Original release date: September 21, 2015
The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.
The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
-
High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0
-
Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9
-
Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9
Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.
High Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| advantech — webaccess | Multiple stack-based buffer overflows in unspecified DLL files in Advantech WebAccess before 8.0.1 allow remote attackers to execute arbitrary code via unknown vectors. | 2015-09-11 | 10.0 | CVE-2014-9208 MISC |
| apple — iphone_os | IOMobileFrameBuffer in Apple iOS before 9 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors. | 2015-09-18 | 7.2 | CVE-2015-5843 CONFIRM APPLE |
| apple — iphone_os | IOKit in the kernel in Apple iOS before 9 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2015-5845 and CVE-2015-5846. | 2015-09-18 | 9.3 | CVE-2015-5844 CONFIRM APPLE |
| apple — iphone_os | IOKit in the kernel in Apple iOS before 9 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2015-5844 and CVE-2015-5846. | 2015-09-18 | 9.3 | CVE-2015-5845 CONFIRM APPLE |
| apple — iphone_os | IOKit in the kernel in Apple iOS before 9 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2015-5844 and CVE-2015-5845. | 2015-09-18 | 9.3 | CVE-2015-5846 CONFIRM APPLE |
| apple — iphone_os | The Disk Images component in Apple iOS before 9 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors. | 2015-09-18 | 7.2 | CVE-2015-5847 CONFIRM APPLE |
| apple — iphone_os | IOAcceleratorFamily in Apple iOS before 9 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors. | 2015-09-18 | 7.2 | CVE-2015-5848 CONFIRM APPLE |
| apple — iphone_os | IOHIDFamily in Apple iOS before 9 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | 2015-09-18 | 9.3 | CVE-2015-5867 CONFIRM APPLE |
| apple — iphone_os | The kernel in Apple iOS before 9 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5896 and CVE-2015-5903. | 2015-09-18 | 7.2 | CVE-2015-5868 CONFIRM APPLE |
| apple — itunes | CoreText in Apple iOS before 9 and iTunes before 12.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file. | 2015-09-18 | 7.5 | CVE-2015-5874 APPLE CONFIRM CONFIRM APPLE |
| apple — iphone_os | dyld in Dev Tools in Apple iOS before 9 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | 2015-09-18 | 9.3 | CVE-2015-5876 CONFIRM APPLE |
| apple — iphone_os | The processor_set_tasks API implementation in Apple iOS before 9 allows local users to bypass an entitlement protection mechanism and obtain access to the task ports of arbitrary processes by leveraging root privileges. | 2015-09-18 | 7.2 | CVE-2015-5882 CONFIRM APPLE |
| apple — iphone_os | The kernel in Apple iOS before 9 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5868 and CVE-2015-5903. | 2015-09-18 | 7.2 | CVE-2015-5896 CONFIRM APPLE |
| apple — iphone_os | libpthread in the kernel in Apple iOS before 9 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors. | 2015-09-18 | 7.2 | CVE-2015-5899 CONFIRM APPLE |
| apple — iphone_os | The kernel in Apple iOS before 9 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5868 and CVE-2015-5896. | 2015-09-18 | 10.0 | CVE-2015-5903 CONFIRM APPLE |
| asus — tm-1900 | Stack-based buffer overflow in the ASUS TM-AC1900 router allows remote attackers to execute arbitrary code via crafted HTTP header values. | 2015-09-15 | 9.3 | CVE-2015-6949 MISC |
| borland — accurev | Multiple stack-based buffer overflows in the Reprise License Manager service in Borland AccuRev allow remote attackers to execute arbitrary code via the (1) akey or (2) actserver parameter to the the activate_doit function or (3) licfile parameter to the service_startup_doit functionality. | 2015-09-15 | 9.3 | CVE-2015-6946 MISC MISC MISC |
| checkmarx — cxsast | Checkmarx CxSAST (formerly CxSuite) before 7.1.8 allows remote authenticated users to bypass the CxQL sandbox protection mechanism and execute arbitrary C# code by asserting the (1) System.Security.Permissions.PermissionState.Unrestricted or (2) System.Security.Permissions.SecurityPermissionFlag.AllFlags permission. | 2015-09-16 | 9.0 | CVE-2014-8778 BUGTRAQ FULLDISC MISC |
| ciphercoin — wp_limit_login_attempts | Multiple SQL injection vulnerabilities in the getip function in wp-limit-login-attempts.php in the WP Limit Login Attempts plugin before 2.0.1 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) X-Forwarded-For or (2) Client-IP HTTP header. | 2015-09-16 | 7.5 | CVE-2015-6829 MISC CONFIRM CONFIRM MLIST MLIST |
| ibm — websphere_portal | IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.0.x through 7.0.0.2 CF29, 8.0.x before 8.0.0.1 CF17, and 8.5.0 before CF06 allows remote attackers to cause a denial of service (CPU and memory consumption) via a crafted request. | 2015-09-14 | 7.8 | CVE-2015-1943 CONFIRM AIXAPAR |
| ibm — http_server | Stack-based buffer overflow in the Administration Server in IBM HTTP Server 6.1.0.x through 6.1.0.47, 7.0.0.x before 7.0.0.39, 8.0.0.x before 8.0.0.12, and 8.5.x before 8.5.5.7, as used in WebSphere Application Server and other products, allows remote authenticated users to execute arbitrary code via unspecified vectors. | 2015-09-15 | 9.0 | CVE-2015-4947 CONFIRM AIXAPAR AIXAPAR |
