in 1.908 mitigates this vulnerability but misparses certain realistic comments. | 2015-10-05 | 7.8 | CVE-2015-7686 MLIST MLIST |
| freeswitch — freeswitch | Heap-based buffer overflow in the parse_string function in libs/esl/src/esl_json.c in FreeSWITCH before 1.4.23 and 1.6.x before 1.6.2 allows remote attackers to execute arbitrary code via a trailing u in a json string to cJSON_Parse. | 2015-10-05 | 7.5 | CVE-2015-7392 CONFIRM BUGTRAQ MISC |
| glpi-project — glpi | Unrestricted file upload in GLPI before 0.85.3 allows remote authenticated users to execute arbitrary code by adding a file with an executable extension as an attachment to a new ticket, then accessing it via a direct request to the file in files/_tmp/. | 2015-10-05 | 9.0 | CVE-2015-7684 CONFIRM CONFIRM FULLDISC |
| google — android | libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 21335999. | 2015-10-06 | 10.0 | CVE-2015-3823 MLIST |
| google — android | The Runtime subsystem in Android before 5.1.1 LMY48T allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 23050463. | 2015-10-06 | 9.3 | CVE-2015-3865 MLIST |
| google — android | libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23213430. | 2015-10-06 | 10.0 | CVE-2015-3867 MLIST |
| google — android | libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23270724. | 2015-10-06 | 10.0 | CVE-2015-3868 MLIST |
| google — android | libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23036083. | 2015-10-06 | 10.0 | CVE-2015-3869 MLIST |
| google — android | libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 22771132. | 2015-10-06 | 10.0 | CVE-2015-3870 MLIST |
| google — android | libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23031033. | 2015-10-06 | 10.0 | CVE-2015-3871 MLIST |
| google — android | libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23346388. | 2015-10-06 | 10.0 | CVE-2015-3872 MLIST |
| google — android | libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bugs 23016072, 23248776, 23247055, 22845824, 22008959, 21814993, 21048776, 20718524, 20674674, 22388975, 20674086, 21443020, and 22077698, a different vulnerability than CVE-2015-7716. | 2015-10-06 | 10.0 | CVE-2015-3873 MLIST |
| google — android | The Sonivox components in Android before 5.1.1 LMY48T allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bugs 23335715, 23307276, and 23286323. | 2015-10-06 | 10.0 | CVE-2015-3874 MLIST |
| google — android | libutils in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted audio file, aka internal bug 22952485. | 2015-10-06 | 10.0 | CVE-2015-3875 MLIST |
| google — android | Skia, as used in Android before 5.1.1 LMY48T, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 20723696. | 2015-10-06 | 10.0 | CVE-2015-3877 MLIST |
| google — android | Media Player Framework in Android before 5.1.1 LMY48T allows attackers to gain privileges via a crafted application, aka internal bug 23223325. | 2015-10-06 | 9.3 | CVE-2015-3879 MLIST |
| google — android | mediaserver in Android before 5.1.1 LMY48T allows attackers to gain privileges via a crafted application, aka internal bugs 20731946 and 20719651, a different vulnerability than CVE-2015-7717. | 2015-10-06 | 9.3 | CVE-2015-6596 MLIST |
| google — android | libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23306638. | 2015-10-06 | 10.0 | CVE-2015-6598 MLIST |
| google — android | libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23416608. | 2015-10-06 | 10.0 | CVE-2015-6599 MLIST |
| google — android | libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 22882938. | 2015-10-06 | 10.0 | CVE-2015-6600 MLIST |
| google — android | libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 22935234. | 2015-10-06 | 10.0 | CVE-2015-6601 MLIST |
| google — android | libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23227354. | 2015-10-06 | 10.0 | CVE-2015-6603 MLIST |
| google — android | libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23129786. | 2015-10-06 | 10.0 | CVE-2015-6604 MLIST |
| google — android | The Secure Element Evaluation Kit (aka SEEK or SmartCard API) plugin in Android before 5.1.1 LMY48T allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 22301786. | 2015-10-06 | 9.3 | CVE-2015-6606 MLIST |
| google — android | libstagefright in Android 5.x before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 20721050, a different vulnerability than CVE-2015-3873. | 2015-10-06 | 10.0 | CVE-2015-7716 MLIST |
| google — android | mediaserver in Android 5.x before 5.1.1 LMY48T and 6.0 before 2015-10-01 allows attackers to gain privileges via a crafted application, aka internal bug 19573085, a different vulnerability than CVE-2015-6596. | 2015-10-06 | 9.3 | CVE-2015-7717 MLIST |
| ibm — qradar_security_information_and_event_manager | The xmlrpc.cgi Webmin script in IBM QRadar SIEM 7.1 MR2 before Patch 11 IF02 and 7.2.x before 7.2.5 Patch 4 allows remote authenticated users to execute arbitrary commands with root privileges via unspecified vectors. | 2015-10-03 | 9.0 | CVE-2015-2011 CONFIRM |
| ibm — qradar_security_information_and_event_manager | Unspecified vulnerability in IBM QRadar SIEM 7.1 MR2 before Patch 11 IF02 and 7.2.x before 7.2.5 Patch 4 allows remote authenticated users to execute arbitrary commands with root privileges via unknown vectors. | 2015-10-03 | 9.0 | CVE-2015-2016 CONFIRM |
| ibm — qradar_security_information_and_event_manager | IBM QRadar SIEM 7.1 MR2 before Patch 11 IF02 and 7.2.x before 7.2.5 Patch 4 allows remote authenticated users to execute arbitrary commands with root privileges by leveraging admin access. | 2015-10-03 | 9.0 | CVE-2015-4930 CONFIRM |
| konicaminolta — ftp_utility | Buffer overflow in Konica Minolta FTP Utility 1.0 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a long USER command. | 2015-10-09 | 7.5 | CVE-2015-7767 EXPLOIT-DB EXPLOIT-DB |
| konicaminolta — ftp_utility | Buffer overflow in Konica Minolta FTP Utility 1.0 allows remote attackers to execute arbitrary code via a long CWD command. | 2015-10-09 | 7.5 | CVE-2015-7768 EXPLOIT-DB MISC MISC |
| mitsubishi_electric — melsec_fx3g | The HTTP application on Mitsubishi Electric MELSEC FX3G PLC devices before April 2015 allows remote attackers to cause a denial of service (device outage) via a long parameter. | 2015-10-05 | 7.8 | CVE-2015-3938 MISC |
| python — python | Untrusted search path vulnerability in python.exe in Python through 3.5.0 on Windows allows local users to gain privileges via a Trojan horse readline.pyd file in the current working directory. NOTE: the vendor says “It was determined that this is a longtime behavior of Python that cannot really be altered at this point.” | 2015-10-05 | 7.2 | CVE-2015-5652 JVNDB JVN MISC |
| zohocorp — manageengine_opmanager | ZOHO ManageEngine OpManager 11.5 build 11600 and earlier uses a hardcoded password of “plugin” for the IntegrationUser account, which allows remote authenticated users to obtain administrator access by leveraging knowledge of this password. | 2015-10-09 | 9.0 | CVE-2015-7765 EXPLOIT-DB CONFIRM MISC FULLDISC MISC |
| zohocorp — manageengine_opmanager | PGSQL:SubmitQuery.do in ZOHO ManageEngine OpManager 11.6, 11.5, and earlier allows remote administrators to bypass SQL query restrictions via a comment in the query to api/json/admin/SubmitQuery, as demonstrated by “INSERT/**/INTO.” | 2015-10-09 | 9.0 | CVE-2015-7766 EXPLOIT-DB CONFIRM MISC FULLDISC MISC |
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| 4homepages — 4images | Cross-site scripting (XSS) vulnerability in 4images 1.7.11 and earlier allows remote attackers to inject arbitrary web script or HTML via the cat_description parameter in an updatecat action to admin/categories.php. | 2015-10-05 | 4.3 | CVE-2015-7708 FULLDISC MISC |
| ajaxplorer — ajaxplorer | Directory traversal vulnerability in AjaXplorer 2.0 allows remote attackers to read arbitrary files via unspecified vectors. | 2015-10-05 | 5.0 | CVE-2015-5650 JVNDB JVN |
| apple — safari | The API in the WebKit Plug-ins component in Apple Safari before 9 does not provide notification of an HTTP Redirection (aka 3xx) status code to a plugin, which allows remote attackers to bypass intended request restrictions via a crafted web site. | 2015-10-09 | 4.3 | CVE-2015-5828 CONFIRM APPLE |
| apple — mac_os_x | Apple Online Store Kit in Apple OS X before 10.11 improperly validates iCloud keychain item ACLs, which allows attackers to obtain access to keychain items via a crafted app. | 2015-10-09 | 4.3 | CVE-2015-5836 CONFIRM APPLE |
| apple — mac_os_x | The filtering implementation in AppleEvents in Apple OS X before 10.11 mishandles attempts to send events to a different user, which allows attackers to bypass intended access restrictions by leveraging a screen-sharing connection. | 2015-10-09 | 6.8 | CVE-2015-5849 CONFIRM APPLE |
| apple — mac_os_x | IOGraphics in Apple OS X before 10.11 allows attackers to obtain sensitive kernel memory-layout information via a crafted app. | 2015-10-09 | 4.3 | CVE-2015-5865 CONFIRM APPLE |
| apple — mac_os_x | The bidirectional text-display and text-selection implementations in Terminal in Apple OS X before 10.11 interpret directional override formatting characters differently, which allows remote attackers to spoof the content of a text document via a crafted character sequence. | 2015-10-09 | 5.0 | CVE-2015-5883 CONFIRM APPLE |
| apple — mac_os_x | The X.509 certificate-trust implementation in Apple OS X before 10.11 does not recognize that the kSecRevocationRequirePositiveResponse flag implies a revocation-checking requirement, which makes it easier for man-in-the-middle attackers to spoof endpoints by leveraging access to a revoked certificate. | 2015-10-09 | 4.3 | CVE-2015-5894 CONFIRM APPLE |
| apple — mac_os_x | The Address Book framework in Apple OS X before 10.11 allows local users to gain privileges by using an environment variable to inject code into processes that rely on this framework. | 2015-10-09 | 4.6 | CVE-2015-5897 CONFIRM APPLE |
| apple — mac_os_x | The debugging feature in the kernel in Apple OS X before 10.11 mismanages state, which allows local users to cause a denial of service via unspecified vectors. | 2015-10-09 | 4.9 | CVE-2015-5902 CONFIRM APPLE |
| apple — mac_os_x | Heimdal, as used in Apple OS X before 10.11, allows remote attackers to conduct replay attacks against the SMB server via packet data that represents a Kerberos authenticated request. | 2015-10-09 | 6.8 | CVE-2015-5913 CONFIRM APPLE |
| apple — mac_os_x | The EFI component in Apple OS X before 10.11 allows physically proximate attackers to modify firmware during the EFI update process by inserting an Apple Ethernet Thunderbolt adapter with crafted code in an Option ROM, aka a “Thunderstrike” issue. NOTE: this issue exists because of an incomplete fix for CVE-2014-4498. | 2015-10-09 | 4.7 | CVE-2015-5914 MISC CONFIRM APPLE |
| apple — mac_os_x | Apple OS X before 10.11 does not ensure that the keychain’s lock state is displayed correctly, which has unspecified impact and attack vectors. | 2015-10-09 | 5.0 | CVE-2015-5915 CONFIRM APPLE |
| apple — mac_os_x | libxpc in launchd in Apple OS X before 10.11 does not restrict the creation of processes for network connections, which allows remote attackers to cause a denial of service (resource consumption) by repeatedly connecting to the SSH port, a different vulnerability than CVE-2015-7761. | 2015-10-09 | 5.0 | CVE-2015-7760 CONFIRM APPLE |
| apple — mac_os_x | Mail in Apple OS X before 10.11 does not properly recognize user preferences, which allows attackers to obtain sensitive information via an unspecified action during the printing of an e-mail message, a different vulnerability than CVE-2015-7760. | 2015-10-09 | 5.0 | CVE-2015-7761 CONFIRM APPLE |
| cisco — nx-os | Cisco NX-OS 6.0(2)U6(0.46) on N3K devices allows remote authenticated users to cause a denial of service (temporary SNMP outage) via an SNMP request for an OID that does not exist, aka Bug ID CSCuw36684. | 2015-10-02 | 4.0 | CVE-2015-6308 CISCO |
| cisco — email_security_appliance | Cisco Email Security Appliance (ESA) 8.5.6-106 and 9.6.0-042 allows remote authenticated users to cause a denial of service (file-descriptor consumption and device reload) via crafted HTTP requests, aka Bug ID CSCuw32211. | 2015-10-02 | 6.8 | CVE-2015-6309 CISCO |
| cisco — unified_communications_manager_im_and_presence_service | The REST interface in Cisco Unified Communications Manager IM and Presence Service 11.5(1) allows remote attackers to cause a denial of service (SIP proxy service restart) via a crafted HTTP request, aka Bug ID CSCuw31632. | 2015-10-08 | 5.0 | CVE-2015-6310 CISCO |
| cisco — wireless_lan_controller | Cisco Wireless LAN Controller (WLC) devices with software 7.0(240.0), 7.3(101.0), and 7.4(1.19) allow remote attackers to cause a denial of service (device outage) by sending malformed 802.11i management data to a managed access point, aka Bug ID CSCub65236. | 2015-10-08 | 6.1 | CVE-2015-6311 CISCO |
| dotclear — dotclear | Cross-site scripting (XSS) vulnerability in Dotclear before 2.8.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2015-10-03 | 4.3 | CVE-2015-5651 CONFIRM JVNDB JVN |
| e-catchup — basercms | baserCMS before 3.0.8 allows remote authenticated users to modify arbitrary user settings via a crafted request. | 2015-10-05 | 6.5 | CVE-2015-5640 JVNDB JVN CONFIRM |
| e-catchup — basercms | SQL injection vulnerability in baserCMS before 3.0.8 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | 2015-10-05 | 6.5 | CVE-2015-5641 JVNDB JVN CONFIRM |
| glpi-project — glpi | GLPI before 0.85.3 allows remote authenticated users to create super-admin accounts by leveraging permissions to create a user and the _profiles_id parameter to front/user.form.php. | 2015-10-05 | 4.0 | CVE-2015-7685 CONFIRM CONFIRM FULLDISC |
| gollum_project — gollum | The Precious module in gollum before 4.0.1 allows remote attackers to read arbitrary files by leveraging the lack of a certain temporary-file check. | 2015-10-05 | 4.3 | CVE-2015-7314 CONFIRM CONFIRM MLIST JVNDB JVN |
