SB15-236: Vulnerability Summary for the Week of August 17, 2015

Original release date: August 24, 2015

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0

  • Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9

  • Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
aegirproject — hostmaster The Hostmaster (Aegir) module 6.x-2.x before 6.x-2.4 and 7.x-3.x before 7.x-3.0-beta2 for Drupal allows remote attackers to execute arbitrary PHP code via a crafted file in the directory used to write Apache vhost files for hosted sites in a multi-site environment. 2015-08-18 7.5 CVE-2015-5501
MISC
MLIST
CONFIRM
CONFIRM
apple — mac_os_x dyld in Apple OS X before 10.10.5 does not properly validate pathnames in the environment, which allows local users to gain privileges via unspecified vectors. 2015-08-16 7.2 CVE-2015-3760
CONFIRM
APPLE
apple — mac_os_x The kernel in Apple OS X before 10.10.5 does not properly validate pathnames in the environment, which allows local users to gain privileges via unspecified vectors. 2015-08-16 7.2 CVE-2015-3761
CONFIRM
APPLE
apple — mac_os_x udf in Apple OS X before 10.10.5 allows local users to gain privileges or cause a denial of service (memory corruption and application crash) via a malformed DMG image. 2015-08-16 7.2 CVE-2015-3767
CONFIRM
APPLE
apple — iphone_os Integer overflow in the kernel in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to execute arbitrary code in a privileged context via a crafted app that makes unspecified IOKit API calls. 2015-08-16 9.3 CVE-2015-3768
CONFIRM
CONFIRM
APPLE
APPLE
apple — mac_os_x IOFireWireFamily in Apple OS X before 10.10.5 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-3771 and CVE-2015-3772. 2015-08-16 7.2 CVE-2015-3769
CONFIRM
APPLE
apple — mac_os_x IOGraphics in Apple OS X before 10.10.5 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2015-5783. 2015-08-16 9.3 CVE-2015-3770
CONFIRM
APPLE
apple — mac_os_x IOFireWireFamily in Apple OS X before 10.10.5 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-3769 and CVE-2015-3772. 2015-08-16 7.2 CVE-2015-3771
CONFIRM
APPLE
apple — mac_os_x IOFireWireFamily in Apple OS X before 10.10.5 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-3769 and CVE-2015-3771. 2015-08-16 7.2 CVE-2015-3772
CONFIRM
APPLE
apple — mac_os_x The SMB client in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors. 2015-08-16 7.5 CVE-2015-3773
CONFIRM
APPLE
apple — mac_os_x Apple OS X before 10.10.5 does not properly implement authentication, which allows local users to obtain admin privileges via unspecified vectors. 2015-08-16 7.2 CVE-2015-3775
CONFIRM
APPLE
apple — iphone_os IOKit in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption and application crash) via a malformed plist. 2015-08-16 9.3 CVE-2015-3776
CONFIRM
CONFIRM
APPLE
APPLE
apple — mac_os_x Multiple buffer overflows in blued in the Bluetooth subsystem in Apple OS X before 10.10.5 allow local users to gain privileges via XPC messages. 2015-08-16 7.2 CVE-2015-3777
CONFIRM
APPLE
apple — mac_os_x SceneKit in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors. 2015-08-16 7.5 CVE-2015-3783
CONFIRM
APPLE
apple — iphone_os libxpc in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app that sends a malformed XPC message. 2015-08-16 9.3 CVE-2015-3795
CONFIRM
CONFIRM
APPLE
APPLE
apple — iphone_os The TRE library in Libc in Apple iOS before 8.4.1 and OS X before 10.10.5 allows context-dependent attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted regular expression, a different vulnerability than CVE-2015-3797 and CVE-2015-3798. 2015-08-16 7.5 CVE-2015-3796
CONFIRM
CONFIRM
APPLE
APPLE
apple — iphone_os The TRE library in Libc in Apple iOS before 8.4.1 and OS X before 10.10.5 allows context-dependent attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted regular expression, a different vulnerability than CVE-2015-3796 and CVE-2015-3798. 2015-08-16 7.5 CVE-2015-3797
CONFIRM
CONFIRM
APPLE
APPLE
apple — iphone_os The TRE library in Libc in Apple iOS before 8.4.1 and OS X before 10.10.5 allows context-dependent attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted regular expression, a different vulnerability than CVE-2015-3796 and CVE-2015-3797. 2015-08-16 7.5 CVE-2015-3798
CONFIRM
CONFIRM
APPLE
APPLE
apple — mac_os_x The Apple ID OD plug-in in Apple OS X before 10.10.5 allows attackers to change arbitrary user passwords via a crafted app. 2015-08-16 9.3 CVE-2015-3799
CONFIRM
APPLE
apple — iphone_os The DiskImages component in Apple iOS before 8.4.1 and OS X before 10.10.5 allows local users to gain privileges or cause a denial of service (memory corruption and application crash) via a malformed DMG image. 2015-08-16 7.2 CVE-2015-3800
CONFIRM
CONFIRM
APPLE
APPLE
apple — iphone_os Apple iOS before 8.4.1 and OS X before 10.10.5 allow local users to bypass a code-signing protection mechanism via a crafted Mach-O file, a different vulnerability than CVE-2015-3805. 2015-08-16 7.2 CVE-2015-3802
CONFIRM
CONFIRM
APPLE
APPLE
apple — iphone_os Apple iOS before 8.4.1 and OS X before 10.10.5 allow local users to bypass a code-signing protection mechanism via a crafted multi-architecture executable file. 2015-08-16 7.2 CVE-2015-3803
CONFIRM
CONFIRM
APPLE
APPLE
apple — iphone_os FontParser in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file, a different vulnerability than CVE-2015-5756 and CVE-2015-5775. 2015-08-16 7.5 CVE-2015-3804
CONFIRM
CONFIRM
APPLE
APPLE
apple — iphone_os Apple iOS before 8.4.1 and OS X before 10.10.5 allow local users to bypass a code-signing protection mechanism via a crafted Mach-O file, a different vulnerability than CVE-2015-3802. 2015-08-16 7.2 CVE-2015-3805
CONFIRM
CONFIRM
APPLE
APPLE
apple — iphone_os Apple iOS before 8.4.1 and OS X before 10.10.5 allow local users to bypass a code-signing protection mechanism by appending code to a crafted executable file. 2015-08-16 7.2 CVE-2015-3806
CONFIRM
CONFIRM
APPLE
APPLE
apple — mac_os_x Data Detectors Engine in Apple OS X before 10.10.5 allows attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted series of Unicode characters. 2015-08-16 7.5 CVE-2015-5750
CONFIRM
APPLE
apple — mac_os_x Race condition in runner in Install.framework in the Install Framework Legacy component in Apple OS X before 10.10.5 allows attackers to execute arbitrary code in a privileged context via a crafted app that leverages incorrect privilege dropping associated with a locking error. 2015-08-16 9.3 CVE-2015-5754
CONFIRM
APPLE
apple — iphone_os libpthread in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via an app that uses a crafted syscall to interfere with locking. 2015-08-16 9.3 CVE-2015-5757
CONFIRM
CONFIRM
APPLE
APPLE
apple — mac_os_x ntfs in Apple OS X before 10.10.5 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors. 2015-08-16 7.2 CVE-2015-5763
CONFIRM
APPLE
apple — iphone_os The MSVDX driver in Apple iOS before 8.4.1 allows remote attackers to cause a denial of service (device crash) via a crafted video. 2015-08-16 7.1 CVE-2015-5769
CONFIRM
APPLE
apple — iphone_os Buffer overflow in IOHIDFamily in Apple iOS before 8.4.1 and OS X before 10.10.5 allows local users to gain privileges via unspecified vectors. 2015-08-16 7.2 CVE-2015-5774
CONFIRM
CONFIRM
APPLE
APPLE
apple — iphone_os FontParser in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file, a different vulnerability than CVE-2015-3804 and CVE-2015-5756. 2015-08-16 7.5 CVE-2015-5775
CONFIRM
CONFIRM
APPLE
APPLE
apple — iphone_os Libinfo in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by leveraging use of an AF_INET6 socket. 2015-08-16 7.5 CVE-2015-5776
CONFIRM
CONFIRM
APPLE
APPLE
apple — quicktime QuickTime 7 in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file, a different vulnerability than CVE-2015-3765, CVE-2015-3779, CVE-2015-3788, CVE-2015-3789, CVE-2015-3790, CVE-2015-3791, CVE-2015-3792, CVE-2015-5751, and CVE-2015-5753. 2015-08-16 7.5 CVE-2015-5779
CONFIRM
APPLE
apple — mac_os_x IOGraphics in Apple OS X before 10.10.5 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2015-3770. 2015-08-16 9.3 CVE-2015-5783
CONFIRM
APPLE
apple — mac_os_x runner in Install.framework in the Install Framework Legacy component in Apple OS X before 10.10.5 does not properly drop privileges, which allows attackers to execute arbitrary code in a privileged context via a crafted app. 2015-08-16 9.3 CVE-2015-5784
CONFIRM
APPLE
arabportal — arab_portal SQL injection vulnerability in Arab Portal 3 allows remote attackers to execute arbitrary SQL commands via the showemail parameter in a signup action to members.php. 2015-08-18 7.5 CVE-2015-6519
MISC
EXPLOIT-DB
MISC
cisco — telepresence_video_communication_server_software The CLI in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 allows local users to obtain root privileges by writing script arguments to an unspecified file, aka Bug ID CSCuv12542. 2015-08-19 7.2 CVE-2015-4327
CISCO
emc — rsa_bsafe Integer underflow in the base64-decoding implementation in EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.8 and 4.1.x before 4.1.3, RSA BSAFE Crypto-C Micro Edition (Crypto-C ME) before 4.0.4 and 4.1, and RSA BSAFE SSL-C 2.8.9 and earlier allows remote attackers to cause a denial of service (memory corruption or segmentation fault) or possibly have unspecified other impact via crafted base64 data, a similar issue to CVE-2015-0292. 2015-08-20 7.5 CVE-2015-0537
BUGTRAQ
emc — documentum_content_server EMC Documentum Content Server before 6.7SP1 P32, 6.7SP2 before P25, 7.0 before P19, 7.1 before P16, and 7.2 before P02 does not properly check authorization for subgroups of privileged groups, which allows remote authenticated sysadmins to gain super-user privileges, and bypass intended restrictions on data access and server actions, via unspecified vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-4622. 2015-08-20 9.0 CVE-2015-4531
BUGTRAQ
emc — documentum_content_server EMC Documentum Content Server before 6.7SP1 P32, 6.7SP2 before P25, 7.0 before P19, 7.1 before P16, and 7.2 before P02 does not properly check authorization and does not properly restrict object types, which allows remote authenticated users to run save RPC commands with super-user privileges, and consequently execute arbitrary code, via unspecified vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2514. 2015-08-20 9.0 CVE-2015-4532
BUGTRAQ