| ibs_mappro_project — ibs_mappro | Absolute path traversal vulnerability in lib/download.php in the IBS Mappro plugin before 1.0 for WordPress allows remote attackers to read arbitrary files via a full pathname in the file parameter. | 2015-09-15 | 7.8 | CVE-2015-5472 MISC CONFIRM MISC |
| impero — impero_education_pro | Impero Education Pro before 5105 uses a hardcoded CBC key and initialization vector derived from a hash of the Imp3ro string, which makes it easier for remote attackers to obtain plaintext data by sniffing the network for ciphertext data. | 2015-09-14 | 7.8 | CVE-2015-5997 CERT-VN |
| impero — impero_education_pro | Impero Education Pro before 5105 relies on the -1|AUTHENTICATEx02PASSWORD string for authentication, which allows remote attackers to execute arbitrary programs via an encrypted command. | 2015-09-14 | 10.0 | CVE-2015-5998 CERT-VN |
| mindbite — sitefactory_cms | Absolute path traversal vulnerability in SiteFactory CMS 5.5.9 allows remote attackers to read arbitrary files via a full pathname in the file parameter to assets/download.aspx. | 2015-09-11 | 7.8 | CVE-2015-6914 MISC |
| montala — resourcespace | SQL injection vulnerability in Montala Limited ResourceSpace 7.3.7009 and earlier allows remote attackers to execute arbitrary SQL commands via the “user” cookie to plugins/feedback/pages/feedback.php. | 2015-09-11 | 7.5 | CVE-2015-6915 MISC |
| moxa — eds-405a_firmware | The administrative web interface on Moxa EDS-405A and EDS-408A switches with firmware before 3.6 allows remote authenticated users to bypass a read-only protection mechanism by using Firefox with a web-developer plugin. | 2015-09-11 | 8.5 | CVE-2015-6464 MISC CONFIRM |
| mozilla — bugzilla | Util.pm in Bugzilla 2.x, 3.x, and 4.x before 4.2.15, 4.3.x and 4.4.x before 4.4.10, and 5.x before 5.0.1 mishandles long e-mail addresses during account registration, which allows remote attackers to obtain the default privileges for an arbitrary domain name by placing that name in a substring of an address, as demonstrated by truncation of an @mozilla.com.example.com address to an @mozilla.com address. | 2015-09-13 | 7.5 | CVE-2015-4499 BUGTRAQ BUGTRAQ CONFIRM |
| sis — windows_vga_display_manager | Silicon Integrated Systems WindowsXP Display Manager (aka VGA Driver Manager and VGA Display Manager) 6.14.10.3930 allows local users to gain privileges via a crafted (1) 0x96002400 or (2) 0x96002404 IOCTL call. | 2015-09-16 | 7.2 | CVE-2015-5465 MISC EXPLOIT-DB BUGTRAQ FULLDISC MISC |
| sma_solar_technology_ag — webbox_firmware | SMA Solar Sunny WebBox has hardcoded passwords, which makes it easier for remote attackers to obtain access via unspecified vectors. | 2015-09-11 | 10.0 | CVE-2015-3964 MISC |
| synology — video_station | SQL injection vulnerability in Synology Video Station before 1.5-0757 allows remote attackers to execute arbitrary SQL commands via the id parameter to audiotrack.cgi. | 2015-09-11 | 7.5 | CVE-2015-6910 CONFIRM CONFIRM MISC BUGTRAQ FULLDISC MISC |
| synology — video_station | SQL injection vulnerability in Synology Video Station before 1.5-0763 allows remote attackers to execute arbitrary SQL commands via the id parameter to watchstatus.cgi. | 2015-09-11 | 7.5 | CVE-2015-6911 CONFIRM MISC BUGTRAQ FULLDISC MISC |
| synology — video_station | Synology Video Station before 1.5-0763 allows remote attackers to execute arbitrary shell commands via shell metacharacters in the subtitle_codepage parameter to subtitle.cgi. | 2015-09-11 | 10.0 | CVE-2015-6912 CONFIRM MISC BUGTRAQ FULLDISC MISC |
| teiko — farol | SQL injection vulnerability in the web application in Farol allows remote attackers to execute arbitrary SQL commands via the email parameter to tkmonitor/estrutura/login/Login.actions.php. | 2015-09-17 | 7.5 | CVE-2015-6962 EXPLOIT-DB |
| unit4 — teta_web | Unit4 Polska TETA Web (formerly TETA Galactica) 22.62.3.4 does not properly restrict access to the (1) Design Mode and (2) Debug Logger mode modules, which allows remote attackers to gain privileges via crafted “received parameters.” | 2015-09-16 | 7.5 | CVE-2015-1173 FULLDISC MISC |
| yahoo — messenger | Multiple stack-based buffer overflows in Yahoo! Messenger 11.5.0.228 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the (1) shortcut or (2) title keys in an emoticons.xml file. | 2015-09-11 | 9.3 | CVE-2014-7216 MISC MISC BUGTRAQ MISC |
Medium Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| administration_views_project — administration_views | The Administration Views module 7.x-1.x before 7.x-1.5 for Drupal checks access permissions based on the router path from the view instead of the display property, which allows remote attackers to obtain sensitive information via vectors related to the access handler. | 2015-09-17 | 5.0 | CVE-2015-7226 MISC CONFIRM CONFIRM |
| apple — iphone_os | The user interface in Safari in Apple iOS before 9 allows remote attackers to spoof URLs via unspecified vectors, a different vulnerability than CVE-2015-5765 and CVE-2015-5767. | 2015-09-18 | 4.3 | CVE-2015-5764 CONFIRM APPLE |