| google — android | Bluetooth in Android before 5.1.1 LMY48T allows attackers to remove stored SMS messages via a crafted application, aka internal bug 22343270. | 2015-10-06 | 6.4 | CVE-2015-3847 MLIST |
| google — android | mediaserver in Android before 5.1.1 LMY48T allows attackers to cause a denial of service (process crash) via unspecified vectors, aka internal bug 22954006. | 2015-10-06 | 5.0 | CVE-2015-3862 MLIST |
| google — android | Media Projection in Android 5.x before 5.1.1 LMY48T and 6.0 before 2015-10-01 allows attackers to bypass an intended screen-recording warning feature and obtain sensitive screen-snapshot information via a crafted application that references a long application name, aka internal bug 23345192. | 2015-10-06 | 4.3 | CVE-2015-3878 MLIST |
| google — android | mediaserver in Android before 5.1.1 LMY48T allows attackers to cause a denial of service (process crash) via unspecified vectors, aka internal bugs 20915134 and 23142203, a different vulnerability than CVE-2015-7718. | 2015-10-06 | 5.0 | CVE-2015-6605 MLIST |
| google — android | mediaserver in Android 5.x before 5.1.1 LMY48T and 6.0 before 2015-10-01 allows attackers to cause a denial of service (process crash) via unspecified vectors, aka internal bug 22278703, a different vulnerability than CVE-2015-6605. | 2015-10-06 | 5.0 | CVE-2015-7718 MLIST |
| ibm — openpages_grc_platform | IBM OpenPages GRC Platform 6.2 before IF7, 6.2.1 before 6.2.1.1 IF5, 7.0 before FP4, and 7.1 before FP1 allows remote authenticated users to modify arbitrary user filters via a JSON request. | 2015-10-03 | 4.0 | CVE-2015-0141 CONFIRM |
| ibm — openpages_grc_platform | IBM OpenPages GRC Platform 6.2 before IF7, 6.2.1 before 6.2.1.1 IF5, 7.0 before FP4, and 7.1 before FP1 allows remote authenticated users to cause a denial of service (maintenance-mode transition and data-storage outage) by calling the System Administration Mode function. | 2015-10-03 | 4.0 | CVE-2015-0142 CONFIRM |
| ibm — openpages_grc_platform | IBM OpenPages GRC Platform 6.2 before IF7, 6.2.1 before 6.2.1.1 IF5, 7.0 before FP4, and 7.1 before FP1 allows remote authenticated users to obtain sensitive information by reading error messages. | 2015-10-03 | 4.0 | CVE-2015-0143 CONFIRM |
| ibm — openpages_grc_platform | Cross-site request forgery (CSRF) vulnerability in IBM OpenPages GRC Platform 6.2 before IF7, 6.2.1 before 6.2.1.1 IF5, 7.0 before FP4, and 7.1 before FP1 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences. | 2015-10-03 | 6.8 | CVE-2015-0145 CONFIRM |
| ibm — content_template_catalog | Cross-site scripting (XSS) vulnerability in IBM Content Template Catalog 4.x before 4.1.4 for WebSphere Portal 8.0.x and 4.x before 4.3.1 for WebSphere Portal 8.5.x allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | 2015-10-03 | 4.3 | CVE-2015-0195 CONFIRM |
| ibm — change_and_configuration_management_database | IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX002, and 7.6.0 before 7.6.0.1 IFIX001; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX002 and 7.6.0 before 7.6.0.1 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products do not properly encrypt passwords, which makes it easier for context-dependent attackers to determine cleartext passwords by leveraging access to a password file. | 2015-10-03 | 5.0 | CVE-2015-1934 CONFIRM |
| ibm — websphere_extreme_scale | IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3 and 7.1.1 before 7.1.1.1 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. | 2015-10-03 | 4.3 | CVE-2015-2025 CONFIRM AIXAPAR AIXAPAR |
| ibm — websphere_extreme_scale | Cross-site request forgery (CSRF) vulnerability in IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3 and 7.1.1 before 7.1.1.1 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences. | 2015-10-03 | 6.0 | CVE-2015-2026 CONFIRM AIXAPAR AIXAPAR |
| ibm — websphere_extreme_scale | CRLF injection vulnerability in IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3 and 7.1.1 before 7.1.1.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL. | 2015-10-03 | 4.3 | CVE-2015-2028 CONFIRM AIXAPAR AIXAPAR |
| ibm — websphere_extreme_scale | Session fixation vulnerability in IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3 and 7.1.1 before 7.1.1.1 allows remote attackers to hijack web sessions via a session identifier. | 2015-10-03 | 4.3 | CVE-2015-2029 CONFIRM AIXAPAR AIXAPAR |
| ibm — websphere_extreme_scale | IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3 and 7.1.1 before 7.1.1.1 has an improper account-lockout setting, which makes it easier for remote attackers to obtain access via a brute-force attack. | 2015-10-03 | 5.0 | CVE-2015-2030 CONFIRM AIXAPAR AIXAPAR |
| ibm — emptoris_program_management | Cross-site scripting (XSS) vulnerability in IBM Emptoris Supplier Lifecycle Management and Emptoris Program Management 10.x before 10.0.1.4_iFix3, 10.0.2.x before 10.0.2.7_iFix1, 10.0.3.x before 10.0.3.2, and 10.0.4.x before 10.0.4.0_iFix1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | 2015-10-05 | 4.3 | CVE-2015-4939 CONFIRM |
| ibm — urbancode_deploy | IBM UrbanCode Deploy 6.0 and 6.0.1.x before 6.0.1.10, 6.1.1.x before 6.1.1.8, and 6.1.2 writes admin AUTH_TOKEN values to execution logs, which allows remote authenticated users to gain privileges by leveraging the ability to create and execute a process. | 2015-10-05 | 6.0 | CVE-2015-4964 CONFIRM |
| ibm — change_and_configuration_management_database | maximouiweb/webmodule/webclient/utility/merlin.jsp in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX004, and 7.6.0 before 7.6.0.1 IFIX002; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX004 and 7.6.0 before 7.6.0.1 IFIX002 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allows remote authenticated users to obtain sensitive information by reading a (1) backup or (2) debug application file. | 2015-10-05 | 4.0 | CVE-2015-4965 CONFIRM |
| ibm — change_and_configuration_management_database | SQL injection vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX004, and 7.6.0 before 7.6.0.1 IFIX002; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX004 and 7.6.0 before 7.6.0.1 IFIX002 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | 2015-10-05 | 6.5 | CVE-2015-4967 CONFIRM |
| ibm — b2b_advanced_communications | Cross-site scripting (XSS) vulnerability in IBM Multi-Enterprise Integration Gateway 1.x through 1.0.0.1 and B2B Advanced Communications 1.0.0.2 and 1.0.0.3 before 1.0.0.3_2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | 2015-10-05 | 4.3 | CVE-2015-4973 CONFIRM AIXAPAR |
| ibm — b2b_advanced_communications | IBM Multi-Enterprise Integration Gateway 1.x through 1.0.0.1 and B2B Advanced Communications 1.0.0.2 and 1.0.0.3 before 1.0.0.3_2, when access by guests is enabled, place an internal hostname and a payload path in a response, which allows remote authenticated users to obtain sensitive information by leveraging a trading-partner relationship and reading response fields. | 2015-10-05 | 4.3 | CVE-2015-5022 CONFIRM AIXAPAR |
| ibm — emptoris_sourcing | IBM Emptoris Sourcing 10.0.2.0 before iFix6, 10.0.2.2 before iFix11, 10.0.2.3, 10.0.2.5 before iFix4, 10.0.2.6 before iFix8, 10.0.2.7 before iFix1, and 10.0.4.x before iFix2 allows remote authenticated users to obtain sensitive supplier-bid information via unspecified vectors. | 2015-10-05 | 4.0 | CVE-2015-5024 CONFIRM |
| icz — matchasns | Multiple SQL injection vulnerabilities in ICZ MATCHA INVOICE before 2.5.7 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | 2015-10-05 | 6.5 | CVE-2015-5642 CONFIRM JVNDB JVN |
| icz — matchasns | The installer in ICZ MATCHA INVOICE before 2.5.7 does not properly configure the database, which allows remote attackers to execute arbitrary PHP code via unspecified vectors. | 2015-10-05 | 6.8 | CVE-2015-5643 CONFIRM JVNDB JVN |
| icz — matchasns | The installer in ICZ MATCHA SNS before 1.3.7 does not properly configure the database, which allows remote attackers to execute arbitrary PHP code via unspecified vectors. | 2015-10-05 | 6.8 | CVE-2015-5644 CONFIRM JVNDB JVN |
| icz — matchasns | ICZ MATCHA SNS before 1.3.7 allows remote authenticated users to obtain administrative privileges via unspecified vectors. | 2015-10-05 | 6.5 | CVE-2015-5645 CONFIRM JVNDB JVN |
| igniterealtime — openfire | Ignite Realtime Openfire 3.10.2 allows remote authenticated users to gain administrator access via the isadmin parameter to user-edit-form.jsp. | 2015-10-05 | 6.5 | CVE-2015-7707 EXPLOIT-DB MISC MISC MISC |
| juniper — pulse_connect_secure | The Secure Meeting (Pulse Collaboration) in Pulse Connect Secure (formerly Juniper Junos Pulse) before 7.1R22.1, 7.4, 8.0 before 8.0R11, and 8.1 before 8.1R3 provides different messages for attempts to join a meeting depending on the status of the meeting, which allows remote attackers to enumerate valid meeting ids via a series of requests. | 2015-10-05 | 5.0 | CVE-2015-7322 MISC CONFIRM |
| luke_mewburn — tnftpd | The glob implementation in tnftpd (formerly lukemftpd), as used in Apple OS X before 10.11, allows remote attackers to cause a denial of service (memory consumption and daemon outage) via a STAT command containing a crafted pattern, as demonstrated by multiple instances of the {..,..,..}/* substring. | 2015-10-09 | 5.0 | CVE-2015-5917 MISC CONFIRM MISC APPLE |
| ntp — ntp | ntp_crypto.c in ntpd in NTP 4.x before 4.2.8p1, when Autokey Authentication is enabled, allows remote attackers to obtain sensitive information from process memory or cause a denial of service (daemon crash) via a packet containing an extension field with an invalid value for the length of its value field. | 2015-10-05 | 5.8 | CVE-2014-9750 CERT-VN CONFIRM CONFIRM CONFIRM |
| ntp — ntp | The read_network_packet function in ntp_io.c in ntpd in NTP 4.x before 4.2.8p1 on Linux and OS X does not properly determine whether a source IP address is an IPv6 loopback address, which makes it easier for remote attackers to spoof restricted packets, and read or write to the runtime state, by leveraging the ability to reach the ntpd machine’s network interface with a packet from the ::1 address. | 2015-10-05 | 6.8 | CVE-2014-9751 CERT-VN CONFIRM CONFIRM CONFIRM |
| omron — cx-programmer | Omron CX-One CX-Programmer before 9.6, CJ2M PLC devices before 2.1, and CJ2H PLC devices before 1.5 rely on cleartext password transmission, which allows remote attackers to obtain sensitive information by sniffing the network during a PLC unlock request. | 2015-10-05 | 5.0 | CVE-2015-0987 MISC |
| simpestreams_project — simplestreams | Simple Streams (simplestreams) does not properly verify the GPG signatures of disk image files, which allows remote mirror servers to spoof disk images and have unspecified other impact via a 403 (aka Forbidden) response. | 2015-10-09 | 6.8 | CVE-2015-1337 CONFIRM UBUNTU UBUNTU |
| sqlite — sqlite | SQLite before 3.8.9, as used in Android before 5.1.1 LMY48T, allows attackers to gain privileges via a crafted application, aka internal bug 20099586. | 2015-10-06 | 6.8 | CVE-2015-6607 MLIST CONFIRM |
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| apple — mac_os_x | The Telephony component in Apple OS X before 10.11, when the Continuity feature is enabled, allows local users to bypass intended telephone-call restrictions via unspecified vectors. | 2015-10-09 | 1.9 | CVE-2015-3785 CONFIRM APPLE |
| apple — mac_os_x | AirScan in Apple OS X before 10.11 allows man-in-the-middle attackers to obtain eSCL packet payload data via unspecified vectors. | 2015-10-09 | 3.3 | CVE-2015-5853 CONFIRM APPLE |
| apple — mac_os_x | The backup implementation in Time Machine in Apple OS X before 10.11 allows local users to obtain access to keychain items via unspecified vectors. | 2015-10-09 | 2.1 | CVE-2015-5854 CONFIRM APPLE |
| apple — mac_os_x | IOAudioFamily in Apple OS X before 10.11 allows local users to obtain sensitive kernel memory-layout information via unspecified vectors. | 2015-10-09 | 2.1 | CVE-2015-5864 CONFIRM APPLE |
| apple — mac_os_x | The debugging interfaces in the kernel in Apple OS X before 10.11 allow local users to obtain sensitive memory-layout information via unspecified vectors. | 2015-10-09 | 2.1 | CVE-2015-5870 CONFIRM APPLE |
| apple — mac_os_x | Cross-site scripting (XSS) vulnerability in Notes in Apple OS X before 10.11 allows local users to inject arbitrary web script or HTML via crafted text. | 2015-10-09 | 2.1 | CVE-2015-5875 CONFIRM APPLE |
| apple — mac_os_x | Notes in Apple OS X before 10.11 misparses links, which allows local users to obtain sensitive information via unspecified vectors. | 2015-10-09 | 2.1 | CVE-2015-5878 CONFIRM APPLE |
| apple — mac_os_x | The Mail Drop feature in Mail in Apple OS X before 10.11 mishandles encryption parameters for attachments, which makes it easier for remote attackers to obtain sensitive information by sniffing the network during transmission of an S/MIME e-mail message with a large attachment. | 2015-10-09 | 3.3 | CVE-2015-5884 CONFIRM APPLE |
| apple — mac_os_x | SMBClient in SMB in Apple OS X before 10.11 allows local users to obtain sensitive kernel memory-layout information via unspecified vectors. | 2015-10-09 | 2.1 | CVE-2015-5893 CONFIRM APPLE |
| apple — mac_os_x | The Secure Empty Trash feature in Finder in Apple OS X before 10.11 improperly deletes Trash files, which might allow local users to obtain sensitive information by reading storage media, as demonstrated by reading a flash drive. | 2015-10-09 | 2.1 | CVE-2015-5901 CONFIRM APPLE |
| apple — iphone_os | Apple iOS before 9.0.2 does not properly restrict the options available on the lock screen, which allows physically proximate attackers to read contact data or view photos via unspecified vectors. | 2015-10-09 | 2.1 | CVE-2015-5923 CONFIRM APPLE |