emc — documentum_content_server EMC Documentum Content Server before 6.7SP1 P32, 6.7SP2 before P25, 7.0 before P19, 7.1 before P16, and 7.2 before P02 does not properly check authorization after creation of an object, which allows remote authenticated users to execute arbitrary code with super-user privileges via a custom script. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2513. 2015-08-20 9.0 CVE-2015-4533
BUGTRAQ
emc — documentum_content_server Java Method Server (JMS) in EMC Documentum Content Server before 6.7SP1 P32, 6.7SP2 before P25, 7.0 before P19, 7.1 before P16, and 7.2 before P02 allows remote authenticated users to execute arbitrary code by forging a signature for a query string that lacks the method_verb parameter. 2015-08-20 9.0 CVE-2015-4534
BUGTRAQ
emc — documentum_content_server Java Method Server (JMS) in EMC Documentum Content Server before 6.7SP1 P32, 6.7SP2 before P25, 7.0 before P19, 7.1 before P16, and 7.2 before P02, when __debug_trace__ is configured, allows remote authenticated users to gain super-user privileges by leveraging the ability to read a log file containing a login ticket. 2015-08-20 7.5 CVE-2015-4535
BUGTRAQ
fastglass — storage_api The Storage API module 7.x-1.x before 7.x-1.8 for Drupal does not properly restrict access to Storage API fields attached to entities that are not nodes, which allows remote attackers to have unspecified impact via unknown vectors. 2015-08-18 7.5 CVE-2015-5502
MISC
CONFIRM
MLIST
j2store — j2store Multiple SQL injection vulnerabilities in the J2Store (com_j2store) extension before 3.1.7 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) sortby or (2) manufacturer_ids[] parameter to index.php. 2015-08-18 7.5 CVE-2015-6513
CONFIRM
MISC
MISC
microsoft — office Microsoft Office 2007 SP3, 2010 SP2, and 2013 SP1 allows remote attackers to execute arbitrary code via a crafted document, aka “Microsoft Office Memory Corruption Vulnerability.” 2015-08-14 9.3 CVE-2015-1642
MS
microsoft — windows_10 Mount Manager in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 mishandles symlinks, which allows physically proximate attackers to execute arbitrary code by connecting a crafted USB device, aka “Mount Manager Elevation of Privilege Vulnerability.” 2015-08-14 7.2 CVE-2015-1769
MS
microsoft — windows_7 Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow attackers to bypass an application sandbox protection mechanism and perform unspecified registry actions via a crafted application, aka “Windows Registry Elevation of Privilege Vulnerability.” 2015-08-14 9.3 CVE-2015-2429
MS
microsoft — windows_7 Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow attackers to bypass an application sandbox protection mechanism and perform unspecified filesystem actions via a crafted application, aka “Windows Filesystem Elevation of Privilege Vulnerability.” 2015-08-14 9.3 CVE-2015-2430
MS
microsoft — live_meeting Microsoft Office 2007 SP3 and 2010 SP2, Live Meeting 2007 Console, Lync 2010, Lync 2010 Attendee, Lync 2013 SP1, and Lync Basic 2013 SP1 allow remote attackers to execute arbitrary code via a crafted Office Graphics Library (OGL) font, aka “Microsoft Office Graphics Component Remote Code Execution Vulnerability.” 2015-08-14 9.3 CVE-2015-2431
MS
microsoft — windows_7 ATMFD.DLL in the Windows Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a crafted OpenType font, aka “OpenType Font Parsing Vulnerability.” 2015-08-14 9.3 CVE-2015-2432
MS
microsoft — excel Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Windows 10, Office 2007 SP3 and 2010 SP2, Live Meeting 2007 Console, Lync 2010, Lync 2010 Attendee, Lync 2013 SP1, Lync Basic 2013 SP1, and Silverlight before 5.1.40728 allow remote attackers to execute arbitrary code via a crafted TrueType font, aka “TrueType Font Parsing Vulnerability.” 2015-08-14 9.3 CVE-2015-2435
MS
microsoft — internet_explorer Microsoft Internet Explorer 7 through 11 and Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Memory Corruption Vulnerability,” a different vulnerability than CVE-2015-2452. 2015-08-14 9.3 CVE-2015-2441
MS
MS
microsoft — internet_explorer Microsoft Internet Explorer 8 through 11 and Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Memory Corruption Vulnerability,” a different vulnerability than CVE-2015-2444. 2015-08-14 9.3 CVE-2015-2442
MS
MS
microsoft — internet_explorer Microsoft Internet Explorer 11 and Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Memory Corruption Vulnerability,” a different vulnerability than CVE-2015-2447. 2015-08-14 9.3 CVE-2015-2446
MS
MS
microsoft — .net_framework Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Windows 10, Office 2007 SP3 and 2010 SP2, Live Meeting 2007 Console, Lync 2010, Lync 2010 Attendee, Lync 2013 SP1, Lync Basic 2013 SP1, Silverlight before 5.1.40728, and .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6 allow remote attackers to execute arbitrary code via a crafted TrueType font, aka “TrueType Font Parsing Vulnerability,” a different vulnerability than CVE-2015-2456. 2015-08-14 9.3 CVE-2015-2455
MS
microsoft — .net_framework Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Windows 10, Office 2007 SP3 and 2010 SP2, Live Meeting 2007 Console, Lync 2010, Lync 2010 Attendee, Lync 2013 SP1, Lync Basic 2013 SP1, Silverlight before 5.1.40728, and .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6 allow remote attackers to execute arbitrary code via a crafted TrueType font, aka “TrueType Font Parsing Vulnerability,” a different vulnerability than CVE-2015-2455. 2015-08-14 9.3 CVE-2015-2456
MS
microsoft — windows_10 ATMFD.DLL in the Windows Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows remote attackers to execute arbitrary code via a crafted OpenType font, aka “OpenType Font Parsing Vulnerability,” a different vulnerability than CVE-2015-2459 and CVE-2015-2461. 2015-08-14 9.3 CVE-2015-2458
MS
microsoft — windows_10 ATMFD.DLL in the Windows Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows remote attackers to execute arbitrary code via a crafted OpenType font, aka “OpenType Font Parsing Vulnerability,” a different vulnerability than CVE-2015-2458 and CVE-2015-2461. 2015-08-14 9.3 CVE-2015-2459
MS
microsoft — .net_framework ATMFD.DLL in the Windows Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6 allows remote attackers to execute arbitrary code via a crafted OpenType font, aka “OpenType Font Parsing Vulnerability.” 2015-08-14 9.3 CVE-2015-2460
MS
microsoft — windows_10 ATMFD.DLL in the Windows Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows remote attackers to execute arbitrary code via a crafted OpenType font, aka “OpenType Font Parsing Vulnerability,” a different vulnerability than CVE-2015-2458 and CVE-2015-2459. 2015-08-14 9.3 CVE-2015-2461
MS
microsoft — .net_framework ATMFD.DLL in the Windows Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Windows 10, and .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6 allows remote attackers to execute arbitrary code via a crafted OpenType font, aka “OpenType Font Parsing Vulnerability.” 2015-08-14 9.3 CVE-2015-2462
MS
microsoft — .net_framework Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Office 2007 SP3 and 2010 SP2, Live Meeting 2007 Console, Lync 2010, Lync 2010 Attendee, Lync 2013 SP1, Lync Basic 2013 SP1, Silverlight before 5.1.40728, and .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6 allow remote attackers to execute arbitrary code via a crafted TrueType font, aka “TrueType Font Parsing Vulnerability,” a different vulnerability than CVE-2015-2464. 2015-08-14 9.3 CVE-2015-2463
MS
microsoft — .net_framework Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Office 2007 SP3 and 2010 SP2, Live Meeting 2007 Console, Lync 2010, Lync 2010 Attendee, Lync 2013 SP1, Lync Basic 2013 SP1, Silverlight before 5.1.40728, and .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6 allow remote attackers to execute arbitrary code via a crafted TrueType font, aka “TrueType Font Parsing Vulnerability,” a different vulnerability than CVE-2015-2463. 2015-08-14 9.3 CVE-2015-2464
MS
microsoft — office Microsoft Office 2007 SP3, 2010 SP2, 2013 SP1, and 2013 RT SP1 allows remote attackers to execute arbitrary code via a crafted template, aka “Microsoft Office Remote Code Execution Vulnerability.” 2015-08-14 9.3 CVE-2015-2466
MS
microsoft — office Microsoft Office 2007 SP3 allows remote attackers to execute arbitrary code via a crafted document, aka “Microsoft Office Memory Corruption Vulnerability.” 2015-08-14 9.3 CVE-2015-2467
MS
microsoft — office Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Office for Mac 2011, Office for Mac 2016, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2 and 2013 SP1, Word Web Apps 2010 SP2, and Office Web Apps Server 2013 SP1 allow remote attackers to execute arbitrary code via a crafted document, aka “Microsoft Office Memory Corruption Vulnerability.” 2015-08-14 9.3 CVE-2015-2468
MS
microsoft — office Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, and Office for Mac 2011 allow remote attackers to execute arbitrary code via a crafted document, aka “Microsoft Office Memory Corruption Vulnerability.” 2015-08-14 9.3 CVE-2015-2469
MS
microsoft — office Integer underflow in Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2013 RT SP1, Office for Mac 2011, and Word Viewer allows remote attackers to execute arbitrary code via a crafted document, aka “Microsoft Office Integer Underflow Vulnerability.” 2015-08-14 9.3 CVE-2015-2470
MS
microsoft — windows_7 Untrusted search path vulnerability in the client in Remote Desktop Protocol (RDP) through 8.1 in Microsoft Windows 7 SP1 and Windows Server 2008 R2 SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .rdp file, aka “Remote Desktop Protocol DLL Planting Remote Code Execution Vulnerability.” 2015-08-14 9.3 CVE-2015-2473
MS
microsoft — windows_server_2008 Microsoft Windows Vista SP2 and Server 2008 SP2 allow remote authenticated users to execute arbitrary code via a crafted string in a Server Message Block (SMB) server error-logging action, aka “Server Message Block Memory Corruption Vulnerability.” 2015-08-14 9.0 CVE-2015-2474
MS
microsoft — office Microsoft Office 2007 SP3, Office for Mac 2011, Office for Mac 2016, and Word Viewer allow remote attackers to execute arbitrary code via a crafted document, aka “Microsoft Office Memory Corruption Vulnerability.” 2015-08-14 9.3 CVE-2015-2477
MS