| apple — iphone_os | The user interface in Safari in Apple iOS before 9 allows remote attackers to spoof URLs via unspecified vectors, a different vulnerability than CVE-2015-5764 and CVE-2015-5767. | 2015-09-18 | 4.3 | CVE-2015-5765 CONFIRM APPLE |
| apple — iphone_os | The user interface in Safari in Apple iOS before 9 allows remote attackers to spoof URLs via unspecified vectors, a different vulnerability than CVE-2015-5764 and CVE-2015-5765. | 2015-09-18 | 4.3 | CVE-2015-5767 CONFIRM APPLE |
| apple — iphone_os | The WebKit Canvas implementation in Apple iOS before 9 allows remote attackers to bypass the Same Origin Policy and obtain sensitive image information via vectors involving a CANVAS element. | 2015-09-18 | 4.3 | CVE-2015-5788 CONFIRM APPLE |
| apple — itunes | WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. | 2015-09-18 | 6.8 | CVE-2015-5789 CONFIRM CONFIRM APPLE APPLE |
| apple — itunes | WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. | 2015-09-18 | 6.8 | CVE-2015-5790 CONFIRM CONFIRM APPLE APPLE |
| apple — itunes | WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. | 2015-09-18 | 6.8 | CVE-2015-5791 CONFIRM CONFIRM APPLE APPLE |
| apple — itunes | WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. | 2015-09-18 | 6.8 | CVE-2015-5792 CONFIRM CONFIRM APPLE APPLE |
| apple — itunes | WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. | 2015-09-18 | 6.8 | CVE-2015-5793 CONFIRM CONFIRM APPLE APPLE |
| apple — itunes | WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. | 2015-09-18 | 6.8 | CVE-2015-5794 CONFIRM CONFIRM APPLE APPLE |
| apple — itunes | WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. | 2015-09-18 | 6.8 | CVE-2015-5795 CONFIRM CONFIRM APPLE APPLE |
| apple — itunes | WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. | 2015-09-18 | 6.8 | CVE-2015-5796 CONFIRM CONFIRM APPLE APPLE |
| apple — itunes | WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. | 2015-09-18 | 6.8 | CVE-2015-5797 CONFIRM CONFIRM APPLE APPLE |
| apple — itunes | WebKit, as used in Apple iTunes before 12.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-3. | 2015-09-18 | 6.8 | CVE-2015-5798 CONFIRM APPLE |
| apple — itunes | WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. | 2015-09-18 | 6.8 | CVE-2015-5799 CONFIRM CONFIRM APPLE APPLE |
| apple — itunes | WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. | 2015-09-18 | 6.8 | CVE-2015-5800 CONFIRM CONFIRM APPLE APPLE |
| apple — itunes | WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. | 2015-09-18 | 6.8 | CVE-2015-5801 CONFIRM CONFIRM APPLE APPLE |
| apple — itunes | WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. | 2015-09-18 | 6.8 | CVE-2015-5802 CONFIRM CONFIRM APPLE APPLE |
| apple — itunes | WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. | 2015-09-18 | 6.8 | CVE-2015-5803 CONFIRM CONFIRM APPLE APPLE |
| apple — itunes | WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. | 2015-09-18 | 6.8 | CVE-2015-5804 CONFIRM CONFIRM APPLE APPLE |
| apple — itunes | WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. | 2015-09-18 | 6.8 | CVE-2015-5805 CONFIRM CONFIRM APPLE APPLE |
| apple — itunes | WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. | 2015-09-18 | 6.8 | CVE-2015-5806 CONFIRM CONFIRM APPLE APPLE |
| apple — itunes | WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. | 2015-09-18 | 6.8 | CVE-2015-5807 CONFIRM CONFIRM APPLE APPLE |
| apple — itunes | WebKit, as used in Apple iTunes before 12.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-3. | 2015-09-18 | 6.8 | CVE-2015-5808 CONFIRM APPLE |
| apple — itunes | WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. | 2015-09-18 | 6.8 | CVE-2015-5809 CONFIRM CONFIRM APPLE APPLE |
| apple — itunes | WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. | 2015-09-18 | 6.8 | CVE-2015-5810 CONFIRM CONFIRM APPLE APPLE |
| apple — itunes | WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. | 2015-09-18 | 6.8 | CVE-2015-5811 CONFIRM CONFIRM APPLE APPLE |
| apple — itunes | WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. | 2015-09-18 | 6.8 | CVE-2015-5812 CONFIRM CONFIRM APPLE APPLE |
| apple — itunes | WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. | 2015-09-18 | 6.8 | CVE-2015-5813 CONFIRM CONFIRM APPLE APPLE |
| apple — itunes | WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. | 2015-09-18 | 6.8 | CVE-2015-5814 CONFIRM CONFIRM APPLE APPLE |
| apple — itunes | WebKit, as used in Apple iTunes before 12.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-3. | 2015-09-18 | 6.8 | CVE-2015-5815 CONFIRM APPLE |
| apple — itunes | WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. | 2015-09-18 | 6.8 | CVE-2015-5816 CONFIRM CONFIRM APPLE APPLE |
| apple — itunes | WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. | 2015-09-18 | 6.8 | CVE-2015-5817 CONFIRM CONFIRM APPLE APPLE |
| apple — itunes | WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. | 2015-09-18 | 6.8 | CVE-2015-5818 CONFIRM CONFIRM APPLE APPLE |
| apple — itunes | WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. | 2015-09-18 | 6.8 | CVE-2015-5819 CONFIRM CONFIRM APPLE APPLE |