| ibm — openpages_grc_platform | Cross-site scripting (XSS) vulnerability in IBM OpenPages GRC Platform 6.2 before IF7, 6.2.1 before 6.2.1.1 IF5, 7.0 before FP4, and 7.1 before FP1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2015-0144. | 2015-10-03 | 3.5 | CVE-2014-8916 CONFIRM |
| ibm — openpages_grc_platform | Cross-site scripting (XSS) vulnerability in IBM OpenPages GRC Platform 6.2 before IF7, 6.2.1 before 6.2.1.1 IF5, 7.0 before FP4, and 7.1 before FP1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2014-8916. | 2015-10-03 | 3.5 | CVE-2015-0144 CONFIRM |
| ibm — content_navigator | Cross-site scripting (XSS) vulnerability in IBM Content Navigator 2.0.2 before 2.0.2-ICN-FP007 and 2.0.3 before 2.0.3-ICN-FP003, as used in Content Manager, FileNet Content Manager, Content Foundation, Content Manager OnDemand, and other products, allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | 2015-10-03 | 3.5 | CVE-2015-1888 CONFIRM |
| ibm — change_and_configuration_management_database | IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX001, and 7.6.0 before 7.6.0.1 IFIX001; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX001 and 7.6.0 before 7.6.0.1 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products do not have an off autocomplete attribute for the password field, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation. | 2015-10-03 | 2.1 | CVE-2015-1933 CONFIRM |
| ibm — tivoli_common_reporting | Cross-site scripting (XSS) vulnerability in IBM Tivoli Common Reporting (TCR) 2.1 before IF13 and 2.1.1 before IF21, and TCR 3.1.x as used in Cognos Business Intelligence before 10.2 IF0015 and other products, allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | 2015-10-03 | 3.5 | CVE-2015-1969 CONFIRM |
| ibm — urbancode_build | Cross-site scripting (XSS) vulnerability in the Projects page in IBM UrbanCode Build 6.1.x before 6.1.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | 2015-10-03 | 3.5 | CVE-2015-1983 CONFIRM |
| ibm — tivoli_storage_flashcopy_manager | Cross-site scripting (XSS) vulnerability in IBM Tivoli Storage Manger for Virtual Environments: Data Protection for VMware 6.3 before 6.3.2.5, 6.4 before 6.4.3.1, and 7.1 before 7.1.3 and Tivoli Storage FlashCopy Manager for VMware 3.1 before 3.1.1.3, 3.2 before 3.2.0.6, and 4.1 before 4.1.3.0 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | 2015-10-03 | 3.5 | CVE-2015-1988 CONFIRM |
| ibm — websphere_extreme_scale | IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3 and 7.1.1 before 7.1.1.1 improperly performs logout actions, which allows remote attackers to bypass intended access restrictions by leveraging an unattended workstation. | 2015-10-03 | 2.1 | CVE-2015-2027 CONFIRM AIXAPAR AIXAPAR |
| ibm — websphere_extreme_scale | Cross-site scripting (XSS) vulnerability in IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3 and 7.1.1 before 7.1.1.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | 2015-10-03 | 3.5 | CVE-2015-2031 CONFIRM AIXAPAR AIXAPAR |
| ibm — change_and_configuration_management_database | Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX003, and 7.6.0 before 7.6.0.1 IFIX001; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX003 and 7.6.0 before 7.6.0.1 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | 2015-10-05 | 3.5 | CVE-2015-4944 CONFIRM |
| ibm — business_process_manager | Cross-site scripting (XSS) vulnerability in IBM Business Process Manager (BPM) 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, 8.5.5 through 8.5.5.0, and 8.5.6 before 8.5.6.0 CF1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | 2015-10-03 | 3.5 | CVE-2015-4955 CONFIRM AIXAPAR AIXAPAR AIXAPAR |
| ibm — emptoris | Cross-site scripting (XSS) vulnerability in IBM Emptoris Strategic Supply Management Platform and Emptoris Program Management 10.x before 10.0.1.4_iFix3, 10.0.2.x before 10.0.2.7_iFix1, 10.0.3.x before 10.0.3.2, and 10.0.4.x before 10.0.4.0_iFix1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | 2015-10-05 | 3.5 | CVE-2015-4971 CONFIRM |
| ibm — sterling_b2b_integrator | IBM Sterling B2B Integrator 5.2 before 5020500_8 allows remote authenticated users to conduct clickjacking attacks via unspecified vectors. | 2015-10-05 | 3.5 | CVE-2015-4992 CONFIRM AIXAPAR |
| juniper — pulse_connect_secure | The Secure Meeting (Pulse Collaboration) in Pulse Connect Secure (formerly Juniper Junos Pulse) before 7.1R22.1, 7.4, 8.0 before 8.0R11, and 8.1 before 8.1R3 allows remote authenticated users to bypass intended access restrictions and log into arbitrary meetings by leveraging a meeting id and meetingAppSun.jar. | 2015-10-05 | 3.5 | CVE-2015-7323 MISC MISC CONFIRM FULLDISC |
| omron — cx-programmer | Omron CX-One CX-Programmer before 9.6 uses a reversible format for password storage in project source-code files, which makes it easier for local users to obtain sensitive information by reading a file. | 2015-10-05 | 2.1 | CVE-2015-0988 MISC |
| omron — cx-programmer | Omron CX-One CX-Programmer before 9.6, CJ2M PLC devices before 2.1, and CJ2H PLC devices before 1.5 use a reversible format for password storage in object files on Compact Flash cards, which makes it easier for local users to obtain sensitive information by reading a file. | 2015-10-05 | 2.1 | CVE-2015-1015 MISC |
| symantec — netbackup_opscenter | Cross-site scripting (XSS) vulnerability in an application console in the server in Symantec NetBackup OpsCenter before 7.7.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 2015-10-05 | 3.5 | CVE-2015-6549 CONFIRM BID |
This product is provided subject to this Notification and this Privacy & Use policy.
Original release date: October 08, 2015
The Internet Crime Complaint Center (IC3) has issued an alert to consumers and merchants about the security risks involved with EMV Cards. An EMV card is a credit or debit card with a microchip that helps protect cardholder data. However, EMV cards may still be vulnerable to exploitation.
US-CERT encourages consumers and merchants to review the IC3 Alert for information on EMV card vulnerabilities and proactive defensive measures.
This product is provided subject to this Notification and this Privacy & Use policy.
Original release date: October 05, 2015
The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.
The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0
Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9
Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9
Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| apport_project — apport | kernel_crashdump in Apport before 2.19 allows local users to cause a denial of service (disk consumption) or possibly gain privileges via a (1) symlink or (2) hard link attack on /var/crash/vmcore.log. | 2015-10-01 | 7.2 | CVE-2015-1338 CONFIRM EXPLOIT-DB CONFIRM UBUNTU MISC FULLDISC MISC |
| bisonware — bisonftp | Directory traversal vulnerability in BisonWare BisonFTP 3.5 allows remote attackers to read arbitrary files via a ../ (dot dot slash) in a RETR command. | 2015-09-29 | 7.8 | CVE-2015-7602 EXPLOIT-DB |
| cisco — ios | The IPv6 snooping functionality in the first-hop security subsystem in Cisco IOS 12.2, 15.0, 15.1, 15.2, 15.3, 15.4, and 15.5 and IOS XE 3.2SE, 3.3SE, 3.3XO, 3.4SG, 3.5E, and 3.6E before 3.6.3E; 3.7E before 3.7.2E; 3.9S and 3.10S before 3.10.6S; 3.11S before 3.11.4S; 3.12S and 3.13S before 3.13.3S; and 3.14S before 3.14.2S does not properly implement the Control Plane Protection (aka CPPr) feature, which allows remote attackers to cause a denial of service (device reload) via a flood of ND packets, aka Bug ID CSCus19794. | 2015-09-27 | 7.8 | CVE-2015-6278 CONFIRM CISCO |
| cisco — ios | The IPv6 snooping functionality in the first-hop security subsystem in Cisco IOS 12.2, 15.0, 15.1, 15.2, 15.3, 15.4, and 15.5 and IOS XE 3.2SE, 3.3SE, 3.3XO, 3.4SG, 3.5E, and 3.6E before 3.6.3E; 3.7E before 3.7.2E; 3.9S and 3.10S before 3.10.6S; 3.11S before 3.11.4S; 3.12S and 3.13S before 3.13.3S; and 3.14S before 3.14.2S allows remote attackers to cause a denial of service (device reload) via a malformed ND packet with the Cryptographically Generated Address (CGA) option, aka Bug ID CSCuo04400. | 2015-09-27 | 7.8 | CVE-2015-6279 CONFIRM CISCO |
| cisco — ios | The SSHv2 functionality in Cisco IOS 15.2, 15.3, 15.4, and 15.5 and IOS XE 3.6E before 3.6.3E, 3.7E before 3.7.1E, 3.10S before 3.10.6S, 3.11S before 3.11.4S, 3.12S before 3.12.3S, 3.13S before 3.13.3S, and 3.14S before 3.14.1S does not properly implement RSA authentication, which allows remote attackers to obtain login access by leveraging knowledge of a username and the associated public key, aka Bug ID CSCus73013. | 2015-09-27 | 9.3 | CVE-2015-6280 CONFIRM CISCO |
| cisco — ios_xe | Cisco IOS XE 2.x and 3.x before 3.10.6S, 3.11.xS through 3.13.xS before 3.13.3S, and 3.14.xS through 3.15.xS before 3.15.1S allows remote attackers to cause a denial of service (device reload) via IPv4 packets that require NAT and MPLS actions, aka Bug ID CSCut96933. | 2015-09-25 | 7.8 | CVE-2015-6282 CISCO |
| cisco — anyconnect_secure_mobility_client | Untrusted search path vulnerability in the CMainThread::launchDownloader function in vpndownloader.exe in Cisco AnyConnect Secure Mobility Client 2.0 through 4.1 on Windows allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by dbghelp.dll, aka Bug ID CSCuv01279. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-4211. | 2015-09-25 | 7.2 | CVE-2015-6305 MISC CISCO |
| cisco — anyconnect_secure_mobility_client | Cisco AnyConnect Secure Mobility Client 4.1(8) on OS X and Linux does not verify pathnames before installation actions, which allows local users to obtain root privileges via a crafted installation file, aka Bug ID CSCuv11947. | 2015-09-25 | 7.2 | CVE-2015-6306 CISCO |
| codepeople — appointment_booking_calendar | SQL injection vulnerability in cpabc_appointments_admin_int_calendar_list.inc.php in the Appointment Booking Calendar plugin before 1.1.8 for WordPress allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to updating the username. | 2015-09-29 | 7.5 | CVE-2015-7319 CONFIRM BUGTRAQ |
| datalex — airline_booking_software | Datalex airline booking software before 2015-09-03 allows remote attackers to read or write to arbitrary user data via a modified profileId parameter to (1) ValidateFormAction.do or (2) ProfileConfirmEditAddressAction.do. | 2015-10-01 | 7.5 | CVE-2015-2858 CERT-VN |
| easyio — easyio-30p-sf | EasyIO EasyIO-30P-SF controllers with firmware before 0.5.21 and 2.x before 2.0.5.21, as used in Accutrol, Bar-Tech Automation, Infocon/EasyIO, Honeywell Automation India, Johnson Controls, SyxthSENSE, Transformative Wave Technologies, Tridium Asia Pacific, and Tridium Europe products, have a hardcoded password, which makes it easier for remote attackers to obtain access via unspecified vectors. | 2015-09-27 | 9.0 | CVE-2015-3974 MISC |
| emc — rsa_certificate_manager | Directory traversal vulnerability in EMC RSA OneStep 6.9 before build 559, as used in RSA Certificate Manager and RSA Registration Manager through 6.9 build 558 and other products, allows remote attackers to read arbitrary files via a crafted KCSOSC_ERROR_PAGE parameter. | 2015-10-01 | 7.8 | CVE-2015-4546 BUGTRAQ |
| endian_firewall — endian_firewall | Endian Firewall before 3.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) NEW_PASSWORD_1 or (2) NEW_PASSWORD_2 parameter to cgi-bin/chpasswd.cgi. | 2015-09-28 | 10.0 | CVE-2015-5082 EXPLOIT-DB EXPLOIT-DB EXPLOIT-DB MISC |
| google — android | Integer overflow in SampleTable.cpp in libstagefright in Android before 5.0.0 has unspecified impact and attack vectors, aka internal bug 15328708. | 2015-09-30 | 10.0 | CVE-2014-7915 CONFIRM MISC |
| google — android | Integer overflow in SampleTable.cpp in libstagefright in Android before 5.0.0 has unspecified impact and attack vectors, aka internal bug 15342751. | 2015-09-30 | 10.0 | CVE-2014-7916 CONFIRM MISC |
| google — android | Integer overflow in SampleTable.cpp in libstagefright in Android before 5.0.0 has unspecified impact and attack vectors, aka internal bug 15342615. | 2015-09-30 | 10.0 | CVE-2014-7917 CONFIRM MISC |
| google — android | Integer overflow in the native_handle_create function in libcutils/native_handle.c in Android before 5.1.1 LMY48M allows attackers to obtain a different application’s privileges or cause a denial of service (Binder heap memory corruption) via a crafted application, aka internal bug 19334482. | 2015-09-30 | 9.3 | CVE-2015-1528 MLIST CONFIRM CONFIRM |
| google — android | Integer overflow in the Bitmap_createFromParcel function in core/jni/android/graphics/Bitmap.cpp in Android before 5.1.1 LMY48I allows attackers to cause a denial of service (system_server crash) or obtain sensitive system_server memory-content information via a crafted application that leverages improper unmarshalling of bitmaps, aka internal bug 19666945. | 2015-09-30 | 8.5 | CVE-2015-1536 MLIST CONFIRM |
| google — android | Integer overflow in the SampleTable::setSampleToChunkParams function in SampleTable.cpp in libstagefright in Android before 5.1.1 LMY48I allows remote attackers to execute arbitrary code via crafted atoms in MP4 data that trigger an unchecked multiplication, aka internal bug 20139950, a related issue to CVE-2015-4496. | 2015-09-30 | 10.0 | CVE-2015-1538 MLIST CONFIRM |
| google — android | Multiple integer underflows in the ESDS::parseESDescriptor function in ESDS.cpp in libstagefright in Android before 5.1.1 LMY48I allow remote attackers to execute arbitrary code via crafted ESDS atoms, aka internal bug 20139950, a related issue to CVE-2015-4493. | 2015-09-30 | 10.0 | CVE-2015-1539 MLIST CONFIRM |
| google — android | The MPEG4Extractor::parseChunk function in MPEG4Extractor.cpp in libstagefright in Android before 5.1.1 LMY48I does not properly restrict size addition, which allows remote attackers to execute arbitrary code or cause a denial of service (integer overflow and memory corruption) via a crafted MPEG-4 tx3g atom, aka internal bug 20923261. | 2015-09-30 | 10.0 | CVE-2015-3824 MLIST CONFIRM |