microsoft — .net_framework The RyuJIT compiler in Microsoft .NET Framework 4.6 produces incorrect code during an attempt at optimization, which allows remote attackers to execute arbitrary code via a crafted .NET application, aka “RyuJIT Optimization Elevation of Privilege Vulnerability,” a different vulnerability than CVE-2015-2480 and CVE-2015-2481. 2015-08-14 9.3 CVE-2015-2479
MS
microsoft — .net_framework The RyuJIT compiler in Microsoft .NET Framework 4.6 produces incorrect code during an attempt at optimization, which allows remote attackers to execute arbitrary code via a crafted .NET application, aka “RyuJIT Optimization Elevation of Privilege Vulnerability,” a different vulnerability than CVE-2015-2479 and CVE-2015-2481. 2015-08-14 9.3 CVE-2015-2480
MS
microsoft — .net_framework The RyuJIT compiler in Microsoft .NET Framework 4.6 produces incorrect code during an attempt at optimization, which allows remote attackers to execute arbitrary code via a crafted .NET application, aka “RyuJIT Optimization Elevation of Privilege Vulnerability,” a different vulnerability than CVE-2015-2479 and CVE-2015-2480. 2015-08-14 9.3 CVE-2015-2481
MS
microsoft — internet_explorer Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Memory Corruption Vulnerability,” as exploited in the wild in August 2015. 2015-08-19 9.3 CVE-2015-2502
MS
MISC
MISC
MISC
mozilla — firefox Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. 2015-08-15 10.0 CVE-2015-4473
CONFIRM
CONFIRM
CONFIRM
CONFIRM
mozilla — firefox Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 40.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. 2015-08-15 10.0 CVE-2015-4474
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
mozilla — firefox The mozilla::AudioSink function in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 mishandles inconsistent sample formats within MP3 audio data, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via a malformed file. 2015-08-15 7.5 CVE-2015-4475
CONFIRM
CONFIRM
mozilla — firefox Use-after-free vulnerability in the MediaStream playback feature in Mozilla Firefox before 40.0 allows remote attackers to execute arbitrary code via unspecified use of the Web Audio API. 2015-08-15 10.0 CVE-2015-4477
CONFIRM
CONFIRM
mozilla — firefox Multiple integer overflows in libstagefright in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allow remote attackers to execute arbitrary code via a crafted saio chunk in MPEG-4 video data. 2015-08-15 10.0 CVE-2015-4479
CONFIRM
CONFIRM
CONFIRM
mozilla — firefox Integer overflow in the stagefright::SampleTable::isValid function in libstagefright in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to execute arbitrary code via crafted MPEG-4 video data with H.264 encoding. 2015-08-15 9.3 CVE-2015-4480
CONFIRM
CONFIRM
mozilla — firefox Heap-based buffer overflow in the resize_context_buffers function in libvpx in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to execute arbitrary code via malformed WebM video data. 2015-08-15 10.0 CVE-2015-4485
CONFIRM
CONFIRM
mozilla — firefox The decrease_ref_count function in libvpx in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via malformed WebM video data. 2015-08-15 10.0 CVE-2015-4486
CONFIRM
CONFIRM
mozilla — firefox The nsTSubstring::ReplacePrep function in Mozilla Firefox before 40.0, Firefox ESR 38.x before 38.2, and Firefox OS before 2.2 might allow remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, related to an “overflow.” 2015-08-15 7.5 CVE-2015-4487
CONFIRM
CONFIRM
mozilla — firefox Use-after-free vulnerability in the StyleAnimationValue class in Mozilla Firefox before 40.0, Firefox ESR 38.x before 38.2, and Firefox OS before 2.2 allows remote attackers to have an unspecified impact by leveraging a StyleAnimationValue::operator self assignment. 2015-08-15 7.5 CVE-2015-4488
CONFIRM
CONFIRM
mozilla — firefox The nsTArray_Impl class in Mozilla Firefox before 40.0, Firefox ESR 38.x before 38.2, and Firefox OS before 2.2 might allow remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging a self assignment. 2015-08-15 7.5 CVE-2015-4489
CONFIRM
CONFIRM
mozilla — firefox Use-after-free vulnerability in the XMLHttpRequest::Open implementation in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 might allow remote attackers to execute arbitrary code via a SharedWorker object that makes recursive calls to the open method of an XMLHttpRequest object. 2015-08-15 7.5 CVE-2015-4492
CONFIRM
CONFIRM
mozilla — firefox Heap-based buffer overflow in the stagefright::ESDS::parseESDescriptor function in libstagefright in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to execute arbitrary code via an invalid size field in an esds chunk in MPEG-4 video data. 2015-08-15 9.3 CVE-2015-4493
CONFIRM
CONFIRM
mozilla — firefox Multiple integer overflows in libstagefright in Mozilla Firefox before 38.0 allow remote attackers to execute arbitrary code via crafted sample metadata in an MPEG-4 video file. 2015-08-15 9.3 CVE-2015-4496
CONFIRM
CONFIRM
net-snmp — net-snmp The snmp_pdu_parse function in snmp_api.c in net-snmp 5.7.2 and earlier does not remove the varBind variable in a netsnmp_variable_list item when parsing of the SNMP PDU fails, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted packet. 2015-08-19 7.5 CVE-2015-5621
CONFIRM
CONFIRM
UBUNTU
MLIST
MLIST
MLIST
CONFIRM
REDHAT
novalnet — novalnet_payment_module_ubercart- SQL injection vulnerability in the Novalnet Payment Module Ubercart module for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors. 2015-08-18 7.5 CVE-2015-5504
MISC
MLIST
perl — perl Integer underflow in regcomp.c in Perl before 5.20, as used in Apple OS X before 10.10.5 and other products, allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a long digit string associated with an invalid backreference within a regular expression. 2015-08-16 7.5 CVE-2013-7422
CONFIRM
CONFIRM
APPLE
pimcore — pimcore SQL injection vulnerability in pimcore before build 3473 allows remote attackers to execute arbitrary SQL commands via the filter parameter to admin/asset/grid-proxy. 2015-08-18 7.5 CVE-2015-4426
MISC
CONFIRM
FULLDISC
wpslideshow — powerplay_gallery Multiple SQL injection vulnerabilities in upload.php in the Powerplay Gallery plugin 3.3 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) albumid or (2) name parameter. 2015-08-18 7.5 CVE-2015-5599
MISC
MLIST
FULLDISC
MISC
wpslideshow — powerplay_gallery Unrestricted file upload vulnerability in upload.php in the Powerplay Gallery plugin 3.3 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in *_uploadfolder/big/. 2015-08-18 7.5 CVE-2015-5681
MISC
MLIST
MLIST
FULLDISC
MISC
wpsymposium — wp_symposium SQL injection vulnerability in the WP Symposium plugin before 15.8 for WordPress allows remote attackers to execute arbitrary SQL commands via the size parameter to get_album_item.php. 2015-08-19 7.5 CVE-2015-6522
EXPLOIT-DB

Back to top

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
administration_views_project — administration_views The Administration Views module 7.x-1.x before 7.x-1.4 for Drupal, when used with other unspecified modules, does not properly grant access to administration pages, which allows remote administrators to bypass intended restrictions via unspecified vectors. 2015-08-18 6.0 CVE-2015-5509
MISC
CONFIRM
MLIST
apache — activemq The processControlCommand function in broker/TransportConnection.java in Apache ActiveMQ before 5.11.0 allows remote attackers to cause a denial of service (shutdown) via a shutdown command. 2015-08-14 5.0 CVE-2014-3576
CONFIRM
DEBIAN
MLIST
apache — activemq Directory traversal vulnerability in the fileserver upload/download functionality for blob messages in Apache ActiveMQ 5.x before 5.11.2 for Windows allows remote attackers to create JSP files in arbitrary directories via unspecified vectors. 2015-08-19 5.0 CVE-2015-1830
SECTRACK
CONFIRM
apache_solr_real-time_project — apache_solr_real-time The Apache Solr Real-Time module 7.x-1.x before 7.x-1.2 for Drupal does not check the status of an entity when indexing, which allows remote attackers to obtain information about unpublished content via a search. 2015-08-18 5.0 CVE-2015-5506
MISC
CONFIRM
MLIST
apple — safari Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not indicate what web site originated an input prompt, which allows remote attackers to conduct spoofing attacks via a crafted site. 2015-08-16 4.3 CVE-2015-3729
CONFIRM
CONFIRM
APPLE
APPLE
apple — safari WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3. 2015-08-16 6.8 CVE-2015-3730
CONFIRM
CONFIRM
APPLE
APPLE
apple — safari WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3. 2015-08-16 6.8 CVE-2015-3731
CONFIRM
CONFIRM
APPLE
APPLE
apple — safari WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3. 2015-08-16 6.8 CVE-2015-3732
CONFIRM
CONFIRM
APPLE
APPLE
apple — safari WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3. 2015-08-16 6.8 CVE-2015-3733
CONFIRM
CONFIRM
APPLE
APPLE
apple — safari WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3. 2015-08-16 6.8 CVE-2015-3734
CONFIRM
CONFIRM
APPLE
APPLE
apple — safari WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3. 2015-08-16 6.8 CVE-2015-3735
CONFIRM
CONFIRM
APPLE
APPLE
apple — safari WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3. 2015-08-16 6.8 CVE-2015-3736
CONFIRM
CONFIRM
APPLE
APPLE
apple — safari WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3. 2015-08-16 6.8 CVE-2015-3737
CONFIRM
CONFIRM
APPLE
APPLE
apple — safari WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3. 2015-08-16 6.8 CVE-2015-3738
CONFIRM
CONFIRM
APPLE
APPLE
apple — safari WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3. 2015-08-16 6.8 CVE-2015-3739
CONFIRM
CONFIRM
APPLE
APPLE
apple — safari WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3. 2015-08-16 6.8 CVE-2015-3740
CONFIRM
CONFIRM
APPLE
APPLE
apple — safari WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3. 2015-08-16 6.8 CVE-2015-3741
CONFIRM
CONFIRM
APPLE
APPLE
apple — safari WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3. 2015-08-16 6.8 CVE-2015-3742
CONFIRM
CONFIRM
APPLE
APPLE
apple — safari WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3. 2015-08-16 6.8 CVE-2015-3743
CONFIRM
CONFIRM
APPLE
APPLE
apple — safari WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3. 2015-08-16 6.8 CVE-2015-3744
CONFIRM
CONFIRM
APPLE
APPLE
apple — safari WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3. 2015-08-16 6.8 CVE-2015-3745
CONFIRM
CONFIRM
APPLE