| apple — iphone_os | WebKit in Apple iOS before 9 allows remote attackers to trigger a dialing action via a crafted (1) tel://, (2) facetime://, or (3) facetime-audio:// URL. | 2015-09-18 | 4.3 | CVE-2015-5820 CONFIRM APPLE |
| apple — itunes | WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. | 2015-09-18 | 6.8 | CVE-2015-5821 CONFIRM CONFIRM APPLE APPLE |
| apple — itunes | WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. | 2015-09-18 | 6.8 | CVE-2015-5822 CONFIRM CONFIRM APPLE APPLE |
| apple — itunes | WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. | 2015-09-18 | 6.8 | CVE-2015-5823 CONFIRM CONFIRM APPLE APPLE |
| apple — iphone_os | The NSURL implementation in the CFNetwork SSL component in Apple iOS before 9 does not properly verify X.509 certificates from SSL servers after a certificate change, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 2015-09-18 | 4.3 | CVE-2015-5824 CONFIRM APPLE |
| apple — iphone_os | WebKit in Apple iOS before 9 does not properly restrict the availability of Performance API times, which allows remote attackers to obtain sensitive information about the browser history, mouse movement, or network traffic via crafted JavaScript code. | 2015-09-18 | 4.3 | CVE-2015-5825 CONFIRM APPLE |
| apple — iphone_os | WebKit in Apple iOS before 9 does not properly select the cases in which a Cascading Style Sheets (CSS) document is required to have the text/css content type, which allows remote attackers to bypass the Same Origin Policy via a crafted web site. | 2015-09-18 | 4.3 | CVE-2015-5826 CONFIRM APPLE |
| apple — iphone_os | WebKit in Apple iOS before 9 allows remote attackers to bypass the Same Origin Policy and obtain an object reference via vectors involving a (1) custom event, (2) message event, or (3) pop state event. | 2015-09-18 | 5.0 | CVE-2015-5827 CONFIRM APPLE |
| apple — iphone_os | Data Detectors Engine in Apple iOS before 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted text file. | 2015-09-18 | 6.8 | CVE-2015-5829 CONFIRM APPLE |
| apple — iphone_os | NetworkExtension in the kernel in Apple iOS before 9 does not properly initialize an unspecified data structure, which allows attackers to obtain sensitive memory-layout information via a crafted app. | 2015-09-18 | 5.0 | CVE-2015-5831 CONFIRM APPLE |
| apple — iphone_os | IOAcceleratorFamily in Apple iOS before 9 allows attackers to obtain sensitive kernel memory-layout information via a crafted app. | 2015-09-18 | 4.3 | CVE-2015-5834 CONFIRM APPLE |
| apple — iphone_os | Apple iOS before 9 allows attackers to obtain sensitive information about inter-app communication via a crafted app that conducts an interception attack involving an unspecified URL scheme. | 2015-09-18 | 4.3 | CVE-2015-5835 CONFIRM APPLE |
| apple — iphone_os | PluginKit in Apple iOS before 9 allows attackers to bypass an intended app-trust requirement and install arbitrary extensions via a crafted enterprise app. | 2015-09-18 | 4.3 | CVE-2015-5837 CONFIRM APPLE |
| apple — iphone_os | SpringBoard in Apple iOS before 9 does not properly restrict access to privileged API calls, which allows attackers to spoof the dialog windows of an arbitrary app via a crafted app. | 2015-09-18 | 4.3 | CVE-2015-5838 CONFIRM APPLE |
| apple — iphone_os | dyld in Apple iOS before 9 allows attackers to bypass a code-signing protection mechanism via an app that places a crafted signature in an executable file. | 2015-09-18 | 5.0 | CVE-2015-5839 CONFIRM APPLE |
| apple — iphone_os | The checkint division routines in removefile in Apple iOS before 9 allow attackers to cause a denial of service (overflow fault and app crash) via crafted data. | 2015-09-18 | 5.0 | CVE-2015-5840 CONFIRM APPLE |
| apple — iphone_os | The CFNetwork Proxies component in Apple iOS before 9 does not properly handle a Set-Cookie header within a response to an HTTP CONNECT request, which allows remote proxy servers to conduct cookie-injection attacks via a crafted response. | 2015-09-18 | 5.0 | CVE-2015-5841 CONFIRM APPLE |
| apple — iphone_os | Apple iOS before 9 allows attackers to discover the e-mail address of a player via a crafted Game Center app. | 2015-09-18 | 4.3 | CVE-2015-5855 CONFIRM APPLE |
| apple — iphone_os | The Application Store component in Apple iOS before 9 allows remote attackers to cause a denial of service to an enterprise-signed app via a crafted ITMS URL. | 2015-09-18 | 4.3 | CVE-2015-5856 CONFIRM APPLE |
| apple — iphone_os | Mail in Apple iOS before 9 allows remote attackers to use an address-book contact as a spoofed e-mail sender address via unspecified vectors. | 2015-09-18 | 5.0 | CVE-2015-5857 CONFIRM APPLE |
| apple — iphone_os | The CFNetwork HTTPProtocol component in Apple iOS before 9 allows remote attackers to bypass the HSTS protection mechanism, and consequently obtain sensitive information, via a crafted URL. | 2015-09-18 | 5.0 | CVE-2015-5858 CONFIRM APPLE |
| apple — iphone_os | The CFNetwork HTTPProtocol component in Apple iOS before 9 mishandles HSTS state, which allows remote attackers to bypass the Safari private-browsing protection mechanism and track users via a crafted web site. | 2015-09-18 | 5.0 | CVE-2015-5860 CONFIRM APPLE |