| google — android | The MPEG4Extractor::parseChunk function in MPEG4Extractor.cpp in libstagefright in Android before 5.1.1 LMY48I does not validate the relationship between chunk sizes and skip sizes, which allows remote attackers to execute arbitrary code or cause a denial of service (integer underflow and memory corruption) via crafted MPEG-4 covr atoms, aka internal bug 20923261. | 2015-09-30 | 9.3 | CVE-2015-3827 MLIST CONFIRM |
| google — android | The MPEG4Extractor::parse3GPPMetaData function in MPEG4Extractor.cpp in libstagefright in Android before 5.1.1 LMY48I does not enforce a minimum size for UTF-16 strings containing a Byte Order Mark (BOM), which allows remote attackers to execute arbitrary code or cause a denial of service (integer underflow and memory corruption) via crafted 3GPP metadata, aka internal bug 20923261, a related issue to CVE-2015-3826. | 2015-09-30 | 10.0 | CVE-2015-3828 MLIST CONFIRM |
| google — android | Off-by-one error in the MPEG4Extractor::parseChunk function in MPEG4Extractor.cpp in libstagefright in Android before 5.1.1 LMY48I allows remote attackers to execute arbitrary code or cause a denial of service (integer overflow and memory corruption) via crafted MPEG-4 covr atoms with a size equal to SIZE_MAX, aka internal bug 20923261. | 2015-09-30 | 10.0 | CVE-2015-3829 MLIST CONFIRM |
| google — android | Buffer overflow in the readAt function in BpMediaHTTPConnection in media/libmedia/IMediaHTTPConnection.cpp in the mediaserver service in Android before 5.1.1 LMY48I allows attackers to execute arbitrary code via a crafted application, aka internal bug 19400722. | 2015-09-30 | 9.3 | CVE-2015-3831 MLIST CONFIRM |
| google — android | Multiple buffer overflows in MPEG4Extractor.cpp in libstagefright in Android before 5.1.1 LMY48I allow remote attackers to execute arbitrary code via invalid size values of NAL units in MP4 data, aka internal bug 19641538. | 2015-09-30 | 10.0 | CVE-2015-3832 MLIST CONFIRM |
| google — android | Multiple integer overflows in the BnHDCP::onTransact function in media/libmedia/IHDCP.cpp in libstagefright in Android before 5.1.1 LMY48I allow attackers to execute arbitrary code via a crafted application that uses HDCP encryption, leading to a heap-based buffer overflow, aka internal bug 20222489. | 2015-09-30 | 10.0 | CVE-2015-3834 MLIST CONFIRM |
| google — android | Buffer overflow in the OMXNodeInstance::emptyBuffer function in omx/OMXNodeInstance.cpp in libstagefright in Android before 5.1.1 LMY48I allows attackers to execute arbitrary code via a crafted application, aka internal bug 20634516. | 2015-09-30 | 9.3 | CVE-2015-3835 MLIST CONFIRM CONFIRM |
| google — android | The Parse_wave function in arm-wt-22k/lib_src/eas_mdls.c in the Sonivox DLS-to-EAS converter in Android before 5.1.1 LMY48I does not reject a negative value for a certain size field, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via crafted XMF data, aka internal bug 21132860. | 2015-09-30 | 10.0 | CVE-2015-3836 MLIST CONFIRM |
| google — android | The OpenSSLX509Certificate class in org/conscrypt/OpenSSLX509Certificate.java in Android before 5.1.1 LMY48I improperly includes certain context data during serialization and deserialization, which allows attackers to execute arbitrary code via an application that sends a crafted Intent, aka internal bug 21437603. | 2015-09-30 | 9.3 | CVE-2015-3837 MLIST CONFIRM |
| google — android | Multiple heap-based buffer overflows in libeffects in the Audio Policy Service in mediaserver in Android before 5.1.1 LMY48I allow attackers to execute arbitrary code via a crafted application, aka internal bug 21953516. | 2015-09-30 | 9.3 | CVE-2015-3842 MLIST CONFIRM |
| google — android | The SIM Toolkit (STK) framework in Android before 5.1.1 LMY48I allows attackers to (1) intercept or (2) emulate unspecified Telephony STK SIM commands via an application that sends a crafted Intent, related to com/android/internal/telephony/cat/AppInterface.java, aka internal bug 21697171. | 2015-09-30 | 9.3 | CVE-2015-3843 MLIST CONFIRM CONFIRM CONFIRM CONFIRM |
| google — android | The Region_createFromParcel function in core/jni/android/graphics/Region.cpp in Region in Android before 5.1.1 LMY48M does not check the return values of certain read operations, which allows attackers to execute arbitrary code via an application that sends a crafted message to a service, aka internal bug 21585255. | 2015-09-30 | 9.3 | CVE-2015-3849 MLIST CONFIRM CONFIRM |
| google — android | The checkDestination function in internal/telephony/SMSDispatcher.java in Android before 5.1.1 LMY48M relies on an obsolete permission name for an authorization check, which allows attackers to bypass an intended user-confirmation requirement for SMS short-code messaging via a crafted application, aka internal bug 22314646. | 2015-09-30 | 9.3 | CVE-2015-3858 MLIST CONFIRM |
| google — android | packages/Keyguard/res/layout/keyguard_password_view.xml in Lockscreen in Android 5.x before 5.1.1 LMY48M does not restrict the number of characters in the passwordEntry input field, which allows physically proximate attackers to bypass intended access restrictions via a long password that triggers a SystemUI crash, aka internal bug 22214934. | 2015-09-30 | 7.2 | CVE-2015-3860 MLIST CONFIRM CONFIRM MISC |
| google — android | Multiple integer overflows in the Blob class in keystore/keystore.cpp in Keystore in Android before 5.1.1 LMY48M allow attackers to execute arbitrary code and read arbitrary Keystore keys via an application that uses a crafted blob in an insert operation, aka internal bug 22802399. | 2015-09-30 | 9.3 | CVE-2015-3863 MLIST CONFIRM |
| google — android | Integer underflow in the MPEG4Extractor::parseChunk function in MPEG4Extractor.cpp in libstagefright in mediaserver in Android before 5.1.1 LMY48M allows remote attackers to execute arbitrary code via crafted MPEG-4 data, aka internal bug 23034759. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-3824. | 2015-09-30 | 10.0 | CVE-2015-3864 MLIST CONFIRM |
| google — android | libstagefright in Android through 5.1.1 LMY48M allows remote attackers to execute arbitrary code via crafted metadata in a (1) MP3 or (2) MP4 file. | 2015-10-01 | 9.3 | CVE-2015-3876 MISC MISC |
| google — android | SampleTable.cpp in libstagefright in Android before 5.1.1 LMY48I does not properly consider integer promotion, which allows remote attackers to execute arbitrary code or cause a denial of service (integer overflow and memory corruption) via crafted atoms in MP4 data, aka internal bug 20139950, a different vulnerability than CVE-2015-1538. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-7915, CVE-2014-7916, and/or CVE-2014-7917. | 2015-09-30 | 10.0 | CVE-2015-6575 MLIST CONFIRM |
| google — android | libutils in Android through 5.1.1 LMY48M allows remote attackers to execute arbitrary code via crafted metadata in a (1) MP3 or (2) MP4 file, as demonstrated by an attack against use of libutils by libstagefright in Android 5.x. | 2015-10-01 | 9.3 | CVE-2015-6602 MISC MISC |
| h5ai_project — h5ai | Unrestricted file upload vulnerability in h5ai before 0.25.0 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in the directory specified by the href parameter. | 2015-09-28 | 7.5 | CVE-2015-3203 EXPLOIT-DB CONFIRM |
| indusoft — web_studio | The Remote Agent component in Schneider Electric InduSoft Web Studio before 8.0 allows remote attackers to execute arbitrary code via unspecified vectors, aka ZDI-CAN-2649. | 2015-09-25 | 7.5 | CVE-2015-7374 CONFIRM |
| indusoft — web_studio | Schneider Electric InduSoft Web Studio before 8.0 allows remote attackers to execute arbitrary code or cause a denial of service (unhandled runtime exception and application crash) via a crafted Indusoft Project file. | 2015-09-25 | 7.5 | CVE-2015-7375 CONFIRM |
| konicaminolta — ftp_utility | Directory traversal vulnerability in Konica Minolta FTP Utility 1.0 allows remote attackers to read arbitrary files via a .. (dot dot backslash) in a RETR command. | 2015-09-29 | 7.8 | CVE-2015-7603 EXPLOIT-DB MISC |
| linuxcontainers — lxc | lxc-start in lxc before 1.0.8 and 1.1.x before 1.1.4 allows local container administrators to escape AppArmor confinement via a symlink attack on a (1) mount target or (2) bind mount source. | 2015-10-01 | 7.2 | CVE-2015-1335 MLIST CONFIRM CONFIRM UBUNTU MLIST |
| pcman’s_ftp_server_project — pcman’s_ftp_server | Directory traversal vulnerability in PCMan’s FTP Server 2.0.7 allows remote attackers to read arbitrary files via a ..// (dot dot double slash) in a RETR command. | 2015-09-29 | 7.8 | CVE-2015-7601 EXPLOIT-DB |
| qemu — qemu | Heap-based buffer overflow in the ne2000_receive function in hw/net/ne2000.c in QEMU before 2.4.0.1 allows guest OS users to cause a denial of service (instance crash) or possibly execute arbitrary code via vectors related to receiving packets. | 2015-09-28 | 7.2 | CVE-2015-5279 MLIST SECTRACK MLIST CONFIRM |
| refbase — refbase | install.php in Web Reference Database (aka refbase) through 0.9.6 allows remote attackers to execute arbitrary commands via the adminPassword parameter, a different issue than CVE-2015-7381. | 2015-09-27 | 7.5 | CVE-2015-6008 CERT-VN |
| refbase — refbase | Multiple SQL injection vulnerabilities in Web Reference Database (aka refbase) through 0.9.6 allow remote attackers to execute arbitrary SQL commands via (1) the where parameter to rss.php or (2) the sqlQuery parameter to search.php, a different issue than CVE-2015-7382. | 2015-09-27 | 7.5 | CVE-2015-6009 CERT-VN |
| refbase — refbase | Multiple PHP remote file inclusion vulnerabilities in install.php in Web Reference Database (aka refbase) through 0.9.6 allow remote attackers to execute arbitrary PHP code via the (1) pathToMYSQL or (2) databaseStructureFile parameter, a different issue than CVE-2015-6008. | 2015-09-27 | 7.5 | CVE-2015-7381 CERT-VN |
| refbase — refbase | SQL injection vulnerability in install.php in Web Reference Database (aka refbase) through 0.9.6 allows remote attackers to execute arbitrary SQL commands via the defaultCharacterSet parameter, a different issue than CVE-2015-6009. | 2015-09-27 | 7.5 | CVE-2015-7382 CERT-VN |
| roaring_penguin — remind | Buffer overflow in the DumpSysVar function in var.c in Remind before 3.1.15 allows attackers to have unspecified impact via a long name. | 2015-09-28 | 10.0 | CVE-2015-5957 MLIST MLIST MLIST SUSE |
| x2engine — x2crm | Incomplete blacklist vulnerability in the FileUploadsFilter class in protected/components/filters/FileUploadsFilter.php in X2Engine X2CRM before 5.0.9 allows remote authenticated users to execute arbitrary PHP code by uploading a file with a .pht extension. | 2015-09-29 | 7.5 | CVE-2015-5074 MISC CONFIRM FULLDISC |
| zohocorp — manageengine_eventlog_analyzer | ZOHO ManageEngine EventLog Analyzer 10.6 build 10060 and earlier allows remote attackers to bypass intended restrictions and execute arbitrary SQL commands via an allowed query followed by a disallowed one in the query parameter to event/runQuery.do, as demonstrated by “SELECT 1;INSERT INTO.” | 2015-09-28 | 7.5 | CVE-2015-7387 EXPLOIT-DB FULLDISC MISC |
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| adnovum — nevisauth | The SAML 2.0 implementation in AdNovum nevisAuth 4.13.0.0 before 4.18.3.1, when using SAML POST-Binding, does not match all attributes of the X.509 certificate embedded in the assertion against the certificate from the identity provider (IdP), which allows remote attackers to inject arbitrary SAML assertions via a crafted certificate. | 2015-09-28 | 5.0 | CVE-2015-5372 BUGTRAQ MISC MISC MISC |
| advantech — webaccess | Multiple stack-based buffer overflows in an unspecified DLL file in Advantech WebAccess before 8.0_20150816 allow remote attackers to execute arbitrary code via a crafted file that triggers long string arguments to functions. | 2015-09-27 | 6.9 | CVE-2014-9202 MISC |
| cisco — wireless_lan_controller_software | The RADIUS functionality on Cisco Wireless LAN Controller (WLC) devices with software 7.0(250.0) and 7.0(252.0) allows remote attackers to disconnect arbitrary sessions via crafted Disconnect-Request UDP packets, aka Bug ID CSCuw29419. | 2015-09-25 | 5.0 | CVE-2015-6302 CISCO |
| cisco — firepower | Cisco FirePOWER (formerly Sourcefire) 7000 and 8000 devices with software 5.4.0.1 allow remote attackers to cause a denial of service (inspection-engine outage) via crafted packets, aka Bug ID CSCuu10871. | 2015-09-27 | 6.1 | CVE-2015-6307 CISCO |
| codepeople — appointment_booking_calendar | Multiple cross-site scripting (XSS) vulnerabilities in cpabc_appointments_admin_int_bookings_list.inc.php in the Appointment Booking Calendar plugin before 1.1.8 for WordPress allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2015-09-29 | 4.3 | CVE-2015-7320 CONFIRM BUGTRAQ BUGTRAQ |
| codewrights — hart_comm_dtm | CodeWrights HART Comm DTM components, as used with Endress+Hauser FieldCare, allow remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a longtag XML schema containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | 2015-09-27 | 5.8 | CVE-2015-6463 MISC |
| cubecart — cubecart | classes/admin.class.php in CubeCart 5.2.12 through 5.2.16 and 6.x before 6.0.7 does not properly validate that a password reset request was made, which allows remote attackers to change the administrator password via a recovery request with a space character in the validate parameter and the administrator email in the email parameter. | 2015-09-28 | 6.8 | CVE-2015-6928 CONFIRM FULLDISC MISC |
| emc — rsa_identity_management_and_governance | Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Identity Management & Governance (IMG) before 7.0.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2015-09-25 | 4.3 | CVE-2015-4539 BUGTRAQ |
| emc — rsa_archer_grc | EMC RSA Archer GRC 5.x before 5.5.3 allows remote authenticated users to bypass intended access restrictions, and read or modify Discussion Forum Fields messages, via unspecified vectors. | 2015-09-25 | 6.5 | CVE-2015-4542 BUGTRAQ |