APPLE
apple — safari WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3. 2015-08-16 6.8 CVE-2015-3746
CONFIRM
CONFIRM
APPLE
APPLE
apple — safari WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3. 2015-08-16 6.8 CVE-2015-3747
CONFIRM
CONFIRM
APPLE
APPLE
apple — safari WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3. 2015-08-16 6.8 CVE-2015-3748
CONFIRM
CONFIRM
APPLE
APPLE
apple — safari WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3. 2015-08-16 6.8 CVE-2015-3749
CONFIRM
CONFIRM
APPLE
APPLE
apple — safari WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not enforce the HTTP Strict Transport Security (HSTS) protection mechanism for Content Security Policy (CSP) report requests, which allows man-in-the-middle attackers to obtain sensitive information by sniffing the network or spoof a report by modifying the client-server data stream. 2015-08-16 6.4 CVE-2015-3750
CONFIRM
CONFIRM
APPLE
APPLE
apple — safari WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, allows remote attackers to bypass a Content Security Policy protection mechanism by using a video control in conjunction with an IMG element within an OBJECT element. 2015-08-16 5.0 CVE-2015-3751
CONFIRM
CONFIRM
APPLE
APPLE
apple — safari The Content Security Policy implementation in WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not properly restrict cookie transmission for report requests, which allows remote attackers to obtain sensitive information via vectors involving (1) a cross-origin request or (2) a private-browsing request. 2015-08-16 5.0 CVE-2015-3752
CONFIRM
CONFIRM
APPLE
APPLE
apple — safari WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not properly perform taint checking for CANVAS elements, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive image data by leveraging a redirect to a data:image resource. 2015-08-16 5.0 CVE-2015-3753
CONFIRM
CONFIRM
APPLE
APPLE
apple — safari The private-browsing implementation in WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8 does not prevent caching of HTTP authentication credentials, which makes it easier for remote attackers to track users via a crafted web site. 2015-08-16 4.3 CVE-2015-3754
CONFIRM
APPLE
apple — safari WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, allows remote attackers to spoof the user interface via a malformed URL. 2015-08-16 4.3 CVE-2015-3755
CONFIRM
CONFIRM
APPLE
APPLE
apple — iphone_os UIKit WebView in Apple iOS before 8.4.1 allows attackers to bypass an intended user-confirmation requirement and initiate arbitrary FaceTime calls via an app that provides a crafted URL. 2015-08-16 4.3 CVE-2015-3758
CONFIRM
APPLE
apple — iphone_os Location Framework in Apple iOS before 8.4.1 allows local users to bypass intended restrictions on filesystem modification via a symlink. 2015-08-16 4.6 CVE-2015-3759
CONFIRM
APPLE
apple — mac_os_x The Text Formats component in Apple OS X before 10.10.5, as used in TextEdit, allows remote attackers to read arbitrary files via a text file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. 2015-08-16 5.0 CVE-2015-3762
CONFIRM
APPLE
apple — iphone_os Safari in Apple iOS before 8.4.1 does not limit the rate of JavaScript alert messages, which allows remote attackers to cause a denial of service (apparent browser locking) via a crafted web site. 2015-08-16 4.3 CVE-2015-3763
CONFIRM
APPLE
apple — mac_os_x Notification Center in Apple OS X before 10.10.5 does not properly remove dismissed notifications, which allows attackers to read arbitrary notifications via a crafted app. 2015-08-16 4.3 CVE-2015-3764
CONFIRM
APPLE
apple — quicktime QuickTime 7 in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file, a different vulnerability than CVE-2015-3779, CVE-2015-3788, CVE-2015-3789, CVE-2015-3790, CVE-2015-3791, CVE-2015-3792, CVE-2015-5751, CVE-2015-5753, and CVE-2015-5779. 2015-08-16 6.8 CVE-2015-3765
CONFIRM
APPLE
apple — iphone_os The kernel in Apple iOS before 8.4.1 and OS X before 10.10.5 does not properly restrict the mach_port_space_info interface, which allows attackers to obtain sensitive memory-layout information via a crafted app. 2015-08-16 4.3 CVE-2015-3766
CONFIRM
CONFIRM
APPLE
APPLE
apple — mac_os_x The Dictionary app in Apple OS X before 10.10.5 does not use HTTPS, which allows man-in-the-middle attackers to obtain sensitive information by sniffing the network or spoof word definitions by modifying the client-server data stream. 2015-08-16 4.8 CVE-2015-3774
CONFIRM
APPLE
apple — quicktime QuickTime 7 in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file, a different vulnerability than CVE-2015-3765, CVE-2015-3788, CVE-2015-3789, CVE-2015-3790, CVE-2015-3791, CVE-2015-3792, CVE-2015-5751, CVE-2015-5753, and CVE-2015-5779. 2015-08-16 6.8 CVE-2015-3779
CONFIRM
APPLE
apple — mac_os_x The Bluetooth subsystem in Apple OS X before 10.10.5 allows attackers to obtain sensitive kernel memory-layout information via a crafted app. 2015-08-16 4.3 CVE-2015-3780
CONFIRM
APPLE
apple — mac_os_x Cross-site scripting (XSS) vulnerability in Quick Look in Apple OS X before 10.10.5 allows remote attackers to inject arbitrary web script or HTML via a previously visited web site that is rendered during a Quick Look search. 2015-08-16 4.3 CVE-2015-3781
CONFIRM
APPLE
apple — iphone_os CloudKit in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to access an iCloud user record associated with a previous user’s login session via a crafted app. 2015-08-16 4.3 CVE-2015-3782
CONFIRM
CONFIRM
APPLE
APPLE
apple — iphone_os Office Viewer in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. 2015-08-16 5.0 CVE-2015-3784
CONFIRM
CONFIRM
APPLE
APPLE
apple — mac_os_x The Bluetooth subsystem in Apple OS X before 10.10.5 does not properly restrict Notification Center Service access, which allows attackers to read Notification Center notifications of certain paired devices via a crafted app. 2015-08-16 4.3 CVE-2015-3786
CONFIRM
APPLE
apple — quicktime QuickTime 7 in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file, a different vulnerability than CVE-2015-3765, CVE-2015-3779, CVE-2015-3789, CVE-2015-3790, CVE-2015-3791, CVE-2015-3792, CVE-2015-5751, CVE-2015-5753, and CVE-2015-5779. 2015-08-16 6.8 CVE-2015-3788
CONFIRM
APPLE
apple — quicktime QuickTime 7 in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file, a different vulnerability than CVE-2015-3765, CVE-2015-3779, CVE-2015-3788, CVE-2015-3790, CVE-2015-3791, CVE-2015-3792, CVE-2015-5751, CVE-2015-5753, and CVE-2015-5779. 2015-08-16 6.8 CVE-2015-3789
CONFIRM
APPLE
apple — quicktime QuickTime 7 in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file, a different vulnerability than CVE-2015-3765, CVE-2015-3779, CVE-2015-3788, CVE-2015-3789, CVE-2015-3791, CVE-2015-3792, CVE-2015-5751, CVE-2015-5753, and CVE-2015-5779. 2015-08-16 6.8 CVE-2015-3790
CONFIRM
APPLE
apple — quicktime QuickTime 7 in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file, a different vulnerability than CVE-2015-3765, CVE-2015-3779, CVE-2015-3788, CVE-2015-3789, CVE-2015-3790, CVE-2015-3792, CVE-2015-5751, CVE-2015-5753, and CVE-2015-5779. 2015-08-16 6.8 CVE-2015-3791
CONFIRM
APPLE
apple — quicktime QuickTime 7 in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file, a different vulnerability than CVE-2015-3765, CVE-2015-3779, CVE-2015-3788, CVE-2015-3789, CVE-2015-3790, CVE-2015-3791, CVE-2015-5751, CVE-2015-5753, and CVE-2015-5779. 2015-08-16 6.8 CVE-2015-3792
CONFIRM
APPLE
apple — iphone_os CFPreferences in Apple iOS before 8.4.1 allows attackers to bypass the third-party app-sandbox protection mechanism and read arbitrary managed preferences via a crafted app. 2015-08-16 4.3 CVE-2015-3793
CONFIRM
APPLE
apple — mac_os_x The Speech UI in Apple OS X before 10.10.5, when speech alerts are enabled, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Unicode string. 2015-08-16 6.8 CVE-2015-3794
CONFIRM
APPLE
apple — iphone_os libxml2 in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (memory corruption) via a crafted XML document. 2015-08-16 4.3 CVE-2015-3807
CONFIRM
CONFIRM
APPLE
APPLE
apple — iphone_os AppleFileConduit in Apple iOS before 8.4.1 allows attackers to bypass intended restrictions on filesystem access via an afc command that leverages symlink mishandling. 2015-08-16 5.0 CVE-2015-5746
CONFIRM
APPLE
apple — mac_os_x The fasttrap driver in the kernel in Apple OS X before 10.10.5 allows local users to cause a denial of service (resource consumption) via unspecified vectors. 2015-08-16 4.9 CVE-2015-5747
CONFIRM
APPLE
apple — iphone_os The Sandbox_profiles component in Apple iOS before 8.4.1 allows attackers to bypass the third-party app-sandbox protection mechanism and read arbitrary managed preferences via a crafted app. 2015-08-16 4.3 CVE-2015-5749
CONFIRM
APPLE
apple — quicktime QuickTime 7 in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file, a different vulnerability than CVE-2015-3765, CVE-2015-3779, CVE-2015-3788, CVE-2015-3789, CVE-2015-3790, CVE-2015-3791, CVE-2015-3792, CVE-2015-5753, and CVE-2015-5779. 2015-08-16 6.8 CVE-2015-5751
CONFIRM
APPLE
apple — iphone_os Backup in Apple iOS before 8.4.1 allows attackers to bypass intended restrictions on filesystem access via a crafted app that creates a symlink. 2015-08-16 5.0 CVE-2015-5752
CONFIRM
APPLE
apple — quicktime QuickTime 7 in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file, a different vulnerability than CVE-2015-3765, CVE-2015-3779, CVE-2015-3788, CVE-2015-3789, CVE-2015-3790, CVE-2015-3791, CVE-2015-3792, CVE-2015-5751, and CVE-2015-5779. 2015-08-16 6.8 CVE-2015-5753
CONFIRM
APPLE
apple — iphone_os CoreText in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file, a different vulnerability than CVE-2015-5761. 2015-08-16 6.8 CVE-2015-5755
CONFIRM
CONFIRM
APPLE
APPLE
apple — iphone_os FontParser in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file, a different vulnerability than CVE-2015-3804 and CVE-2015-5775. 2015-08-16 6.8 CVE-2015-5756
CONFIRM
CONFIRM
APPLE
APPLE
apple — iphone_os ImageIO in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted TIFF image. 2015-08-16 6.8 CVE-2015-5758
CONFIRM
CONFIRM
APPLE
APPLE
apple — iphone_os WebKit in Apple iOS before 8.4.1 allows remote attackers to spoof clicks via a crafted web site that leverages tap events. 2015-08-16 5.0 CVE-2015-5759
CONFIRM
APPLE
apple — iphone_os CoreText in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file, a different vulnerability than CVE-2015-5755. 2015-08-16 6.8 CVE-2015-5761