| apple — iphone_os | The Audio component in Apple iOS before 9 allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted audio file. | 2015-09-18 | 4.3 | CVE-2015-5862 CONFIRM APPLE |
| apple — iphone_os | XNU in the kernel in Apple iOS before 9 does not properly validate the headers of TCP packets, which allows remote attackers to bypass the sequence-number protection mechanism and cause a denial of service (TCP connection disruption) via a crafted header. | 2015-09-18 | 5.0 | CVE-2015-5879 CONFIRM APPLE |
| apple — iphone_os | CoreAnimation in Apple iOS before 9 allows attackers to bypass intended IOSurface restrictions and obtain screen-framebuffer access via a crafted background app. | 2015-09-18 | 4.3 | CVE-2015-5880 CONFIRM APPLE |
| apple — iphone_os | The CFNetwork Cookies component in Apple iOS before 9 allows remote attackers to track users via vectors involving a cookie for a top-level domain. | 2015-09-18 | 5.0 | CVE-2015-5885 CONFIRM APPLE |
| apple — iphone_os | Safari in Apple iOS before 9 allows remote attackers to spoof the relationship between URLs and web content via a crafted web site. | 2015-09-18 | 4.3 | CVE-2015-5904 CONFIRM APPLE |
| apple — iphone_os | Safari in Apple iOS before 9 allows remote attackers to spoof the relationship between URLs and web content via a crafted window opener on a web site. | 2015-09-18 | 5.0 | CVE-2015-5905 CONFIRM APPLE |
| apple — iphone_os | The HTML form implementation in WebKit in Apple iOS before 9 does not prevent QuickType access to the final character of a password, which might make it easier for remote attackers to discover a password by leveraging a later prediction containing that character. | 2015-09-18 | 5.0 | CVE-2015-5906 CONFIRM APPLE |
| apple — iphone_os | The CFNetwork FTPProtocol component in Apple iOS before 9 allows remote FTP proxy servers to trigger TCP connection attempts to intranet hosts via crafted responses. | 2015-09-18 | 5.0 | CVE-2015-5912 CONFIRM APPLE |
| apple — iphone_os | The Apple Pay component in Apple iOS before 9 allows remote terminals to obtain sensitive recent-transaction information during payments by leveraging the transaction-log feature. | 2015-09-18 | 4.3 | CVE-2015-5916 CONFIRM APPLE |
| apple — iphone_os | WebKit in Apple iOS before 9 mishandles “Content-Disposition: attachment” HTTP headers, which might allow man-in-the-middle attackers to obtain sensitive information via unspecified vectors. | 2015-09-18 | 4.3 | CVE-2015-5921 CONFIRM APPLE |
| auto-exchanger — auto-exchanger | Cross-site request forgery (CSRF) vulnerability in Auto-Exchanger 5.1.0 allows remote attackers to hijack the authentication of users for requests that change a password via a request to signup.php. | 2015-09-11 | 6.8 | CVE-2015-6827 EXPLOIT-DB |
| canon — pixma_mg7500_series_inkjet_printer | Cross-site request forgery (CSRF) vulnerability in the Remote UI on Canon PIXMA MG7500 printers allows remote attackers to hijack the authentication of administrators. | 2015-09-11 | 6.8 | CVE-2015-5631 CONFIRM JVNDB JVN |
| cisco — email_security_appliance | Format string vulnerability in Cisco Email Security Appliance (ESA) 7.6.0 and 8.0.0 allows remote attackers to cause a denial of service (memory overwrite or service outage) via format string specifiers in an HTTP request, aka Bug ID CSCug21497. | 2015-09-13 | 6.4 | CVE-2015-6285 CISCO |
| cisco — application_visibility_and_control | Cisco Application Visibility and Control (AVC) 15.3(3)JA, when FlexConnect is enabled, allows remote attackers to cause a denial of service (access-point outage) via a crafted UDP packet, aka Bug ID CSCuu47016. | 2015-09-13 | 5.7 | CVE-2015-6286 CISCO |
| cisco — web_security_virtual_appliance | Cisco Web Security Appliance (WSA) 8.0.6-078 and 8.0.6-115 allows remote attackers to cause a denial of service (service outage) via a flood of TCP traffic that leads to DNS resolution delays, aka Bug IDs CSCur32005 and CSCur07907. | 2015-09-13 | 5.0 | CVE-2015-6287 CISCO |
| cisco — content_security_management_appliance | Cisco Content Security Management Appliance (SMA) 7.8.0-000 does not properly validate credentials, which allows remote attackers to cause a denial of service (rapid log-file rollover and application fault) via crafted HTTP requests, aka Bug ID CSCuw09620. | 2015-09-13 | 5.0 | CVE-2015-6288 CISCO |
| cisco — web_security_virtual_appliance | Cisco Web Security Appliance (WSA) 8.0.7 allows remote HTTP servers to cause a denial of service (memory consumption from stale TCP connections) via crafted responses, aka Bug ID CSCuw10426. | 2015-09-13 | 4.3 | CVE-2015-6290 CISCO |
| corel — wordperfect | Heap-based buffer overflow in the Microsoft Word document conversion feature in Corel WordPerfect allows remote attackers to execute arbitrary code via a crafted document. | 2015-09-15 | 6.8 | CVE-2015-6948 MISC |