| emc — rsa_archer_grc | EMC RSA Archer GRC 5.x before 5.5.3 uses cleartext for stored passwords in unspecified circumstances, which allows remote authenticated users to obtain sensitive information by reading database fields. | 2015-09-25 | 4.0 | CVE-2015-4543 BUGTRAQ |
| everest — peakhmi | Everest PeakHMI before 8.7.0.2, when the video server is used, allows remote attackers to cause a denial of service (incorrect pointer dereference and daemon crash) via a crafted packet. | 2015-09-25 | 5.0 | CVE-2015-6454 MISC |
| freeimage_project — freeimage | Multiple integer underflows in PluginPCX.cpp in FreeImage 3.17.0 and earlier allow remote attackers to cause a denial of service (heap memory corruption) via vectors related to the height and width of a window. | 2015-09-29 | 5.0 | CVE-2015-0852 CONFIRM MLIST FEDORA |
| gnu — glibc | Buffer overflow in the gethostbyname_r and other unspecified NSS functions in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response, which triggers a call with a misaligned buffer. | 2015-09-28 | 6.8 | CVE-2015-1781 MLIST CONFIRM CONFIRM REDHAT BID SUSE |
| gnu — gnu_screen | The MScrollV function in ansi.c in GNU screen 4.3.1 and earlier does not properly limit recursion, which allows remote attackers to cause a denial of service (stack consumption) via an escape sequence with a large repeat count value. | 2015-09-28 | 5.0 | CVE-2015-6806 CONFIRM MLIST MLIST MLIST DEBIAN CONFIRM |
| google — android | The AppWidgetServiceImpl implementation in com/android/server/appwidget/AppWidgetServiceImpl.java in the Settings application in Android before 5.1.1 LMY48I allows attackers to obtain a URI permission via an application that sends an Intent with a (1) FLAG_GRANT_READ_URI_PERMISSION or (2) FLAG_GRANT_WRITE_URI_PERMISSION flag, as demonstrated by bypassing intended restrictions on reading contacts, aka internal bug 19618745. | 2015-09-30 | 4.3 | CVE-2015-1541 MLIST CONFIRM |
| google — android | The MPEG4Extractor::parse3GPPMetaData function in MPEG4Extractor.cpp in libstagefright in Android before 5.1.1 LMY48I does not enforce a minimum size for UTF-16 strings containing a Byte Order Mark (BOM), which allows remote attackers to cause a denial of service (integer underflow, buffer over-read, and mediaserver process crash) via crafted 3GPP metadata, aka internal bug 20923261, a related issue to CVE-2015-3828. | 2015-09-30 | 5.0 | CVE-2015-3826 MLIST CONFIRM |
| google — android | The getRunningAppProcesses function in services/core/java/com/android/server/am/ActivityManagerService.java in Android before 5.1.1 LMY48I allows attackers to bypass intended getRecentTasks restrictions and discover the name of the foreground application via a crafted application, aka internal bug 20034603. | 2015-09-30 | 4.3 | CVE-2015-3833 MLIST CONFIRM MISC |
| google — android | The getProcessRecordLocked method in services/core/java/com/android/server/am/ActivityManagerService.java in ActivityManager in Android before 5.1.1 LMY48I allows attackers to trigger incorrect process loading via a crafted application, as demonstrated by interfering with use of the Settings application, aka internal bug 21669445. | 2015-09-30 | 6.8 | CVE-2015-3844 MLIST CONFIRM |
| google — android | The Parcel::appendFrom function in libs/binder/Parcel.cpp in Binder in Android before 5.1.1 LMY48M does not consider parcel boundaries during identification of binder objects in an append operation, which allows attackers to obtain a different application’s privileges via a crafted application, aka internal bug 17312693. | 2015-09-30 | 6.8 | CVE-2015-3845 MLIST CONFIRM |
| google — android | Multiple integer overflows in the addVorbisCodecInfo function in matroska/MatroskaExtractor.cpp in libstagefright in mediaserver in Android before 5.1.1 LMY48M allow remote attackers to cause a denial of service (device inoperability) via crafted Matroska data, aka internal bug 21296336. | 2015-09-30 | 5.0 | CVE-2015-3861 MLIST CONFIRM |
| hp — integrated_lights-out_3_firmware | Unspecified vulnerability in HP Integrated Lights-Out (iLO) firmware 3 before 1.85 and 4 before 2.22 allows remote authenticated users to cause a denial of service via unknown vectors. | 2015-09-29 | 4.0 | CVE-2015-5435 HP |
| hp — software_update | Unspecified vulnerability in HP Software Update before 5.005.002.002 allows local users to gain privileges via unknown vectors. | 2015-09-29 | 4.6 | CVE-2015-5442 HP |
| ibc_solar — danfoss_tlx_pro+ | The interpreter in IBC Solar ServeMaster TLP+ and Danfoss TLX Pro+ allows remote attackers to discover script source code via unspecified vectors. | 2015-09-25 | 5.0 | CVE-2015-6469 MISC |
| ibc_solar — danfoss_tlx_pro+ | IBC Solar ServeMaster TLP+ and Danfoss TLX Pro+ allow remote attackers to discover cleartext passwords by reading HTML source code. | 2015-09-25 | 5.0 | CVE-2015-6474 MISC |
| ibc_solar — danfoss_tlx_pro+ | Multiple cross-site scripting (XSS) vulnerabilities in IBC Solar ServeMaster TLP+ and Danfoss TLX Pro+ allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2015-09-25 | 4.3 | CVE-2015-6475 MISC |
| ipython — notebook | The editor in IPython Notebook before 3.2.2 and Jupyter Notebook 4.0.x before 4.0.5 allows remote attackers to execute arbitrary JavaScript code via a crafted file, which triggers a redirect to files/, related to MIME types. | 2015-09-29 | 6.8 | CVE-2015-7337 CONFIRM CONFIRM CONFIRM MLIST MLIST FEDORA |
| mcafee — vulnerability_manager | Multiple cross-site request forgery (CSRF) vulnerabilities in the Organizations page in Enterprise Manager in McAfee Vulnerability Manager (MVM) 7.5.9 and earlier allow remote attackers to hijack the authentication of administrators for requests that have unspecified impact via unknown vectors. | 2015-10-01 | 6.8 | CVE-2015-7612 CONFIRM SECTRACK |
| nvidia — display_driver | The NVIDIA display driver R352 before 353.82 and R340 before 341.81 on Windows; R304 before 304.128, R340 before 340.93, and R352 before 352.41 on Linux; and R352 before 352.46 on GRID vGPU and vSGA allows local users to write to an arbitrary kernel memory location and consequently gain privileges via a crafted ioctl call. | 2015-09-29 | 6.9 | CVE-2015-5950 HP CONFIRM |
| open-xchange — open-xchange_appsuite | Cross-site scripting (XSS) vulnerability in unspecified dialogs for printing content in the Front End in Open-Xchange Server 6 and OX App Suite before 6.22.8-rev8, 6.22.9 before 6.22.9-rev15m, 7.x before 7.6.1-rev25, and 7.6.2 before 7.6.2-rev20 allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to object properties. | 2015-09-28 | 4.3 | CVE-2015-5375 BUGTRAQ CONFIRM |
| open-xchange_ox_guard — open-xchange_ox_guard | SQL injection vulnerability in the public key discovery API call in Open-Xchange OX Guard before 2.0.0-rev8 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | 2015-09-28 | 6.5 | CVE-2015-5703 BUGTRAQ CONFIRM |
| open_source_point_of_sale_project — open_source_point_of_sale | Multiple cross-site scripting (XSS) vulnerabilities in Open Source Point of Sale 2.3.1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 2015-09-29 | 4.0 | CVE-2015-0299 MISC |
| refbase — refbase | Cross-site request forgery (CSRF) vulnerability in Web Reference Database (aka refbase) through 0.9.6 allows remote attackers to hijack the authentication of arbitrary users. | 2015-09-27 | 6.8 | CVE-2015-6007 CERT-VN |
| refbase — refbase | Multiple cross-site scripting (XSS) vulnerabilities in Web Reference Database (aka refbase) through 0.9.6 and bleeding-edge before 2015-01-08 allow remote attackers to inject arbitrary web script or HTML via the (1) errorNo or (2) errorMsg parameter to error.php; the (3) viewType parameter to duplicate_manager.php; the (4) queryAction, (5) displayType, (6) citeOrder, (7) sqlQuery, (8) showQuery, (9) showLinks, (10) showRows, or (11) queryID parameter to query_manager.php; the (12) sourceText or (13) sourceIDs parameter to import.php; or the (14) typeName or (15) fileName parameter to modify.php. | 2015-09-27 | 4.3 | CVE-2015-6010 CERT-VN |
| refbase — refbase | Web Reference Database (aka refbase) through 0.9.6 and bleeding-edge before 2015-01-08 allows remote attackers to conduct XML injection attacks via (1) the id parameter to unapi.php or (2) the stylesheet parameter to sru.php. | 2015-09-27 | 5.0 | CVE-2015-6011 CERT-VN |
| refbase — refbase | Multiple open redirect vulnerabilities in Web Reference Database (aka refbase) through 0.9.6 and bleeding-edge before 2015-01-08 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the referrer parameter. | 2015-09-27 | 5.8 | CVE-2015-6012 CERT-VN |
| refbase — refbase | Multiple cross-site scripting (XSS) vulnerabilities in Web Reference Database (aka refbase) through 0.9.6 and bleeding-edge through 2015-04-28 allow remote attackers to inject arbitrary web script or HTML via the (1) adminUserName, (2) pathToMYSQL, (3) databaseStructureFile, or (4) pathToBibutils parameter to install.php or the (5) adminUserName parameter to update.php. | 2015-09-27 | 4.3 | CVE-2015-7383 CERT-VN |
| resource_data_management_data_manager — data_manager | Cross-site request forgery (CSRF) vulnerability in Resource Data Management Data Manager before 2.2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | 2015-09-25 | 6.8 | CVE-2015-6468 MISC |
| resource_data_management_data_manager — data_manager | Resource Data Management Data Manager before 2.2 allows remote authenticated users to modify arbitrary passwords via unspecified vectors. | 2015-09-25 | 5.5 | CVE-2015-6470 MISC |
| rpcbind_project — rpcbind | Use-after-free vulnerability in xprt_set_caller in rpcb_svc_com.c in rpcbind 0.2.1 and earlier allows remote attackers to cause a denial of service (daemon crash) via crafted packets, involving a PMAP_CALLIT code. | 2015-10-01 | 5.0 | CVE-2015-7236 FREEBSD UBUNTU MLIST MLIST MLIST DEBIAN |
| splunk — splunk | Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk Enterprise 6.2.x before 6.2.6 and Splunk Light 6.2.x before 6.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2015-09-29 | 4.3 | CVE-2015-7604 CONFIRM SECTRACK |
| squid-cache — squid | Squid before 3.5.6 does not properly handle CONNECT method peer responses when configured with cache_peer, which allows remote attackers to bypass intended restrictions and gain access to a backend proxy via a CONNECT request. | 2015-09-28 | 6.8 | CVE-2015-5400 CONFIRM CONFIRM CONFIRM CONFIRM MLIST MLIST MLIST MLIST DEBIAN |
| standards_based_linux_instrumentation — sblim-sfcb | The lookupProviders function in providerMgr.c in sblim-sfcb 1.3.4 and 1.3.18 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty className in a packet. | 2015-09-28 | 5.0 | CVE-2015-5185 MLIST SUSE |
| tibco — managed_file_transfer_command_center | TIBCO Managed File Transfer Internet Server before 7.2.5, Managed File Transfer Command Center before 7.2.5, Slingshot before 1.9.4, and Vault before 2.0.1 allow remote authenticated users to obtain sensitive information via a crafted HTTP request. | 2015-09-29 | 4.0 | CVE-2015-5711 CONFIRM CONFIRM |
| x2engine — x2crm | Cross-site request forgery (CSRF) vulnerability in X2Engine X2CRM before 5.2 allows remote attackers to hijack the authentication of administrators for requests that create an administrative account via a crafted request to index.php/users/create. | 2015-09-29 | 6.8 | CVE-2015-5075 MISC FULLDISC |
| x2engine — x2crm | Multiple cross-site scripting (XSS) vulnerabilities in X2Engine X2CRM before 5.0.9 allow remote attackers to inject arbitrary web script or HTML via the (1) version parameter in protected/views/admin/formEditor.php; the (2) importId parameter in protected/views/admin/rollbackImport.php; the (3) bc, (4) fg, (5) bgc, or (6) font parameter in protected/views/site/listener.php; the (7) Services[*] parameter in protected/components/views/webForm.php; the (8) file parameter in protected/components/TranslationManager.php; the (9) x2_key parameter in protected/tests/webscripts/x2WebTrackingTestPages/customWebLeadCaptureScriptTest.php; the (10) id parameter in protected/modules/contacts/controllers/ContactsController.php; or the (11) lastEventId parameter to index.php/profile/getEvents. | 2015-09-29 | 4.3 | CVE-2015-5076 MISC CONFIRM FULLDISC |
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| emc — rsa_identity_management_and_governance | Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Identity Management & Governance (IMG) before 6.8.1 P18 and 6.9.x before 6.9.1 P6 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 2015-09-25 | 3.5 | CVE-2015-4540 BUGTRAQ |
| emc — rsa_archer_grc | Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Archer GRC 5.x before 5.5.3 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 2015-09-25 | 3.5 | CVE-2015-4541 BUGTRAQ |
| ghozylab — gallery_-_photo_albums_-_portfolio | Multiple cross-site scripting (XSS) vulnerabilities in includes/metaboxes.php in the Gallery – Photo Albums – Portfolio plugin 1.3.47 for WordPress allow remote authenticated users to inject arbitrary web script or HTML via the (1) Media Title or (2) Media Subtitle fields. | 2015-09-28 | 3.5 | CVE-2015-7386 MISC MISC |
| openvz — vzctl | vzctl before 4.9.4 determines the virtual environment (VE) layout based on the presence of root.hdd/DiskDescriptor.xml in the VE private directory, which allows local simfs container (CT) root users to change the root password for arbitrary ploop containers, as demonstrated by a symlink attack on the ploop container root.hdd file and then access a control panel. | 2015-09-28 | 3.6 | CVE-2015-6927 CONFIRM CONFIRM DEBIAN |
| xen — xen | libxl in Xen 4.1.x through 4.6.x does not properly handle the readonly flag on disks when using the qemu-xen device model, which allows local guest users to write to a read-only disk image. | 2015-10-01 | 3.6 | CVE-2015-7311 CONFIRM CONFIRM SECTRACK FEDORA FEDORA FEDORA |
This product is provided subject to this Notification and this Privacy & Use policy.