CONFIRM
CONFIRM
APPLE
APPLE
apple — iphone_os Directory traversal vulnerability in Air Traffic in Apple iOS before 8.4.1 allows attackers to access arbitrary filesystem locations via vectors related to asset handling. 2015-08-16 5.0 CVE-2015-5766
CONFIRM
APPLE
apple — mac_os_x AppleGraphicsControl in Apple OS X before 10.10.5 allows attackers to obtain sensitive kernel memory-layout information via a crafted app. 2015-08-16 4.3 CVE-2015-5768
CONFIRM
APPLE
apple — iphone_os MobileInstallation in Apple iOS before 8.4.1 does not ensure the uniqueness of universal provisioning profile bundle IDs, which allows attackers to replace arbitrary extensions via a crafted enterprise app. 2015-08-16 5.8 CVE-2015-5770
CONFIRM
APPLE
apple — mac_os_x Quartz Composer Framework in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted QuickTime file. 2015-08-16 6.8 CVE-2015-5771
CONFIRM
APPLE
apple — mac_os_x Heap-based buffer overflow in SceneKit in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code via a crafted Collada file. 2015-08-16 6.8 CVE-2015-5772
CONFIRM
APPLE
apple — iphone_os QL Office in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted office document. 2015-08-16 6.8 CVE-2015-5773
CONFIRM
CONFIRM
APPLE
APPLE
apple — iphone_os CoreMedia Playback in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file, a different vulnerability than CVE-2015-5778. 2015-08-16 6.8 CVE-2015-5777
CONFIRM
CONFIRM
APPLE
APPLE
apple — iphone_os CoreMedia Playback in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file, a different vulnerability than CVE-2015-5777. 2015-08-16 6.8 CVE-2015-5778
CONFIRM
CONFIRM
APPLE
APPLE
apple — iphone_os ImageIO in Apple iOS before 8.4.1 and OS X before 10.10.5 does not properly initialize an unspecified data structure, which allows remote attackers to obtain sensitive information from process memory via a crafted PNG image. 2015-08-16 4.3 CVE-2015-5781
CONFIRM
CONFIRM
APPLE
APPLE
apple — iphone_os ImageIO in Apple iOS before 8.4.1 and OS X before 10.10.5 does not properly initialize an unspecified data structure, which allows remote attackers to obtain sensitive information from process memory via a crafted TIFF image. 2015-08-16 4.3 CVE-2015-5782
CONFIRM
CONFIRM
APPLE
APPLE
bestpractical — request_tracker Multiple cross-site scripting (XSS) vulnerabilities in Request Tracker (RT) 4.x before 4.2.12 allow remote attackers to inject arbitrary web script or HTML via vectors related to the (1) user and (2) group rights management pages. 2015-08-14 4.3 CVE-2015-5475
CONFIRM
DEBIAN
chamilo_integration_project — chamilo_integration Open redirect vulnerability in the Chamilo integration module 7.x-1.x before 7.x-1.2 for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified parameters. 2015-08-18 5.8 CVE-2015-5503
MISC
CONFIRM
MLIST
cisco — nx-os The global-configuration implementation on Cisco ASR 9000 devices with software 5.1.3 and 5.3.0 improperly closes vty sessions after a commit/end operation, which allows local users to cause a denial of service (tmp/*config file creation, memory consumption, and device hang) via unspecified vectors, aka Bug ID CSCut93842. 2015-08-19 4.9 CVE-2015-4277
CISCO
cisco — nx-os Nexus Data Broker (NDB) on Cisco Nexus 3000 devices with software 6.0(2)A6(1) allows remote attackers to cause a denial of service (Java process restart) via crafted connections to the Java application, aka Bug ID CSCut87006. 2015-08-19 5.0 CVE-2015-4296
CISCO
cisco — webex_node_for_mcs Open redirect vulnerability in Cisco WebEx Node for Media Convergence Server (MCS) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via crafted HTTP request parameters, aka Bug ID CSCuv32136. 2015-08-19 5.8 CVE-2015-4297
CISCO
cisco — unified_web_and_e-mail_interaction_manager Cisco Unified Web and E-Mail Interaction Manager 9.0(2) and 11.0(1) improperly performs authorization, which allows remote authenticated users to read or write to stored data via unspecified vectors, aka Bug ID CSCuo89056. 2015-08-19 6.5 CVE-2015-4298
CISCO
cisco — unified_web_and_e-mail_interaction_manager Cisco Unified Web and E-Mail Interaction Manager 9.0(2) improperly performs authorization, which allows remote authenticated users to remove default messaging-queue system folders via unspecified vectors, aka Bug ID CSCuo89046. 2015-08-19 5.5 CVE-2015-4299
CISCO
cisco — nx-os Cisco NX-OS on Nexus 9000 devices 11.1(1c) allows remote authenticated users to cause a denial of service (device hang) via large files that are copied to a device’s filesystem, aka Bug ID CSCuu77225. 2015-08-19 6.8 CVE-2015-4301
CISCO
cisco — firesight_system_software The web interface in Cisco FireSIGHT Management Center 5.3.1.4 allows remote attackers to delete arbitrary system policies via modified parameters in a POST request, aka Bug ID CSCuu25390. 2015-08-19 6.4 CVE-2015-4302
CISCO
cisco — telepresence_video_communication_server_software Cisco TelePresence Video Communication Server (VCS) X8.5.2 allows remote authenticated users to execute arbitrary commands in the context of the nobody user account via an unspecified web-page parameter, aka Bug ID CSCuv12333. 2015-08-20 6.5 CVE-2015-4303
CISCO
cisco — edge_bluebird_operating_system The webGUI configuration-export feature in Cisco Edge Bluebird Operating System 1.2 on Edge 340 devices allows remote authenticated users to obtain sensitive information via unspecified vectors, aka Bug ID CSCuu43968. 2015-08-19 6.8 CVE-2015-4308
CISCO
cisco — finesse Multiple cross-site scripting (XSS) vulnerabilities in Cisco Finesse 10.5(1) allow remote attackers to inject arbitrary web script or HTML via unspecified parameters in a (1) GET or (2) POST request, aka Bug IDs CSCuq82322, CSCut95853, and CSCuq73975. 2015-08-19 4.3 CVE-2015-4310
CISCO
cisco — telepresence_video_communication_server_software The System Snapshot feature in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.1 allows remote authenticated users to obtain sensitive password-hash information by reading the snapshot file, aka Bug ID CSCuv40422. 2015-08-19 4.0 CVE-2015-4314
CISCO
cisco — telepresence_video_communication_server_software The Call Policy Configuration page in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.3 improperly validates external DTDs, which allows remote authenticated users to read arbitrary files or cause a denial of service via a crafted XML document, aka Bug ID CSCuv31853. 2015-08-19 5.5 CVE-2015-4315
CISCO
cisco — telepresence_video_communication_server_software The Mobile and Remote Access (MRA) endpoint-validation feature in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 improperly validates the phone line used for registration, which allows remote authenticated users to conduct impersonation attacks via a crafted registration, aka Bug ID CSCuv40396. 2015-08-20 5.5 CVE-2015-4316
CISCO
cisco — telepresence_video_communication_server_software Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 allows remote attackers to cause a denial of service via invalid variables in an authentication packet, aka Bug ID CSCuv40469. 2015-08-19 5.0 CVE-2015-4317
CISCO
cisco — telepresence_video_communication_server_software Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 allows remote attackers to cause a denial of service via invalid variables in a GET request, aka Bug ID CSCuv40528. 2015-08-20 5.0 CVE-2015-4318
CISCO
cisco — telepresence_video_communication_server_software The password-change feature in the administrative web interface in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.1 improperly performs authorization, which allows remote authenticated users to reset arbitrary active-user passwords via unspecified vectors, aka Bug ID CSCuv12338. 2015-08-20 5.5 CVE-2015-4319
CISCO
cisco — telepresence_video_communication_server_software The Configuration Log File component in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 allows remote authenticated users to obtain sensitive information by reading a log file, aka Bug ID CSCuv12340. 2015-08-19 4.0 CVE-2015-4320
CISCO
cisco — adaptive_security_appliance_software The Unicast Reverse Path Forwarding (uRPF) implementation in Cisco Adaptive Security Appliance (ASA) Software 9.3(1.50), 9.3(2.100), 9.3(3), and 9.4(1) mishandles cases where an IP address belongs to an internal interface but is also in the ASA routing table, which allows remote attackers to bypass uRPF validation via spoofed packets, aka Bug ID CSCuv60724. 2015-08-20 5.0 CVE-2015-4321
CISCO
cisco — content_security_management_appliance Cisco Content Security Management Appliance (SMA) 8.3.6-039, 9.1.0-31, and 9.1.0-103 improperly restricts the privileges available after LDAP authentication, which allows remote authenticated users to read or write to an arbitrary user’s Spam Quarantine folder by visiting a spam-notification URL, aka Bug ID CSCuv65894. 2015-08-19 5.5 CVE-2015-4322
CISCO
cisco — mds_9000_nx-os Buffer overflow in Cisco NX-OS on Nexus 1000V devices for VMware vSphere 7.3(0)ZN(0.9); Nexus 3000 devices 6.0(2)U5(1.41), 7.0(3)I2(0.373), and 7.3(0)ZN(0.83); Nexus 4000 devices 4.1(2)E1(1b); Nexus 7000 devices 6.2(14)S1; Nexus 9000 devices 7.3(0)ZN(0.9); and MDS 9000 devices 6.2 (13) and 7.1(0)ZN(91.99) and MDS SAN-OS 7.1(0)ZN(91.99) allows remote attackers to cause a denial of service (device outage) via a crafted ARP packet, related to incorrect MTU validation, aka Bug IDs CSCuv71933, CSCuv61341, CSCuv61321, CSCuu78074, CSCut37060, CSCuv61266, CSCuv61351, CSCuv61358, and CSCuv61366. 2015-08-19 6.1 CVE-2015-4323
CISCO
cisco — nx-os Buffer overflow in Cisco NX-OS on Nexus 1000V devices for VMware vSphere 7.3(0)ZN(0.81), Nexus 3000 devices 7.3(0)ZN(0.81), Nexus 4000 devices 4.1(2)E1(1c), Nexus 7000 devices 7.2(0)N1(0.1), and Nexus 9000 devices 7.3(0)ZN(0.81) allows remote attackers to cause a denial of service (IGMP process restart) via a malformed IGMPv3 packet that is mishandled during memory allocation, aka Bug IDs CSCuv69713, CSCuv69717, CSCuv69723, CSCuv69732, and CSCuv48908. 2015-08-19 6.1 CVE-2015-4324
CISCO
cisco — telepresence_video_communication_server_software Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 improperly checks for a user account’s read-only attribute, which allows remote authenticated users to execute arbitrary OS commands via crafted HTTP requests, as demonstrated by read or write operations on the Unified Communications lookup page, aka Bug ID CSCuv12552. 2015-08-19 4.0 CVE-2015-4328