| creative-solutions — contact_form_generator | Multiple cross-site request forgery (CSRF) vulnerabilities in the Contact Form Generator plugin 2.0.1 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) create a field, (2) update a field, (3) delete a field, (4) create a form, (5) update a form, (6) delete a form, (7) create a template, (8) update a template, (9) delete a template, or (10) conduct cross-site scripting (XSS) attacks via a crafted request to the cfg_forms page in wp-admin/admin.php. | 2015-09-16 | 6.8 | CVE-2015-6965 EXPLOIT-DB MISC MISC |
| freetype — freetype | The parse_encoding function in type1/t1load.c in FreeType before 2.5.3 allows remote attackers to cause a denial of service (infinite loop) via a “broken number-with-base” in a Postscript stream, as demonstrated by 8#garbage. | 2015-09-14 | 5.0 | CVE-2014-9745 CONFIRM CONFIRM UBUNTU CONFIRM CONFIRM |
| googlesearch_project — googlesearch | Cross-site scripting (XSS) vulnerability in the googleSearch (CSE) (com_googlesearch_cse) component 3.0.2 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the q parameter to index.php. | 2015-09-11 | 4.3 | CVE-2015-6919 MISC |
| hp — arcsight_logger | HP ArcSight Logger before 6.0 P2 allows remote authenticated users to bypass the intended authorization policy via unspecified vectors. | 2015-09-16 | 4.0 | CVE-2015-2136 HP |
| hp — loadrunner | Unspecified vulnerability in HP LoadRunner Controller before 12.50 allows local users to gain privileges via unknown vectors, aka ZDI-CAN-2756. | 2015-09-15 | 4.6 | CVE-2015-5426 HP |
| hp — universal_configuration_management_database | HP UCMDB 10.00 and 10.01 before 10.01CUP12, 10.10 and 10.11 before 10.11CUP6, and 10.2x before 10.21 allows local users to obtain sensitive information via unspecified vectors. | 2015-09-16 | 4.9 | CVE-2015-5440 HP |
| ibm — websphere_mq | IBM WebSphere MQ 7.0.1 before 7.0.1.13 allows remote attackers to cause a denial of service (channel-agent abend and process outage) via a crafted selection string in an MQI call. | 2015-09-13 | 5.0 | CVE-2015-2013 CONFIRM AIXAPAR |
| ibm — websphere_commerce | Unspecified vulnerability in IBM WebSphere Commerce 7.0.0.6 through 7.0.0.9 allows remote authenticated users to obtain sensitive personal information via unknown vectors. | 2015-09-14 | 4.0 | CVE-2015-4980 CONFIRM AIXAPAR |
| igniterealtime — openfire | Multiple cross-site scripting (XSS) vulnerabilities in Ignite Realtime Openfire 3.10.2 allow remote attackers to inject arbitrary web script or HTML via the (1) groupchatName parameter to plugins/clientcontrol/create-bookmark.jsp; the (2) urlName parameter to plugins/clientcontrol/create-bookmark.jsp; the (3) hostname parameter to server-session-details.jsp; or the (4) search parameter to group-summary.jsp. | 2015-09-16 | 4.3 | CVE-2015-6972 EXPLOIT-DB MISC MISC |
| igniterealtime — openfire | Multiple cross-site request forgery (CSRF) vulnerabilities in Ignite Realtime Openfire 3.10.2 allow remote attackers to hijack the authentication of administrators for requests that (1) change a password via a crafted request to user-password.jsp, (2) add users via a crafted request to user-create.jsp, (3) edit server setting or (4) disable SSL on the server via a crafted request to server-props.jsp, or (5) add clients via a crafted request to plugins/clientcontrol/permitted-clients.jsp. | 2015-09-16 | 6.8 | CVE-2015-6973 EXPLOIT-DB BUGTRAQ MISC |
| jsp/mysql_administrador_web_project — jsp/mysql_administrador_web | Cross-site request forgery (CSRF) vulnerability in JSP/MySQL Administrador Web 1 allows remote attackers to hijack the authentication of users for requests that execute arbitrary SQL commands via the cmd parameter to sys/sys/listaBD2.jsp. | 2015-09-15 | 6.8 | CVE-2015-6944 BUGTRAQ MISC MISC |
| jsp/mysql_administrador_web_project — jsp/mysql_administrador_web | Cross-site scripting (XSS) vulnerability in JSP/MySQL Administrador Web 1 allows remote attackers to inject arbitrary web script or HTML via the bd parameter to sys/sys/listaBD2.jsp. | 2015-09-15 | 4.3 | CVE-2015-6945 BUGTRAQ MISC MISC |
| moxa — eds-405a_firmware | The GoAhead web server on Moxa EDS-405A and EDS-408A switches with firmware before 3.6 allows remote authenticated users to cause a denial of service (reboot) via a crafted URL. | 2015-09-11 | 6.8 | CVE-2015-6465 MISC CONFIRM |
| moxa — eds-405a_firmware | Cross-site scripting (XSS) vulnerability in the Diagnosis Ping feature in the administrative web interface on Moxa EDS-405A and EDS-408A switches with firmware before 3.6 allows remote attackers to inject arbitrary web script or HTML via an unspecified field. | 2015-09-11 | 4.3 | CVE-2015-6466 MISC CONFIRM |
| nibbleblog — nibbleblog | Multiple cross-site request forgery (CSRF) vulnerabilities in Nibbleblog before 4.0.5 allow remote attackers to hijack the authentication of administrators for requests that (1) create a post via a new_simple action to admin.php or (2) conduct cross-site scripting (XSS) attacks via the content parameter in a new_simple action to admin.php. | 2015-09-16 | 6.8 | CVE-2015-6966 CONFIRM FULLDISC MISC |
| nibbleblog — nibbleblog | Unrestricted file upload vulnerability in the My Image plugin in Nibbleblog before 4.0.5 allows remote administrators to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in content/private/plugins/my_image/image.php. | 2015-09-16 | 6.5 | CVE-2015-6967 FULLDISC MISC CONFIRM MISC |