Original release date: October 01, 2015
VMware has released security updates to address security vulnerabilities in vCenter and ESXi. Exploitation of one of these vulnerabilities may allow a remote attacker to take control of an affected system.
Users and administrators are encouraged to review VMware Security Advisory VMSA-2015-0007 and apply the necessary updates.
This product is provided subject to this Notification and this Privacy & Use policy.
Original release date: September 30, 2015
Apple has released security updates for OS X El Capitan, Safari, and iOS to address multiple vulnerabilities. Exploitation of some of these vulnerabilities may allow an attacker to run arbitrary code.
Available updates include:
US-CERT encourages users and administrators to review Apple security updates for OS X El Capitan, Safari, and iOS and apply the necessary updates.
This product is provided subject to this Notification and this Privacy & Use policy.
Original release date: September 28, 2015
The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.
The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0
Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9
Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9
Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| 3s-smart — codesys_gateway_server | Multiple heap-based buffer overflows in 3S-Smart CODESYS Gateway Server before 2.3.9.47 allow remote attackers to execute arbitrary code via opcode (1) 0x3ef or (2) 0x3f0. | 2015-09-18 | 7.5 | CVE-2015-6460 MISC MISC MISC |
| adobe — air | Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allow attackers to execute arbitrary code or cause a denial of service (stack memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5579. | 2015-09-22 | 10.0 | CVE-2015-5567 CONFIRM |
| adobe — air | Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allow attackers to cause a denial of service (vector-length corruption) or possibly have unspecified other impact via unknown vectors. | 2015-09-22 | 10.0 | CVE-2015-5568 CONFIRM |
| adobe — air | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-5574, CVE-2015-5581, CVE-2015-5584, and CVE-2015-6682. | 2015-09-22 | 10.0 | CVE-2015-5570 CONFIRM |
| adobe — air | Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allow attackers to execute arbitrary code by leveraging an unspecified “type confusion.” | 2015-09-22 | 10.0 | CVE-2015-5573 CONFIRM |
| adobe — air | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-5570, CVE-2015-5581, CVE-2015-5584, and CVE-2015-6682. | 2015-09-22 | 10.0 | CVE-2015-5574 CONFIRM |
| adobe — air | Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5577, CVE-2015-5578, CVE-2015-5580, CVE-2015-5582, CVE-2015-5588, and CVE-2015-6677. | 2015-09-22 | 10.0 | CVE-2015-5575 CONFIRM |
| adobe — air | Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5575, CVE-2015-5578, CVE-2015-5580, CVE-2015-5582, CVE-2015-5588, and CVE-2015-6677. | 2015-09-22 | 10.0 | CVE-2015-5577 CONFIRM |
| adobe — air | Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5575, CVE-2015-5577, CVE-2015-5580, CVE-2015-5582, CVE-2015-5588, and CVE-2015-6677. | 2015-09-22 | 10.0 | CVE-2015-5578 CONFIRM |
| adobe — air | Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allow attackers to execute arbitrary code or cause a denial of service (stack memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5567. | 2015-09-22 | 10.0 | CVE-2015-5579 CONFIRM |
| adobe — air | Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5575, CVE-2015-5577, CVE-2015-5578, CVE-2015-5582, CVE-2015-5588, and CVE-2015-6677. | 2015-09-22 | 10.0 | CVE-2015-5580 CONFIRM |
| adobe — air | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-5570, CVE-2015-5574, CVE-2015-5584, and CVE-2015-6682. | 2015-09-22 | 10.0 | CVE-2015-5581 CONFIRM |
| adobe — air | Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5575, CVE-2015-5577, CVE-2015-5578, CVE-2015-5580, CVE-2015-5588, and CVE-2015-6677. | 2015-09-22 | 10.0 | CVE-2015-5582 CONFIRM |
| adobe — air | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-5570, CVE-2015-5574, CVE-2015-5581, and CVE-2015-6682. | 2015-09-22 | 10.0 | CVE-2015-5584 CONFIRM |
| adobe — air | Stack-based buffer overflow in Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allows attackers to execute arbitrary code via unspecified vectors. | 2015-09-22 | 10.0 | CVE-2015-5587 CONFIRM |
| adobe — air | Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5575, CVE-2015-5577, CVE-2015-5578, CVE-2015-5580, CVE-2015-5582, and CVE-2015-6677. | 2015-09-22 | 10.0 | CVE-2015-5588 CONFIRM |
| adobe — air | Buffer overflow in Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-6678. | 2015-09-22 | 10.0 | CVE-2015-6676 CONFIRM |
| adobe — air | Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5575, CVE-2015-5577, CVE-2015-5578, CVE-2015-5580, CVE-2015-5582, and CVE-2015-5588. | 2015-09-22 | 10.0 | CVE-2015-6677 CONFIRM |
| adobe — air | Buffer overflow in Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-6676. | 2015-09-22 | 10.0 | CVE-2015-6678 CONFIRM |
| adobe — air | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-5570, CVE-2015-5574, CVE-2015-5581, and CVE-2015-5584. | 2015-09-22 | 10.0 | CVE-2015-6682 CONFIRM |
| apple — mac_os_x_server | Multiple unspecified vulnerabilities in Twisted in Wiki Server in Apple OS X Server before 5.0.3 allow attackers to have an unknown impact via an XML document. | 2015-09-18 | 10.0 | CVE-2015-5911 CONFIRM APPLE |
| avira — management_console | Use-after-free vulnerability in the Update Manager service in Avira Management Console allows remote attackers to execute arbitrary code via a large header. | 2015-09-21 | 10.0 | CVE-2015-7303 MISC |
| boxoft — boxoft_wav_to_mp3_converter | Buffer overflow in Boxoft WAV to MP3 Converter allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted WAV file. | 2015-09-18 | 7.5 | CVE-2015-7243 EXPLOIT-DB MISC |
| cisco — prime_collaboration_assurance | The web framework in Cisco Prime Collaboration Assurance before 10.5.1.53684-1 allows remote authenticated users to bypass intended access restrictions, and create administrative accounts or read data from arbitrary tenant domains, via a crafted URL, aka Bug IDs CSCus62671 and CSCus62652. | 2015-09-19 | 9.0 | CVE-2015-4304 CISCO |
| cisco — prime_collaboration_assurance | The web framework in Cisco Prime Collaboration Assurance before 10.5.1.53684-1 allows remote authenticated users to bypass intended login-session read restrictions, and impersonate administrators of arbitrary tenant domains, by discovering a session identifier and constructing a crafted URL, aka Bug IDs CSCus88343 and CSCus88334. | 2015-09-19 | 8.5 | CVE-2015-4306 CISCO |
| cisco — prime_collaboration_provisioning | The web framework in Cisco Prime Collaboration Provisioning before 11.0 allows remote authenticated users to bypass intended access restrictions and create administrative accounts via a crafted URL, aka Bug ID CSCut64111. | 2015-09-19 | 9.0 | CVE-2015-4307 CISCO |
| cisco — telepresence_server_software | Buffer overflow in the Conference Control Protocol API implementation in Cisco TelePresence Server software before 4.1(2.33) on 7010, MSE 8710, Multiparty Media 310 and 320, and Virtual Machine devices allows remote attackers to cause a denial of service (device crash) via a crafted URL, aka Bug ID CSCuu28277. | 2015-09-20 | 7.8 | CVE-2015-6284 CISCO |
| cisco — prime_network_registrar | Cisco Prime Network Registrar (CPNR) 8.1(3.3), 8.2(3), and 8.3(2) has a default account, which allows local users to obtain root access by leveraging knowledge of the credentials, aka Bug ID CSCuw21825. | 2015-09-18 | 7.2 | CVE-2015-6296 CISCO |
| ge — mds_pulsenet | GE Digital Energy MDS PulseNET and MDS PulseNET Enterprise before 3.1.5 have hardcoded credentials for a support account, which allows remote attackers to obtain administrative access, and consequently execute arbitrary code, by leveraging knowledge of the password. | 2015-09-18 | 9.0 | CVE-2015-6456 MISC MISC CONFIRM |
| ge — mds_pulsenet | Absolute path traversal vulnerability in the download feature in FileDownloadServlet in GE Digital Energy MDS PulseNET and MDS PulseNET Enterprise before 3.1.5 allows remote attackers to read or delete arbitrary files via a full pathname. | 2015-09-18 | 10.0 | CVE-2015-6459 MISC MISC CONFIRM |
| mozilla — firefox | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | 2015-09-24 | 7.5 | CVE-2015-4500 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
| mozilla — firefox | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 41.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | 2015-09-24 | 7.5 | CVE-2015-4501 CONFIRM CONFIRM CONFIRM |
| mozilla — firefox | Use-after-free vulnerability in the HTMLVideoElement interface in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allows remote attackers to execute arbitrary code via crafted JavaScript code that modifies the URI table of a media element, aka ZDI-CAN-3176. | 2015-09-24 | 7.5 | CVE-2015-4509 CONFIRM CONFIRM |
| mozilla — firefox | Mozilla Firefox before 41.0 allows remote attackers to bypass certain ECMAScript 5 (aka ES5) API protection mechanisms and modify immutable properties, and consequently execute arbitrary JavaScript code with chrome privileges, via a crafted web page that does not use ES5 APIs. | 2015-09-24 | 9.3 | CVE-2015-4516 CONFIRM CONFIRM |
| mozilla — firefox | NetworkUtils.cpp in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors. | 2015-09-24 | 7.5 | CVE-2015-4517 CONFIRM CONFIRM |
| mozilla — firefox | The ConvertDialogOptions function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors. | 2015-09-24 | 7.5 | CVE-2015-4521 CONFIRM CONFIRM |
| mozilla — firefox | The nsUnicodeToUTF8::GetMaxLength function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors, related to an “overflow.” | 2015-09-24 | 7.5 | CVE-2015-4522 CONFIRM CONFIRM |
| mozilla — firefox | The nsAttrAndChildArray::GrowBy function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors, related to an “overflow.” | 2015-09-24 | 7.5 | CVE-2015-7174 CONFIRM CONFIRM |
| mozilla — firefox | The XULContentSinkImpl::AddText function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors, related to an “overflow.” | 2015-09-24 | 7.5 | CVE-2015-7175 CONFIRM CONFIRM |
| mozilla — firefox | The AnimationThread function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 uses an incorrect argument to the sscanf function, which might allow remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via unknown vectors. | 2015-09-24 | 7.5 | CVE-2015-7176 CONFIRM CONFIRM |
| mozilla — firefox | The InitTextures function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors. | 2015-09-24 | 7.5 | CVE-2015-7177 CONFIRM CONFIRM |
| mozilla — firefox | The ProgramBinary::linkAttributes function in libGLES in ANGLE, as used in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 on Windows, mishandles shader access, which allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted (1) OpenGL or (2) WebGL content. | 2015-09-24 | 7.5 | CVE-2015-7178 CONFIRM CONFIRM |
| mozilla — firefox | The VertexBufferInterface::reserveVertexSpace function in libGLES in ANGLE, as used in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 on Windows, incorrectly allocates memory for shader attribute arrays, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via crafted (1) OpenGL or (2) WebGL content. | 2015-09-24 | 7.5 | CVE-2015-7179 CONFIRM CONFIRM |
| mozilla — firefox | The ReadbackResultWriterD3D11::Run function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 misinterprets the return value of a function call, which might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors. | 2015-09-24 | 7.5 | CVE-2015-7180 CONFIRM CONFIRM |
| philippine_long_distance_telephone — kasda_kw58293_firmware | Buffer overflow in form2ping.cgi on Philippine Long Distance Telephone (PLDT) SpeedSurf 504AN devices with firmware GAN9.8U26-4-TX-R6B018-PH.EN and Kasda KW58293 devices allows remote attackers to cause a denial of service (device outage) via a long ipaddr parameter. | 2015-09-21 | 7.8 | CVE-2015-5993 CERT-VN |
| sap — netweaver_j2ee_engine | SQL injection vulnerability in the BP_FIND_JOBS_WITH_PROGRAM function module in SAP NetWeaver J2EE Engine 7.40 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 2015-09-18 | 7.5 | CVE-2015-7239 MISC |