CISCO
cisco — telepresence_video_communication_server_software The administrator web interface in Cisco TelePresence Video Communication Server (VCS) X8.5.2 allows remote authenticated users to execute arbitrary OS commands via crafted HTTP requests, aka Bug ID CSCuv11796. 2015-08-20 6.5 CVE-2015-4329
CISCO
cisco — unified_web_and_e-mail_interaction_manager Cross-site scripting (XSS) vulnerability in Cisco Unified Web and E-Mail Interaction Manager 9.0(2) allows remote attackers to inject arbitrary web script or HTML via a crafted chat message, aka Bug ID CSCuo89051. 2015-08-19 4.3 CVE-2015-6255
CISCO
codelogic — freichat SQL injection vulnerability in the get_messages function in server/plugins/chatroom/chatroom.php in FreiChat 9.6 allows remote attackers to execute arbitrary SQL commands via the time parameter to server/freichat.php. 2015-08-18 5.0 CVE-2015-6512
EXPLOIT-DB
MISC
MISC
codfront_labs — http_strict_transport_security The HTTP Strict Transport Security (HSTS) module 6.x-1.x before 6.x-1.1 and 7.x-1.x before 7.x-1.2 for Drupal does not properly implement the “include subdomains” directive, which causes the HSTS policy to not be applied to subdomains and allows man-in-the-middle attackers to have unspecified impact via unknown vectors. 2015-08-18 6.8 CVE-2015-5505
MISC
CONFIRM
CONFIRM
MLIST
content_construction_kit_project — content_construction_kit Open redirect vulnerability in the Content Construction Kit (CCK) 6.x-2.x before 6.x-2.10 for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the destinations parameter, related to administration pages. 2015-08-18 5.8 CVE-2015-5510
CONFIRM
MISC
MLIST
coppermine-gallery — coppermine_photo_gallery Multiple cross-site scripting (XSS) vulnerabilities in install_classic.php in Coppermine Photo Gallery (CPG) 1.5.36 allow remote attackers to inject arbitrary web script or HTML via the (1) admin_username, (2) admin_password, (3) admin_email, (4) dbserver, (5) dbname, (6) dbuser, (7) dbpass, (8) table_prefix, or (9) impath parameter. 2015-08-20 4.3 CVE-2015-6528
MISC
cygnux — syspass SQL injection vulnerability in cygnux.org sysPass 1.0.9 and earlier allows remote authenticated users to execute arbitrary SQL commands via the search parameter to ajax/ajax_search.php. 2015-08-18 6.5 CVE-2015-6516
MISC
EXPLOIT-DB
BUGTRAQ
MISC
dell — netvault_backup Dell Netvault Backup before 10.0.5 allows remote attackers to cause a denial of service (crash) via a crafted request. 2015-08-14 5.0 CVE-2015-5696
EXPLOIT-DB
SECTRACK
BUGTRAQ
MISC
dev4press — gd_bbpress_attachments Cross-site scripting (XSS) vulnerability in forms/panels.php in the GD bbPress Attachments plugin before 2.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the tab parameter in the gdbbpress_attachments page to wp-admin/edit.php. 2015-08-18 4.3 CVE-2015-5481
CONFIRM
MISC
FULLDISC
MISC
dev4press — gd_bbpress_attachments Directory traversal vulnerability in the GD bbPress Attachments plugin before 2.3 for WordPress allows remote administrators to include and execute arbitrary local files via a .. (dot dot) in the tab parameter in the gdbbpress_attachments page to wp-admin/edit.php. 2015-08-18 4.0 CVE-2015-5482
CONFIRM
MISC
MISC
devexpress — ajax_control_toolkit Directory traversal vulnerability in the AjaxFileUpload control in DevExpress AJAX Control Toolkit (aka AjaxControlToolkit) before 15.1 allows remote attackers to write to arbitrary files via a .. (dot dot) in the fileId parameter to AjaxFileUploadHandler.axd. 2015-08-18 6.4 CVE-2015-4670
BUGTRAQ
MISC
elasticsearch — elasticsearch Directory traversal vulnerability in Elasticsearch before 1.6.1 allows remote attackers to read arbitrary files via unspecified vectors related to snapshot API calls. 2015-08-17 5.0 CVE-2015-5531
CONFIRM
BID
BUGTRAQ
MISC
emc — rsa_bsafe EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.8 and 4.1.x before 4.1.3 and RSA BSAFE SSL-C 2.8.9 and earlier allow remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerKeyExchange message, a similar issue to CVE-2014-3572. 2015-08-20 4.3 CVE-2015-0533
BUGTRAQ
emc — rsa_bsafe EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.8 and 4.1.x before 4.1.3, RSA BSAFE Crypto-J before 6.2, RSA BSAFE SSL-J before 6.2, and RSA BSAFE SSL-C 2.8.9 and earlier do not enforce certain constraints on certificate data, which allows remote attackers to defeat a fingerprint-based certificate-blacklist protection mechanism by including crafted data within a certificate’s unsigned portion, a similar issue to CVE-2014-8275. 2015-08-20 5.0 CVE-2015-0534
BUGTRAQ
emc — rsa_bsafe EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.8 and 4.1.x before 4.1.3 and RSA BSAFE SSL-C 2.8.9 and earlier do not properly restrict TLS state transitions, which makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the “FREAK” issue, a similar issue to CVE-2015-0204. 2015-08-20 4.3 CVE-2015-0535
BUGTRAQ
emc — rsa_archer_egrc Multiple cross-site request forgery (CSRF) vulnerabilities in EMC RSA Archer GRC 5.5 SP1 before P3 allow remote attackers to hijack the authentication of arbitrary users. 2015-08-20 6.8 CVE-2015-0542
BUGTRAQ
emc — documentum_administrator Cross-site request forgery (CSRF) vulnerability in EMC Documentum WebTop before 6.8P01, Documentum Administrator through 7.2, Documentum Digital Assets Manager through 6.5SP6, Documentum Web Publishers through 6.5SP7, and Documentum Task Space through 6.7SP2 allows remote attackers to hijack the authentication of arbitrary users. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2518. 2015-08-20 6.8 CVE-2015-4530
BUGTRAQ
entityform_block_project — entityform_block The Entityform Block module 7.x-1.x before 7.x-1.3 for Drupal does not properly check permissions when a form is locked to a role, which allows remote attackers to obtain access to certain entityforms via unspecified vectors. 2015-08-18 5.0 CVE-2015-5493
MISC
CONFIRM
MLIST
gnome — gdk-pixbuf Integer overflow in the make_filter_table function in pixops/pixops.c in gdk-pixbuf before 2.31.5, as used in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 on Linux, Google Chrome on Linux, and other products, allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow and application crash) via crafted bitmap dimensions that are mishandled during scaling. 2015-08-15 6.8 CVE-2015-4491
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
gnu — gnutls GnuTLS before 2.9.10 does not verify the activation and expiration dates of CA certificates, which allows man-in-the-middle attackers to spoof servers via a certificate issued by a CA certificate that is (1) not yet valid or (2) no longer valid. 2015-08-14 4.3 CVE-2014-8155
CONFIRM
REDHAT
hybridauth_social_login_project — hybridauth_social_login The HybridAuth Social Login module 7.x-2.x before 7.x-2.13 for Drupal allows remote attackers to bypass the user registration by administrator only configuration and create an account via a social login. 2015-08-18 5.0 CVE-2015-5511
MISC
CONFIRM
MLIST
inline_entity_form_project — inline_entity_form Cross-site scripting (XSS) vulnerability in the Inline Entity Form module 7.x-1.x before 7.x-1.6 for Drupal allows remote authenticated users with permission to create or edit fields to inject arbitrary web script or HTML via unspecified vectors. 2015-08-18 4.3 CVE-2015-5507
MISC
CONFIRM
MLIST
me_aliases_project — me_aliases The me aliases module 6.x-2.x before 6.x-2.10 and 7.x-1.x before 7.x-1.2 for Drupal allows remote attackers to access Views using the “me” user argument handler by substituting “me” for a user id in a URL. 2015-08-18 5.0 CVE-2015-5512
MISC
CONFIRM
CONFIRM
MLIST
CONFIRM
microsoft — system_center_operations_manager Cross-site scripting (XSS) vulnerability in Microsoft System Center 2012 Operations Manager Gold before Rollup 8, SP1 before Rollup 10, and R2 before Rollup 7 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka “System Center Operations Manager Web Console XSS Vulnerability.” 2015-08-14 4.3 CVE-2015-2420
MS
microsoft — excel Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Windows 10, Excel 2007 SP3, PowerPoint 2007 SP3, Visio 2007 SP3, Word 2007 SP3, Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Visio 2010 SP2, Word 2010 SP2, Excel 2013 SP1, PowerPoint 2013 SP1, Visio 2013 SP1, Word 2013 SP1, Excel 2013 RT SP1, PowerPoint 2013 RT SP1, Visio 2013 RT SP1, Word 2013 RT SP1, and Internet Explorer 7 through 11 allow remote attackers to gain privileges and obtain sensitive information via a crafted command-line parameter to an Office application or Notepad, as demonstrated by a transition from Low Integrity to Medium Integrity, aka “Unsafe Command Line Parameter Passing Vulnerability.” 2015-08-14 4.3 CVE-2015-2423
MS
MS
MS
microsoft — xml_core_services Microsoft XML Core Services 3.0 and 5.0 supports SSL 2.0, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by sniffing the network and conducting a decryption attack, aka “MSXML Information Disclosure Vulnerability,” a different vulnerability than CVE-2015-2471. 2015-08-14 4.3 CVE-2015-2434
MS
microsoft — xml_core_services Microsoft XML Core Services 3.0, 5.0, and 6.0 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka “MSXML Information Disclosure Vulnerability.” 2015-08-14 4.3 CVE-2015-2440
MS
microsoft — internet_explorer Microsoft Internet Explorer 7 through 11 and Edge allow remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka “ASLR Bypass.” 2015-08-14 4.3 CVE-2015-2449
MS
MS
microsoft — windows_7 The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to obtain sensitive information via a crafted application that continues to execute during a subsequent user’s login session, aka “Windows CSRSS Elevation of Privilege Vulnerability.” 2015-08-14 4.7 CVE-2015-2453
MS
microsoft — xml_core_services Microsoft XML Core Services 3.0, 5.0, and 6.0 supports SSL 2.0, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by sniffing the network and conducting a decryption attack, aka “MSXML Information Disclosure Vulnerability,” a different vulnerability than CVE-2015-2434. 2015-08-14 4.3 CVE-2015-2471
MS
microsoft — windows_7 Remote Desktop Session Host (RDSH) in Remote Desktop Protocol (RDP) through 8.1 in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly verify certificates, which allows man-in-the-middle attackers to spoof clients via a crafted certificate with valid Issuer and Serial Number fields, aka “Remote Desktop Session Host Spoofing Vulnerability.” 2015-08-14 4.3 CVE-2015-2472