| nokia — @vantage_commander | Multiple cross-site scripting (XSS) vulnerabilities in Nokia Networks (formerly Nokia Solutions and Networks and Nokia Siemens Networks) @vantage Commander allow remote attackers to inject arbitrary web script or HTML via the (1) idFilter or (2) nameFilter parameter to cftraces/filter/fl_copy.jsp; the (3) flName parameter to cftraces/filter/fl_crea1.jsp; the (4) serchStatus, (5) refreshTime, or (6) serchNode parameter to cftraces/process/pr_show_process.jsp; the (7) MaxActivationTime, (8) NumberOfBytes, (9) NumberOfTracefiles, (10) SessionName, or (11) serchSessionkind parameter to cftraces/session/se_crea.jsp; the (12) serchSessionDescription parameter to cftraces/session/se_show.jsp; the (13) serchApplication or (14) serchApplicationkind parameter to cftraces/session/tr_crea_filter.jsp; the (15) columKeyUnique, (16) columParameter, (17) componentName, (18) criteria1, (19) criteria2, (20) criteria3, (21) description, (22) filter, (23) id, (24) pathName, (25) tableName, or (26) component parameter to cftraces/session/tr_create_tagg_para.jsp; or the (27) userid parameter to home/certificate_association.jsp. | 2015-09-16 | 4.3 | CVE-2015-6929 MISC FULLDISC MISC |
| ntt-bp — japan_connected-free_wi-fi | The NTT Broadband Platform Japan Connected-free Wi-Fi application 1.6.0 and earlier for Android and 1.0.2 and earlier for iOS allows attackers to bypass a URL whitelist protection mechanism via unspecified vectors. | 2015-09-11 | 6.8 | CVE-2015-5629 MISC MISC JVNDB JVN |
| ntt-bp — japan_connected-free_wi-fi | Cross-site scripting (XSS) vulnerability in the NTT Broadband Platform Japan Connected-free Wi-Fi application 1.6.0 and earlier for Android and 1.0.2 and earlier for iOS allows remote attackers to inject arbitrary web script or HTML via a crafted SSID. | 2015-09-11 | 4.3 | CVE-2015-5630 MISC MISC JVNDB JVN |
| openldap — openldap | The ber_get_next function in libraries/liblber/io.c in OpenLDAP 2.4.42 and earlier allows remote attackers to cause a denial of service (reachable assertion and application crash) via crafted BER data, as demonstrated by an attack against slapd. | 2015-09-11 | 5.0 | CVE-2015-6908 CONFIRM CONFIRM |
| phpmyadmin — phpmyadmin | libraries/plugins/auth/AuthenticationCookie.class.php in phpMyAdmin 4.3.x before 4.3.13.2 and 4.4.x before 4.4.14.1 allows remote attackers to bypass a multiple-reCaptcha protection mechanism against brute-force credential guessing by providing a correct response to a single reCaptcha. | 2015-09-13 | 5.0 | CVE-2015-6830 CONFIRM CONFIRM |
| qlik — qlikview | XML external entity (XXE) vulnerability in QlikTech Qlikview before 11.20 SR12 allows remote attackers to conduct server-side request forgery (SSRF) attacks and read arbitrary files via crafted XML data in a request to AccessPoint.aspx. | 2015-09-16 | 6.4 | CVE-2015-3623 EXPLOIT-DB BUGTRAQ MISC |
| s9y — serendipity | SQL injection vulnerability in the serendipity_checkCommentToken function in include/functions_comments.inc.php in Serendipity before 2.0.2, when “Use Tokens for Comment Moderation” enabled, allows remote administrators to execute arbitrary SQL commands via the serendipity[id] parameter to serendipity_admin.php. | 2015-09-15 | 6.0 | CVE-2015-6943 NVD CONFIRM FULLDISC MISC MISC |
| s9y — serendipity | Multiple incomplete blacklist vulnerabilities in the serendipity_isActiveFile function in include/functions_images.inc.php in Serendipity before 2.0.2 allow remote authenticated users to execute arbitrary PHP code by uploading a file with a (1) .pht or (2) .phtml extension. | 2015-09-16 | 6.5 | CVE-2015-6968 FULLDISC CONFIRM MISC MISC |
| s9y — serendipity | Cross-site scripting (XSS) vulnerability in js/2k11.min.js in the 2k11 theme in Serendipity before 2.0.2 allows remote attackers to inject arbitrary web script or HTML via a user name in a comment, which is not properly handled in a Reply link. | 2015-09-16 | 4.3 | CVE-2015-6969 FULLDISC CONFIRM MISC MISC |
| securemoz — securemoz_security_audit | The tweet_info function in class/__functions.php in the SecureMoz Security Audit plugin 1.0.5 and earlier for WordPress does not use an HTTPS session for downloading serialized data, which allows man-in-the-middle attackers to conduct PHP object injection attacks and execute arbitrary PHP code by modifying the client-server data stream. NOTE: some of these details are obtained from third party information. | 2015-09-16 | 6.8 | CVE-2015-6828 MISC MLIST MLIST |
| siemens — ruggedcom_rugged_operating_system | Siemens RUGGEDCOM ROS 3.8.0 through 4.1.x permanently enables the IP forwarding feature, which allows remote attackers to bypass a VLAN isolation protection mechanism via IP traffic. | 2015-09-11 | 4.3 | CVE-2015-6675 MISC CONFIRM |
| sourceafrica_project — sourceafrica | Cross-site scripting (XSS) vulnerability in js/window.php in the sourceAFRICA plugin 0.1.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the wpbase parameter. | 2015-09-11 | 4.3 | CVE-2015-6920 MISC MISC |
| sprymedia — datatables | Cross-site scripting (XSS) vulnerability in the DataTables plugin 1.10.8 and earlier for jQuery allows remote attackers to inject arbitrary web script or HTML via the scripts parameter to media/unit_testing/templates/6776.php. | 2015-09-11 | 4.3 | CVE-2015-6584 MISC BUGTRAQ |