| securifi — almond-2015_firmware | Securifi Almond devices with firmware before AL1-R201EXP10-L304-W34 and Almond-2015 devices with firmware before AL2-R088M have a default password of admin for the admin account, which allows remote attackers to obtain web-management access by leveraging the ability to authenticate from the intranet. | 2015-09-21 | 7.3 | CVE-2015-2915 CERT-VN |
| sqlite — sqlite | Multiple unspecified vulnerabilities in SQLite before 3.8.10.2, as used in Apple iOS before 9, have unknown impact and attack vectors. | 2015-09-18 | 10.0 | CVE-2015-5895 CONFIRM APPLE |
| symantec — web_gateway | The management console on Symantec Web Gateway (SWG) appliances with software before 5.2.2 DB 5.0.0.1277 allows remote authenticated users to bypass intended access restrictions and execute arbitrary commands by leveraging a “redirect.” | 2015-09-20 | 8.5 | CVE-2015-5690 MISC CONFIRM BID |
| symantec — web_gateway | admin_messages.php in the management console on Symantec Web Gateway (SWG) appliances with software before 5.2.2 DB 5.0.0.1277 allows remote authenticated users to execute arbitrary code by uploading a file with a safe extension and content type, and then leveraging an improper Sudo configuration to make this a setuid-root file. | 2015-09-20 | 7.9 | CVE-2015-5692 MISC CONFIRM BID |
| symantec — web_gateway | The management console on Symantec Web Gateway (SWG) appliances with software before 5.2.2 DB 5.0.0.1277 allows remote authenticated users to execute arbitrary commands via vectors related to “traffic capture.” | 2015-09-20 | 7.9 | CVE-2015-5693 MISC CONFIRM BID |
| symantec — web_gateway | The management console on Symantec Web Gateway (SWG) appliances with software before 5.2.2 DB 5.0.0.1277 allows remote authenticated users to execute arbitrary commands at boot time via unspecified vectors. | 2015-09-20 | 8.3 | CVE-2015-6547 CONFIRM BID |
| vboxcomm — satellite_express_protocol | The ndvbs module in VBox Communications Satellite Express Protocol 2.3.17.3 allows local users to write to arbitrary physical memory locations and gain privileges via a 0x00000ffd ioctl call. | 2015-09-21 | 7.2 | CVE-2015-6923 MISC EXPLOIT-DB BUGTRAQ FULLDISC |
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| adobe — air | Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 do not properly restrict the SWF file format, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks against JSONP endpoints, and obtain sensitive information, via a crafted OBJECT element with SWF content satisfying the character-set requirements of a callback API. NOTE: this issue exists because of an incomplete fix for CVE-2014-4671 and CVE-2014-5333. | 2015-09-22 | 4.3 | CVE-2015-5571 CONFIRM |
| adobe — air | Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allow attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors. | 2015-09-22 | 5.0 | CVE-2015-5572 CONFIRM |
| adobe — air | Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 do not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism via unspecified vectors. | 2015-09-22 | 5.0 | CVE-2015-5576 CONFIRM |
| adobe — air | Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allow attackers to bypass the Same Origin Policy and obtain sensitive information via unspecified vectors. | 2015-09-22 | 5.0 | CVE-2015-6679 CONFIRM |
| apple — iphone_os | The __sflush function in fflush.c in stdio in libc in FreeBSD 10.1 and the kernel in Apple iOS before 9 mishandles failures of the write system call, which allows context-dependent attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow) via a crafted application. | 2015-09-18 | 6.9 | CVE-2014-8611 FREEBSD CONFIRM CONFIRM APPLE |
| apple — iphone_os | The document.cookie API implementation in the CFNetwork Cookies subsystem in WebKit in Apple iOS before 9 allows remote attackers to bypass an intended single-cookie restriction via unspecified vectors. | 2015-09-18 | 5.0 | CVE-2015-3801 CONFIRM APPLE |
| apple — xcode | IDE Xcode Server in Apple Xcode before 7.0 does not properly restrict access to repository e-mail lists, which allows remote attackers to obtain potentially sensitive build information in opportunistic circumstances by leveraging incorrect notification delivery. | 2015-09-18 | 5.0 | CVE-2015-5909 APPLE CONFIRM |
| apple — itunes | The Software Update component in Apple iTunes before 12.3 does not properly handle redirection, which allows man-in-the-middle attackers to discover encrypted SMB credentials via unspecified vectors. | 2015-09-18 | 4.3 | CVE-2015-5920 CONFIRM APPLE |
| atlassian — hipchat | The HipChat for JIRA plugin before 6.30.0 for Atlassian JIRA allows remote authenticated users to execute arbitrary Java code via unspecified vectors, related to “Velocity Template Injection Vulnerability.” | 2015-09-21 | 6.5 | CVE-2015-5603 CONFIRM BUGTRAQ MISC |
| bolt — bolt | The theme editor in Bolt before 2.2.5 does not check the file extension when renaming files, which allows remote authenticated users to execute arbitrary code by renaming a crafted file and then directly accessing it. | 2015-09-22 | 6.5 | CVE-2015-7309 CONFIRM EXPLOIT-DB MISC FULLDISC MISC MISC |
| cisco — prime_collaboration_assurance | The web framework in Cisco Prime Collaboration Assurance before 10.5.1.53684-1 allows remote authenticated users to bypass intended system-database read restrictions, and discover credentials or SNMP communities for arbitrary tenant domains, via a crafted URL, aka Bug ID CSCus62656. | 2015-09-19 | 4.0 | CVE-2015-4305 CISCO CISCO |
| cisco — ios | Cisco IOS 15.2(3)E and earlier and IOS XE 3.6(2)E and earlier allow remote attackers to cause a denial of service (functionality loss) via crafted Cisco Discovery Protocol (CDP) packets, aka Bug ID CSCuu25770. | 2015-09-18 | 6.1 | CVE-2015-6294 CISCO |
| cisco — nx-os | Cisco NX-OS 6.1(2)I3(4) and 7.0(3)I1(1) on Nexus 9000 (N9K) devices allows remote attackers to cause a denial of service (CPU consumption or control-plane instability) or trigger unintended traffic forwarding via a Layer 2 packet with a reserved VLAN number, aka Bug ID CSCuw13560. | 2015-09-20 | 4.8 | CVE-2015-6295 CISCO |
| cisco — ios_xr | The DHCPv6 server in Cisco IOS on ASR 9000 devices with software 5.2.0 Base allows remote attackers to cause a denial of service (process reset) via crafted packets, aka Bug ID CSCun36525. | 2015-09-18 | 5.0 | CVE-2015-6297 CISCO |
| cisco — unity_connection | SQL injection vulnerability in the web interface in Cisco Unity Connection 9.1(1.2) and earlier allows remote authenticated users to execute arbitrary SQL commands via a crafted POST request, aka Bug ID CSCuv63824. | 2015-09-20 | 6.5 | CVE-2015-6299 CISCO |
| cisco — secure_access_control_server | Cisco Secure Access Control Server (ACS) Solution Engine 5.7(0.15) allows remote authenticated users to cause a denial of service (SSH screen process crash) via crafted (1) CLI or (2) GUI commands, aka Bug ID CSCuw24694. | 2015-09-20 | 4.0 | CVE-2015-6300 CISCO |
| cisco — asr_9001 | The DHCPv6 server in Cisco IOS on ASR 9000 devices with software 5.2.0 Base allows remote attackers to cause a denial of service (process reset) via crafted packets, aka Bug ID CSCun72171. | 2015-09-20 | 5.0 | CVE-2015-6301 CISCO |
| cisco — spark | The Cisco Spark application 2015-07-04 for mobile operating systems does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate, aka Bug IDs CSCut36742 and CSCut36844. | 2015-09-24 | 4.3 | CVE-2015-6303 CISCO |
| cisco — telepresence_server_software | Cross-site request forgery (CSRF) vulnerability in Cisco TelePresence Server software 3.0(2.24) allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCut63718, CSCut63724, and CSCut63760. | 2015-09-24 | 6.8 | CVE-2015-6304 CISCO |
| dena — h20 | Directory traversal vulnerability in H2O before 1.4.5 and 1.5.x before 1.5.0-beta2, when the file.dir directive is enabled, allows remote attackers to read arbitrary files via a crafted URL. | 2015-09-20 | 4.3 | CVE-2015-5638 CONFIRM JVNDB JVN |
| drupaldise — cms_updater | The CMS Updater module 7.x-1.x before 7.x-1.3 for Drupal does not properly check access permissions, which allows remote authenticated users to access and change settings by leveraging the “access administration pages” permission. | 2015-09-21 | 4.9 | CVE-2015-7306 MISC CONFIRM |
| drupaldise — cms_updater | Cross-site scripting (XSS) vulnerability in the CMS Updater module 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving the configuration page. | 2015-09-21 | 4.3 | CVE-2015-7307 MISC CONFIRM |
| f5 — big-ip_advanced_firewall_manager | The FastL4 virtual server in F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, GTM, Link Controller, and PEM 11.3.0 through 11.5.2 and 11.6.0 through 11.6.0 HF4, BIG-IP Edge Gateway, WebAccelerator, and WOM 11.2.1 through 11.3.0, and BIG-IP PSM 11.2.1 through 11.4.1 allows remote attackers to cause a denial of service (Traffic Management Microkernel restart) via a fragmented packet. | 2015-09-18 | 5.0 | CVE-2015-4638 CONFIRM SECTRACK |
| ipython — notebook | Cross-site scripting (XSS) vulnerability in the file browser in notebook/notebookapp.py in IPython Notebook before 3.2.2 and Jupyter Notebook 4.0.x before 4.0.5 allows remote attackers to inject arbitrary web script or HTML via a folder name. NOTE: this was originally reported as a cross-site request forgery (CSRF) vulnerability, but this may be inaccurate. | 2015-09-21 | 4.3 | CVE-2015-6938 CONFIRM CONFIRM CONFIRM CONFIRM MLIST MLIST FEDORA FEDORA |
| joomla — joomla! | Cross-site scripting (XSS) vulnerability in the login module in Joomla! 3.4.x before 3.4.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2015-09-18 | 4.3 | CVE-2015-6939 SECTRACK CONFIRM |
| mcafee — mcafee_agent | Directory traversal vulnerability in the remote log viewing functionality in McAfee Agent (MA) 5.x before 5.0.2 allows remote attackers to obtain sensitive information via unspecified vectors. | 2015-09-18 | 5.0 | CVE-2015-7237 CONFIRM SECTRACK |
| mcafee — enterprise_security_manager | McAfee Enterprise Security Manager (ESM), Enterprise Security Manager/Log Manager (ESMLM), and Enterprise Security Manager/Receiver (ESMREC) before 9.3.2MR18, 9.4.x before 9.4.2MR8, and 9.5.x before 9.5.0MR7 allow remote authenticated users to execute arbitrary OS commands via a crafted filename, which is not properly handled when downloading the file. | 2015-09-22 | 6.5 | CVE-2015-7310 CONFIRM |
| mozilla — firefox | Mozilla Firefox before 41.0 on Android allows user-assisted remote attackers to spoof address-bar attributes by leveraging lack of navigation after a paste of a URL with a nonstandard scheme, as demonstrated by spoofing an SSL attribute. | 2015-09-24 | 4.3 | CVE-2015-4476 CONFIRM CONFIRM |
| mozilla — firefox | js/src/proxy/Proxy.cpp in Mozilla Firefox before 41.0 mishandles certain receiver arguments, which allows remote attackers to bypass intended window access restrictions via a crafted web site. | 2015-09-24 | 4.3 | CVE-2015-4502 CONFIRM CONFIRM CONFIRM |
| mozilla — firefox | The TCP Socket API implementation in Mozilla Firefox before 41.0 mishandles array boundaries that were established with a navigator.mozTCPSocket.open method call and send method calls, which allows remote TCP servers to obtain sensitive information from process memory by reading packet data, as demonstrated by availability of this API in a Firefox OS application. | 2015-09-24 | 5.0 | CVE-2015-4503 CONFIRM CONFIRM |
| mozilla — firefox | The lut_inverse_interp16 function in the QCMS library in Mozilla Firefox before 41.0 allows remote attackers to obtain sensitive information or cause a denial of service (buffer over-read and application crash) via crafted attributes in the ICC 4 profile of an image. | 2015-09-24 | 6.4 | CVE-2015-4504 CONFIRM CONFIRM |
| mozilla — firefox | updater.exe in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 on Windows allows local users to write to arbitrary files by conducting a junction attack and waiting for an update operation by the Mozilla Maintenance Service. | 2015-09-24 | 6.6 | CVE-2015-4505 CONFIRM CONFIRM |
| mozilla — firefox | Buffer overflow in the vp9_init_context_buffers function in libvpx, as used in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3, allows remote attackers to execute arbitrary code via a crafted VP9 file. | 2015-09-24 | 6.8 | CVE-2015-4506 CONFIRM CONFIRM |
| mozilla — firefox | The SavedStacks class in the JavaScript implementation in Mozilla Firefox before 41.0, when the Debugger API is enabled, allows remote attackers to cause a denial of service (getSlotRef assertion failure and application exit) or possibly execute arbitrary code via a crafted web site. | 2015-09-24 | 5.1 | CVE-2015-4507 CONFIRM CONFIRM |