MS
microsoft — biztalk_server Cross-site scripting (XSS) vulnerability in uddi/search/frames.aspx in the UDDI Services component in Microsoft Windows Server 2008 SP2 and BizTalk Server 2010, 2013 Gold, and 2013 R2 allows remote attackers to inject arbitrary web script or HTML via the search parameter, aka “UDDI Services Elevation of Privilege Vulnerability.” 2015-08-14 4.3 CVE-2015-2475
MS
mozilla — firefox Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 do not impose certain ECMAScript 6 requirements on JavaScript object properties, which allows remote attackers to bypass the Same Origin Policy via the reviver parameter to the JSON.parse method. 2015-08-15 5.0 CVE-2015-4478
CONFIRM
CONFIRM
mozilla — firefox mar_read.c in the Updater in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows local users to gain privileges or cause a denial of service (out-of-bounds write) via a crafted name of a Mozilla Archive (aka MAR) file. 2015-08-15 4.6 CVE-2015-4482
CONFIRM
CONFIRM
mozilla — firefox Mozilla Firefox before 40.0 allows man-in-the-middle attackers to bypass a mixed-content protection mechanism via a feed: URL in a POST request. 2015-08-15 4.3 CVE-2015-4483
CONFIRM
CONFIRM
mozilla — firefox The js::jit::AssemblerX86Shared::lock_addl function in the JavaScript implementation in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to cause a denial of service (application crash) by leveraging the use of shared memory and accessing (1) an Atomics object or (2) a SharedArrayBuffer object. 2015-08-15 5.0 CVE-2015-4484
CONFIRM
CONFIRM
mozilla — firefox The nsCSPHostSrc::permits function in dom/security/nsCSPUtils.cpp in Mozilla Firefox before 40.0 does not implement the Content Security Policy Level 2 exceptions for the blob, data, and filesystem URL schemes during wildcard source-expression matching, which might make it easier for remote attackers to conduct cross-site scripting (XSS) attacks by leveraging unexpected policy-enforcement behavior. 2015-08-15 4.3 CVE-2015-4490
CONFIRM
CONFIRM
navigate_project — navigate The Navigate module for Drupal does not properly check permissions, which allows remote authenticated users to modify custom widgets and create widget database records by leveraging the “navigate view” permission. 2015-08-18 4.0 CVE-2015-5499
MISC
MLIST
openstack — horizon Cross-site scripting (XSS) vulnerability in the Orchestration/Stack section in OpenStack Dashboard (Horizon) 2014.2 before 2014.2.4 and 2015.1.x before 2015.1.1 allows remote attackers to inject arbitrary web script or HTML via the description parameter in a heat template, which is not properly handled in the help_text attribute in the Field class. 2015-08-20 4.3 CVE-2015-3219
MLIST
MLIST
CONFIRM
BID
openstack — glance OpenStack Glance before 2015.1.1 (kilo) allows remote authenticated users to cause a denial of service (disk consumption) by repeatedly using the import task flow API to create images and then deleting them. 2015-08-14 4.0 CVE-2015-3289
CONFIRM
MLIST
opentext — secure_mft_2013 Cross-site scripting (XSS) vulnerability in OpenText Secure MFT 2013 before 2013 R3 P6 and 2014 before 2014 R2 P2 allows remote attackers to inject arbitrary web script or HTML via the querytext parameter to userdashboard.jsp. 2015-08-20 4.3 CVE-2015-6530
MISC
BUGTRAQ
pass2pdf_project — pass2pdf The pass2pdf module for Drupal does not restrict access to generated PDF files, which allows remote attackers to obtain user passwords via unspecified vectors. 2015-08-18 5.0 CVE-2015-5496
MISC
MLIST
pfsense — pfsense Cross-site scripting (XSS) vulnerability in the WebGUI in pfSense before 2.2.3 allows remote attackers to inject arbitrary web script or HTML via the zone parameter in a del action to services_captiveportal_zones.php. 2015-08-18 4.3 CVE-2015-4029
CONFIRM
FULLDISC
pfsense — pfsense Cross-site scripting (XSS) vulnerability in pfSense before 2.2.3 allows remote attackers to inject arbitrary web script or HTML via the descr parameter in a “new” action to system_authservers.php. 2015-08-18 4.3 CVE-2015-6508
CONFIRM
CONFIRM
pfsense — pfsense Multiple cross-site scripting (XSS) vulnerabilities in pfSense before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) proxypass parameter to system_advanced_misc.php; (2) adaptiveend, (3) adaptivestart, (4) maximumstates, (5) maximumtableentries, or (6) aliasesresolveinterval parameter to system_advanced_firewall.php; (7) proxyurl, (8) proxyuser, or (9) proxyport parameter to system_advanced_misc.php; or (10) name, (11) notification_name, (12) ipaddress, (13) password, (14) smtpipaddress, (15) smtpport, (16) smtpfromaddress, (17) smtpnotifyemailaddress, (18) smtpusername, or (19) smtppassword parameter to system_advanced_notifications.php. 2015-08-18 4.3 CVE-2015-6509
CONFIRM
pfsense — pfsense Multiple cross-site scripting (XSS) vulnerabilities in pfSense before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) srctrack, (2) use_mfs_tmp_size, or (3) use_mfs_var_size parameter to system_advanced_misc.php; the (4) port, (5) snaplen, or (6) count parameter to diag_packet_capture.php; the (7) pppoe_resethour, (8) pppoe_resetminute, (9) wpa_group_rekey, or (10) wpa_gmk_rekey parameter to interfaces.php; the (11) pppoe_resethour or (12) pppoe_resetminute parameter to interfaces_ppps_edit.php; the (13) member[] parameter to interfaces_qinq_edit.php; the (14) port or (15) retry parameter to load_balancer_pool_edit.php; the (16) pkgrepourl parameter to pkg_mgr_settings.php; the (17) zone parameter to services_captiveportal.php; the port parameter to (18) services_dnsmasq.php or (19) services_unbound.php; the (20) cache_max_ttl or (21) cache_min_ttl parameter to services_unbound_advanced.php; the (22) sshport parameter to system_advanced_admin.php; the (23) id, (24) tunable, (25) descr, or (26) value parameter to system_advanced_sysctl.php; the (27) firmwareurl, (28) repositoryurl, or (29) branch parameter to system_firmware_settings.php; the (30) pfsyncpeerip, (31) synchronizetoip, (32) username, or (33) passwordfld parameter to system_hasync.php; the (34) maxmss parameter to vpn_ipsec_settings.php; the (35) ntp_server1, (36) ntp_server2, (37) wins_server1, or (38) wins_server2 parameter to vpn_openvpn_csc.php; or unspecified parameters to (39) load_balancer_relay_action.php, (40) load_balancer_relay_action_edit.php, (41) load_balancer_relay_protocol.php, or (42) load_balancer_relay_protocol_edit.php. 2015-08-18 4.3 CVE-2015-6510
CONFIRM
pfsense — pfsense Cross-site scripting (XSS) vulnerability in pfSense before 2.2.3 allows remote attackers to inject arbitrary web script or HTML via the server[] parameter to services_ntpd.php. 2015-08-18 4.3 CVE-2015-6511
CONFIRM
phpipam — phpipam Multiple cross-site scripting (XSS) vulnerabilities in phpipam 1.1.010 allow remote attackers to inject arbitrary web script or HTML via the (1) section parameter to site/error.php or (2) ip parameter to site/tools/searchResults.php. 2015-08-20 4.3 CVE-2015-6529
BUGTRAQ
MISC
phpliteadmin_project — phpliteadmin Cross-site request forgery (CSRF) vulnerability in phpLiteAdmin 1.1 allows remote attackers to hijack the authentication of users for requests that drop database tables via the droptable parameter to phpliteadmin.php. 2015-08-18 6.8 CVE-2015-6517
BUGTRAQ
MISC
phpliteadmin_project — phpliteadmin Multiple cross-site scripting (XSS) vulnerabilities in phpLiteAdmin 1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO, (2) droptable parameter, or (3) table parameter to phpliteadmin.php. 2015-08-18 4.3 CVE-2015-6518
BUGTRAQ
MISC
picketlink — picketlink The Service Provider (SP) in PicketLink before 2.7.0 does not ensure that it is a member of an Audience element when an AudienceRestriction is specified, which allows remote attackers to log in to other users’ accounts via a crafted SAML assertion. NOTE: this identifier has been SPLIT per ADT2 due to different vulnerability types. See CVE-2015-6254 for lack of validation for the Destination attribute in a Response element in a SAML assertion. 2015-08-17 6.0 CVE-2015-0277
CONFIRM
CONFIRM
REDHAT
REDHAT
REDHAT
REDHAT
picketlink — picketlink The (1) Service Provider (SP) and (2) Identity Provider (IdP) in PicketLink before 2.7.0 does not ensure that the Destination attribute in a Response element in a SAML assertion matches the location from which the message was received, which allows remote attackers to have unspecified impact via unknown vectors. NOTE: this identifier was SPLIT from CVE-2015-0277 per ADT2 due to different vulnerability types. 2015-08-17 6.0 CVE-2015-6254
CONFIRM
CONFIRM
REDHAT
REDHAT
REDHAT
REDHAT
pimcore — pimcore Directory traversal vulnerability in pimcore before build 3473 allows remote authenticated users with the “assets” permission to create or write to arbitrary files via a .. (dot dot) in the dir parameter to admin/asset/add-asset-compatibility. 2015-08-18 4.9 CVE-2015-4425
MISC
CONFIRM
FULLDISC
portfolio_project — portfolio Cross-site request forgery (CSRF) vulnerability in the Portfolio plugin before 1.05 for WordPress allows remote attackers to hijack the authentication of administrators for requests that have unspecified impact via a request to the instagram-portfolio page in wp-admin/options-general.php. 2015-08-19 6.8 CVE-2015-6523
CONFIRM
FULLDISC
shipwire_api_project — shipwire_api The Shipwire API module 7.x-1.x before 7.x-1.03 for Drupal does not check the view permission for the shipments overview (admin/shipwire/shipments), which allows remote attackers to obtain sensitive information via a request to the page. 2015-08-18 5.0 CVE-2015-5498
MISC
CONFIRM
MLIST
splunk — splunk Cross-site scripting (XSS) vulnerability in the Dashboard in Splunk Enterprise 6.2.x before 6.2.4 and Splunk Light 6.2.x before 6.2.4 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. 2015-08-18 4.3 CVE-2015-6514
CONFIRM
SECTRACK
splunk — splunk Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk Enterprise 6.2.x before 6.2.4, 6.1.x before 6.1.8, 6.0.x before 6.0.9, and 5.0.x before 5.0.13 and Splunk Light 6.2.x before 6.2.4 allows remote attackers to inject arbitrary web script or HTML via a header. 2015-08-18 4.3 CVE-2015-6515
CONFIRM
SECTRACK
techsmith — camtasia_relay Cross-site scripting (XSS) vulnerability in the Camtasia Relay module 6.x-2.x before 6.x-3.2 and 7.x-2.x before 7.x-1.3 for Drupal allows remote authenticated users with the “view meta information” permission to inject arbitrary web script or HTML via unspecified vectors related to the meta access tab. 2015-08-18 4.3 CVE-2015-5487