| structured_dynamics — open_semantic_framework | Cross-site request forgery (CSRF) vulnerability in the OSF module 7.x-3.x before 7.x-3.1 for Drupal, when the OSF Import module is enabled, allows remote attackers to hijack the authentication of administrators for requests that create new OSF datasets via unspecified vectors. | 2015-09-17 | 5.1 | CVE-2015-7233 MISC CONFIRM |
| structured_dynamics — open_semantic_framework | The OSF module 7.x-3.x before 7.x-3.1 for Drupal, when the OSF Ontology and OSF Import modules are enabled, allows user-assisted remote attackers to delete arbitrary files via unspecified vectors. | 2015-09-17 | 4.0 | CVE-2015-7234 MISC CONFIRM CONFIRM |
| synology — download_station | Cross-site scripting (XSS) vulnerability in the “Create download task via file upload” feature in Synology Download Station before 3.5-2962 allows remote attackers to inject arbitrary web script or HTML via the name element in the Info dictionary in a torrent file. | 2015-09-11 | 4.3 | CVE-2015-6909 CONFIRM CONFIRM MISC BUGTRAQ FULLDISC MISC |
| synology — download_station | Cross-site scripting (XSS) vulnerability in the “Create download task via URL” feature in Synology Download Station before 3.5-2967 allows remote attackers to inject arbitrary web script or HTML via the urls parameter in an add_url_task action to dlm/downloadman.cgi. | 2015-09-11 | 4.3 | CVE-2015-6913 CONFIRM MISC BUGTRAQ FULLDISC MISC |
Low Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| apple — iphone_os | The iTunes Store component in Apple iOS before 9 does not properly delete AppleID credentials from the keychain upon a signout action, which might allow physically proximate attackers to obtain sensitive information via unspecified vectors. | 2015-09-18 | 2.1 | CVE-2015-5832 CONFIRM APPLE |
| apple — iphone_os | XNU in the kernel in Apple iOS before 9 does not properly initialize an unspecified data structure, which allows local users to obtain sensitive memory-layout information via unknown vectors. | 2015-09-18 | 2.1 | CVE-2015-5842 CONFIRM APPLE |
| apple — iphone_os | AppleKeyStore in Apple iOS before 9 allows physically proximate attackers to reset the count of incorrect passcode attempts via a device backup. | 2015-09-18 | 2.1 | CVE-2015-5850 CONFIRM APPLE |
| apple — iphone_os | The convenience initializer in the Multipeer Connectivity component in Apple iOS before 9 does not require an encrypted session, which allows local users to obtain cleartext multipeer data via an encrypted-to-unencrypted downgrade attack. | 2015-09-18 | 2.1 | CVE-2015-5851 CONFIRM APPLE |
| apple — iphone_os | SpringBoard in Apple iOS before 9 allows physically proximate attackers to bypass a lock-screen preview-disabled setting, and reply to an audio message, via unspecified vectors. | 2015-09-18 | 2.1 | CVE-2015-5861 CONFIRM APPLE |
| apple — iphone_os | IOStorageFamily in Apple iOS before 9 does not properly initialize an unspecified data structure, which allows local users to obtain sensitive information from kernel memory via unknown vectors. | 2015-09-18 | 2.1 | CVE-2015-5863 CONFIRM APPLE |
| apple — iphone_os | The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Apple iOS before 9 allows remote attackers to reconfigure a hop-limit setting via a small hop_limit value in a Router Advertisement (RA) message. | 2015-09-18 | 3.3 | CVE-2015-5869 CONFIRM MLIST APPLE |
| apple — iphone_os | Siri in Apple iOS before 9 allows physically proximate attackers to bypass an intended client-side protection mechanism and obtain sensitive content-notification information by listening to a device in the lock-screen state. | 2015-09-18 | 2.1 | CVE-2015-5892 CONFIRM APPLE |
| apple — iphone_os | WebKit in Apple iOS before 9 allows man-in-the-middle attackers to conduct redirection attacks by leveraging the mishandling of the resource cache of an SSL web site with an invalid X.509 certificate. | 2015-09-18 | 2.6 | CVE-2015-5907 CONFIRM APPLE |
| structured_dynamics — open_semantic_framework | Cross-site scripting (XSS) vulnerability in unspecified administration pages in the OSF module 7.x-3.x before 7.x-3.1 for Drupal, when the OSF Ontology module is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2015-09-17 | 2.6 | CVE-2015-7232 MISC CONFIRM |
| typo3 — typo3 | The sanitizeLocalUrl function in TYPO3 6.x before 6.2.15, 7.x before 7.4.0, 4.5.40, and earlier allows remote authenticated users to bypass the XSS filter and conduct cross-site scripting (XSS) attacks via a base64 encoded data URI, as demonstrated by the (1) returnUrl parameter to show_rechis.php and the (2) redirect_url parameter to index.php. | 2015-09-16 | 3.5 | CVE-2015-5956 CONFIRM BUGTRAQ |
| zendesk — zendesk_feedback_tab | Cross-site scripting (XSS) vulnerability in the Zendesk Feedback Tab module 7.x-1.x before 7.x-1.1 for Drupal allows remote administrators with the “Configure Zendesk Feedback Tab” permission to inject arbitrary web script or HTML via unspecified vectors. | 2015-09-11 | 2.6 | CVE-2015-6921 MISC CONFIRM |
This product is provided subject to this Notification and this Privacy & Use policy.