| mozilla — firefox | Race condition in the WorkerPrivate::NotifyFeatures function in Mozilla Firefox before 41.0 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and application crash) by leveraging improper interaction between shared workers and the IndexedDB implementation. | 2015-09-24 | 6.8 | CVE-2015-4510 CONFIRM CONFIRM |
| mozilla — firefox | Heap-based buffer overflow in the nestegg_track_codec_data function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allows remote attackers to execute arbitrary code via a crafted header in a WebM video. | 2015-09-24 | 6.8 | CVE-2015-4511 CONFIRM CONFIRM |
| mozilla — firefox | gfx/2d/DataSurfaceHelpers.cpp in Mozilla Firefox before 41.0 on Linux improperly attempts to use the Cairo library with 32-bit color-depth surface creation followed by 16-bit color-depth surface display, which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) by using a CANVAS element to trigger 2D rendering. | 2015-09-24 | 6.4 | CVE-2015-4512 CONFIRM CONFIRM |
| mozilla — firefox | Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allow user-assisted remote attackers to bypass intended access restrictions and discover a redirect’s target URL via crafted JavaScript code that executes after a drag-and-drop action of an image into a TEXTBOX element. | 2015-09-24 | 4.3 | CVE-2015-4519 CONFIRM CONFIRM |
| mozilla — firefox | Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allow remote attackers to bypass CORS preflight protection mechanisms by leveraging (1) duplicate cache-key generation or (2) retrieval of a value from an incorrect HTTP Access-Control-* response header. | 2015-09-24 | 6.4 | CVE-2015-4520 CONFIRM CONFIRM CONFIRM |
| mozilla — firefox | Mozilla Firefox before 41.0 does not properly restrict the availability of High Resolution Time API times, which allows remote attackers to track last-level cache access, and consequently obtain sensitive information, via crafted JavaScript code that makes performance.now calls. | 2015-09-24 | 4.3 | CVE-2015-7327 CONFIRM CONFIRM CONFIRM MISC |
| newphoria_corporation — applican | The runtime engine in the Newphoria applican framework before 1.12.3 for Android and before 1.12.2 for iOS allows attackers to bypass a whitelist.xml URL whitelist protection mechanism and obtain API access via unspecified vectors. | 2015-09-20 | 6.8 | CVE-2015-5632 JVNDB JVN CONFIRM |
| newphoria_corporation — auction_camera | The Newphoria Auction Camera application for iOS and before 1.2 for Android allows attackers to bypass a URL whitelist protection mechanism and obtain API access via unspecified vectors. | 2015-09-20 | 6.8 | CVE-2015-5633 JVNDB JVN CONFIRM |
| newphoria_corporation — megaphone_music | The Newphoria MEGAPHONE MUSIC application before 1.1 for Android and before 1.1 for iOS allows attackers to bypass a URL whitelist protection mechanism and obtain API access via unspecified vectors. | 2015-09-20 | 6.8 | CVE-2015-5634 JVNDB JVN CONFIRM |
| newphoria_corporation — koritore | The Newphoria Koritore application before 1.1 for Android and before 1.1 for iOS allows attackers to bypass a URL whitelist protection mechanism and obtain API access via unspecified vectors. | 2015-09-20 | 6.8 | CVE-2015-5635 JVNDB JVN CONFIRM |
| newphoria_corporation — reversi | The Newphoria Reversi application before 1.0.3 for Android and before 1.2 for iOS allows attackers to bypass a URL whitelist protection mechanism and obtain API access via unspecified vectors. | 2015-09-20 | 6.8 | CVE-2015-5636 JVNDB JVN CONFIRM |
| newphoria_corporation — 1.1 | The Newphoria Photon application before 1.2 for Android allows attackers to bypass a URL whitelist protection mechanism and obtain API access via unspecified vectors. | 2015-09-20 | 6.8 | CVE-2015-5637 JVNDB JVN CONFIRM |
| ows — scald | The Scald module 7.x-1.x before 7.x-1.5 for Drupal does not properly restrict access to fields, which allows remote attackers to obtain sensitive atom property information via vectors involving a “debug context.” | 2015-09-21 | 5.0 | CVE-2015-7305 MISC CONFIRM |
| pentaho — business_analytics | The GetResource servlet in Pentaho Business Analytics (BA) Suite 4.5.x, 4.8.x, and 5.0.x through 5.2.x and Pentaho Data Integration (PDI) Suite 4.3.x, 4.4.x, and 5.0.x through 5.2.x does not restrict access to files in the pentaho-solutions/system folder, which allows remote attackers to obtain passwords and other sensitive information via a file name in the resource parameter. | 2015-09-22 | 5.0 | CVE-2015-6940 CONFIRM BUGTRAQ MISC |
| philippine_long_distance_telephone — kasda_kw58293_firmware | Cross-site request forgery (CSRF) vulnerability in form2WlanSetup.cgi on Philippine Long Distance Telephone (PLDT) SpeedSurf 504AN devices with firmware GAN9.8U26-4-TX-R6B018-PH.EN and Kasda KW58293 devices allows remote attackers to hijack the authentication of administrators for requests that perform setup operations, as demonstrated by modifying network settings. | 2015-09-21 | 6.8 | CVE-2015-5991 CERT-VN |
| philippine_long_distance_telephone — kasda_kw58293_firmware | Cross-site scripting (XSS) vulnerability in form2WlanSetup.cgi on Philippine Long Distance Telephone (PLDT) SpeedSurf 504AN devices with firmware GAN9.8U26-4-TX-R6B018-PH.EN and Kasda KW58293 devices allows remote attackers to inject arbitrary web script or HTML via the ssid parameter. | 2015-09-21 | 4.3 | CVE-2015-5992 CERT-VN |
| redhat — openshift | rubygem-openshift-origin-console in Red Hat OpenShift 2.2 allows remote authenticated users to execute arbitrary commands via a crafted request to the Broker. | 2015-09-18 | 6.5 | CVE-2015-5274 REDHAT |
| retrospect — retrospect | Retrospect and Retrospect Client before 10.0.2.119 on Windows, before 12.0.2.116 on OS X, and before 10.0.2.104 on Linux improperly generate password hashes, which makes it easier for remote attackers to bypass authentication and obtain access to backup files by leveraging a collision. | 2015-09-21 | 5.0 | CVE-2015-2864 CERT-VN CONFIRM MISC |
| schneider_electric — struxureware_building_expert_mpm | Schneider Electric StruxureWare Building Expert MPM before 2.15 does not use encryption for the client-server data stream, which allows remote attackers to discover credentials by sniffing the network. | 2015-09-18 | 5.0 | CVE-2015-3962 MISC CONFIRM |
| securifi — almond-2015_firmware | Securifi Almond devices with firmware before AL1-R201EXP10-L304-W34 and Almond-2015 devices with firmware before AL2-R088M use a fixed source-port number in outbound DNS queries performed on behalf of any device, which makes it easier for remote attackers to spoof responses by using this number for the destination port, a different vulnerability than CVE-2015-7296. | 2015-09-21 | 5.0 | CVE-2015-2914 CERT-VN |
| securifi — almond-2015_firmware | Cross-site request forgery (CSRF) vulnerability on Securifi Almond devices with firmware before AL1-R201EXP10-L304-W34 and Almond-2015 devices with firmware before AL2-R088M allows remote attackers to hijack the authentication of arbitrary users. | 2015-09-21 | 6.8 | CVE-2015-2916 CERT-VN |
| securifi — almond-2015_firmware | Securifi Almond devices with firmware before AL1-R201EXP10-L304-W34 and Almond-2015 devices with firmware before AL2-R088M unintentionally omit the X-Frame-Options HTTP header, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site that contains a (1) FRAME, (2) IFRAME, or (3) OBJECT element. | 2015-09-21 | 4.3 | CVE-2015-2917 CERT-VN |
| securifi — almond-2015_firmware | Securifi Almond devices with firmware before AL1-R201EXP10-L304-W34 and Almond-2015 devices with firmware before AL2-R088M use a linear algorithm for selecting the ID value in the header of a DNS query performed on behalf of the device itself, which makes it easier for remote attackers to spoof responses by including this ID value, as demonstrated by a response containing the address of the firmware update server, a different vulnerability than CVE-2015-2914. | 2015-09-21 | 4.3 | CVE-2015-7296 CERT-VN |
| sumome — google_analyticator | Multiple cross-site scripting (XSS) vulnerabilities in the Google Analyticator plugin before 6.4.9.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) ga_adsense, (2) ga_admin_disable_DimentionIndex, (3) ga_downloads_prefix, (4) ga_downloads, or (5) ga_outbound_prefix parameter in the google-analyticator page to wp-admin/admin.php. | 2015-09-21 | 4.3 | CVE-2015-6238 CONFIRM MISC MISC |
| symantec — endpoint_protection | Multiple untrusted search path vulnerabilities in the Manager component in Symantec Endpoint Protection (SEP) before 12.1.6 allow local users to gain privileges via a Trojan horse DLL in an unspecified directory. | 2015-09-20 | 4.4 | CVE-2014-9227 CONFIRM BID |
| symantec — endpoint_protection | sysplant.sys in the Manager component in Symantec Endpoint Protection (SEP) before 12.1.6 allows local users to cause a denial of service (blocked system shutdown) by triggering an unspecified deadlock condition. | 2015-09-20 | 4.9 | CVE-2014-9228 CONFIRM BID |
| symantec — endpoint_protection | Multiple SQL injection vulnerabilities in interface PHP scripts in the Manager component in Symantec Endpoint Protection (SEP) before 12.1.6 allow remote authenticated users to execute arbitrary SQL commands by leveraging the Limited Administrator role. | 2015-09-20 | 6.5 | CVE-2014-9229 CONFIRM BID |
| symantec — deployment_solution | ghostexp.exe in Ghost Explorer Utility in Symantec Ghost Solutions Suite (GSS) before 3.0 HF2 12.0.0.8010 and Symantec Deployment Solution (DS) before 7.6 HF4 12.0.0.7045 performs improper sign-extend operations before array-element accesses, which allows remote attackers to execute arbitrary code, cause a denial of service (application crash), or possibly obtain sensitive information via a crafted Ghost image. | 2015-09-20 | 6.8 | CVE-2015-5689 MISC CONFIRM BID |
| symantec — web_gateway | Multiple cross-site scripting (XSS) vulnerabilities in PHP scripts in the management console on Symantec Web Gateway (SWG) appliances with software before 5.2.2 DB 5.0.0.1277 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, as demonstrated an attack against admin_messages.php. | 2015-09-20 | 4.3 | CVE-2015-5691 MISC CONFIRM BID |
| symantec — web_gateway | Multiple SQL injection vulnerabilities in a PHP script in the management console on Symantec Web Gateway (SWG) appliances with software before 5.2.2 DB 5.0.0.1277 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | 2015-09-20 | 5.8 | CVE-2015-6548 CONFIRM BID |
| vmware — vcenter_server | VMware vCenter Server 5.5 before u3 and 6.0 before u1 does not verify X.509 certificates from TLS LDAP servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 2015-09-18 | 5.8 | CVE-2015-6932 CONFIRM |
| xiph — vorbis-tools | Buffer overflow in the aiff_open function in oggenc/audio.c in vorbis-tools 1.4.0 and earlier allows remote attackers to cause a denial of service (crash) via a crafted AIFF file. | 2015-09-21 | 4.3 | CVE-2015-6749 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM MLIST MLIST FEDORA FEDORA |
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| apple — iphone_os | CFNetwork in Apple iOS before 9 relies on the hardware UID for its cache encryption key, which makes it easier for physically proximate attackers to obtain sensitive information by obtaining this UID. | 2015-09-18 | 2.1 | CVE-2015-5898 CONFIRM APPLE |
| apple — xcode | IDE Xcode Server in Apple Xcode before 7.0 does not ensure that server traffic is encrypted, which allows remote attackers to obtain sensitive information by sniffing the network. | 2015-09-18 | 3.3 | CVE-2015-5910 APPLE CONFIRM |
| drupaljedi — amocrm | Cross-site scripting (XSS) vulnerability in the amoCRM module 7.x-1.x before 7.x-1.2 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified HTTP POST data. | 2015-09-21 | 2.6 | CVE-2015-7304 MISC CONFIRM |
| mcafee — threat_intelligence_exchange | The Secondary server in Threat Intelligence Exchange (TIE) before 1.2.0 uses weak permissions for unspecified (1) configuration files and (2) installation logs, which allows local users to obtain sensitive information by reading the files. | 2015-09-18 | 2.1 | CVE-2015-7238 CONFIRM |
| mozilla — firefox | Mozilla Firefox before 41.0, when reader mode is enabled, allows remote attackers to spoof the relationship between address-bar URLs and web content via a crafted web site. | 2015-09-24 | 2.6 | CVE-2015-4508 CONFIRM CONFIRM |
This product is provided subject to this Notification and this Privacy & Use policy.