CONFIRM
CONFIRM
MISC
MLIST
the_extensible_catalog_drupal_toolkit_project — the_extensible_catalog_drupal_toolkit Cross-site request forgery (CSRF) vulnerability in the XC NCIP Provider module in the eXtensible Catalog (XC) Drupal Toolkit allows remote attackers to hijack the authentication of users with the “administer ncip providers” permission for requests that alter NCIP providers via a crafted request. 2015-08-18 5.1 CVE-2015-5508
MISC
MLIST
theeventscalendar — eventbrite_tickets Cross-site scripting (XSS) vulnerability in the Event Import page (import-eventbrite-events.php) in the Modern Tribe Eventbrite Tickets plugin before 3.10.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the “error” parameter to wp-admin/edit.php. 2015-08-18 4.3 CVE-2015-5485
CONFIRM
MISC
FULLDISC
MISC
theforeman — foreman Forman before 1.7.4 does not verify SSL certificates for LDAP connections, which allows man-in-the-middle attackers to spoof LDAP servers via a crafted certificate. 2015-08-14 5.0 CVE-2015-1816
CONFIRM
CONFIRM
REDHAT
REDHAT
CONFIRM
theforeman — foreman Foreman before 1.7.5 allows remote authenticated users to bypass organization and location restrictions by connecting through the REST API. 2015-08-14 4.0 CVE-2015-1844
CONFIRM
MISC
CONFIRM
REDHAT
REDHAT
CONFIRM
theforeman — foreman Foreman before 1.8.1 does not set the secure flag for the _session_id cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. 2015-08-14 5.0 CVE-2015-3155
CONFIRM
CONFIRM
CONFIRM
REDHAT
REDHAT
CONFIRM
theforeman — foreman Foreman before 1.9.0 allows remote authenticated users with the edit_users permission to edit administrator users and change their passwords via unspecified vectors. 2015-08-14 6.0 CVE-2015-3235
CONFIRM
REDHAT
REDHAT
CONFIRM
CONFIRM
video_consultation_project — video_consultation Cross-site scripting (XSS) vulnerability in the Video Consultation module for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2015-08-18 4.3 CVE-2015-5492
MISC
MLIST
videolan — vlc_media_player Cross-site scripting (XSS) vulnerability in the httpd_HtmlError function in network/httpd.c in the web interface in VideoLAN VLC Media Player before 2.2.0 allows remote attackers to inject arbitrary web script or HTML via the path info. 2015-08-17 4.3 CVE-2014-9743
BID
MISC
FULLDISC
CONFIRM
views_bulk_operations_project — views_bulk_operations The Views Bulk Operations (VBO) module 6.x-1.x and 7.x-3.x before 7.x-3.3 for Drupal, when the bulk operation for changing Roles is enabled, allows remote authenticated users to edit user accounts and add arbitrary roles to the accounts by leveraging access to a user account listing view with VBO enabled. 2015-08-18 4.9 CVE-2015-5515
MISC
CONFIRM
MLIST
views_project — views The _views_fetch_data method in includes/cache.inc in the Views module 7.x-3.5 through 7.x-3.10 for Drupal does not rebuild the full cache if the static cache is not empty, which allows remote attackers to bypass intended filters and obtain access to hidden content via unspecified vectors. 2015-08-18 5.0 CVE-2015-5490
MISC
CONFIRM
MISC
MLIST
CONFIRM
xmlsoft — libxml The xmlreader in libxml allows remote attackers to cause a denial of service (memory consumption) via crafted XML data, related to an XML Entity Expansion (XEE) attack. 2015-08-14 5.0 CVE-2015-1819
CONFIRM
REDHAT

Back to top

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
apple — iphone_os The Certificate UI in Apple iOS before 8.4.1 does not prevent X.509 certificate acceptance within the lock screen, which allows physically proximate attackers to establish arbitrary certificate trust relationships by completing a dialog. 2015-08-16 2.1 CVE-2015-3756
CONFIRM
APPLE
apple — mac_os_x Apple OS X before 10.10.5 does not properly restrict access to the Date & Time preferences pane, which allows local users to spoof the time by visiting this pane. 2015-08-16 2.1 CVE-2015-3757
CONFIRM
APPLE
apple — iphone_os bootp in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to obtain potentially sensitive information about MAC addresses seen in previous Wi-Fi sessions by sniffing an 802.11 network for DNAv4 broadcast traffic. 2015-08-16 3.3 CVE-2015-3778
CONFIRM
CONFIRM
APPLE
APPLE
apple — mac_os_x The Bluetooth subsystem in Apple OS X before 10.10.5 allows remote attackers to cause a denial of service via malformed Bluetooth ACL packets. 2015-08-16 3.3 CVE-2015-3787
CONFIRM
APPLE
apple — mac_os_x The kernel in Apple OS X before 10.10.5 does not properly mount HFS volumes, which allows local users to cause a denial of service via a crafted volume. 2015-08-16 2.1 CVE-2015-5748
CONFIRM
APPLE
dynamic_display_block_project — dynamic_display_block The Dynamic display block module 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users to bypass intended access restrictions and read sensitive titles by leveraging the “administer ddblock” permission. 2015-08-18 3.5 CVE-2015-5491
CONFIRM
MISC
MLIST
emc — rsa_bsafe EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.8 and 4.1.x before 4.1.3 and RSA BSAFE SSL-C 2.8.9 and earlier, when client authentication and an ephemeral Diffie-Hellman ciphersuite are enabled, allow remote attackers to cause a denial of service (daemon crash) via a ClientKeyExchange message with a length of zero, a similar issue to CVE-2015-1787. 2015-08-20 2.6 CVE-2015-0536
BUGTRAQ
emc — documentum_content_server EMC Documentum Content Server before 7.0 P20, 7.1 before P18, and 7.2 before P02, when RPC tracing is configured, stores certain obfuscated password data in a log file, which allows remote authenticated users to obtain sensitive information by reading this file. 2015-08-20 3.5 CVE-2015-4536
BUGTRAQ
microsoft — windows_7 Object Manager in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly constrain impersonation levels during interaction with object symbolic links that originated in a sandboxed process, which allows local users to gain privileges via a crafted application, aka “Windows Object Manager Elevation of Privilege Vulnerability.” 2015-08-14 2.1 CVE-2015-2428
MS
microsoft — windows_10 The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows local users to bypass the ASLR protection mechanism via a crafted application, aka “Kernel ASLR Bypass Vulnerability.” 2015-08-14 2.1 CVE-2015-2433
MS
microsoft — windows_7 The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly constrain impersonation levels, which allows local users to gain privileges via a crafted application, aka “Windows KMD Security Feature Bypass Vulnerability.” 2015-08-14 2.1 CVE-2015-2454
MS
microsoft — windows_10 The Windows shell in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 does not properly constrain impersonation levels, which allows local users to gain privileges via a crafted application, aka “Windows Shell Security Feature Bypass Vulnerability.” 2015-08-14 2.1 CVE-2015-2465
MS
microsoft — windows_7 The WebDAV client in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 supports SSL 2.0, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by sniffing the network and conducting a decryption attack, aka “WebDAV Client Information Disclosure Vulnerability.” 2015-08-14 2.6 CVE-2015-2476
MS
migrate_project — migrate Cross-site scripting (XSS) vulnerability in the Migrate module 7.x-2.x before 7.x-2.8 for Drupal, when the migrate_ui submodule is enabled, allows user-assisted remote attackers to inject arbitrary web script or HTML via a destination field label. 2015-08-18 2.6 CVE-2015-5514
MISC
CONFIRM
MLIST
mobile_sliding_menu_project — mobile_sliding_menu Cross-site scripting (XSS) vulnerability in the Mobile sliding menu module 7.x-2.x before 7.x-2.1 for Drupal allows remote authenticated users with the “administer menu” permission to inject arbitrary web script or HTML via unspecified vectors. 2015-08-18 2.1 CVE-2015-5495
MISC
CONFIRM
MLIST
mozilla — firefox Race condition in the Mozilla Maintenance Service in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 on Windows allows local users to write to arbitrary files and consequently gain privileges via vectors involving a hard link to a log file during an update. 2015-08-15 3.3 CVE-2015-4481
CONFIRM
CONFIRM
navigate_project — navigate Cross-site scripting (XSS) vulnerability in the Navigate module for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors. 2015-08-18 3.5 CVE-2015-5500
MISC
MLIST
niif — shibboleth_authentication Cross-site scripting (XSS) vulnerability in the Shibboleth authentication module 6.x-4.x before 6.x-4.2 and 7.x-4.x before 7.x-4.2 for Drupal allows remote authenticated users with the “Administer blocks” permission to inject arbitrary web script or HTML via unspecified vectors related to a login link. 2015-08-18 2.1 CVE-2015-5513
MISC
CONFIRM
CONFIRM
MLIST
openstack — glance The import task action in OpenStack Image Service (Glance) 2015.1.x before 2015.1.2 (kilo), when using the V2 API, allows remote authenticated users to read arbitrary files via a crafted backing file for a qcow2 image. 2015-08-19 3.5 CVE-2015-5163
CONFIRM
REDHAT
MLIST
smart_trim_project — smart_trim Cross-site scripting (XSS) vulnerability in the Smart Trim module 7.x-1.x before 7.x-1.5 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via vectors involving the field settings form. 2015-08-18 3.5 CVE-2015-5489
MISC
CONFIRM
MLIST
thinkshout — mailchimp Cross-site scripting (XSS) vulnerability in the MailChimp Signup submodule in the MailChimp module 7.x-3.x before 7.x-3.3 for Drupal allows remote authenticated users with the “administer mailchimp” permission to inject arbitrary web script or HTML via unspecified vectors. 2015-08-18 2.1 CVE-2015-5488
MISC
CONFIRM
MLIST
web_links_project — web_links Cross-site scripting (XSS) vulnerability in the Web Links module 6.x-2.x before 6.x-2.6 and 7.x-1.x before 7.x-1.0 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors. 2015-08-18 3.5 CVE-2015-5497
MISC
CONFIRM
CONFIRM
MLIST
webform_matrix_component_project — webform_matrix_component Cross-site scripting (XSS) vulnerability in the Webform Matrix Component module 7.x-4.x before 7.x-4.13 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors. 2015-08-18 3.5 CVE-2015-5494
MISC
CONFIRM
MLIST

Back to top


This product is provided subject to this Notification and this Privacy & Use policy.

Leave a Reply