Original release date: October 26, 2015
The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.
The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
-
High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0
-
Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9
-
Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9
Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.
High Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
accelerite — radia_client_automation | Stack-based buffer overflow in the agent in Persistent Accelerite Radia Client Automation (formerly HP Client Automation), possibly before 9.1, allows remote attackers to execute arbitrary code by sending a large amount of data in an environment that lacks relationship-based firewalling. | 2015-10-19 | 10.0 | CVE-2015-7860 MISC |
accelerite — radia_client_automation | Persistent Accelerite Radia Client Automation (formerly HP Client Automation), possibly before 9.1, allows remote attackers to execute arbitrary code by sending unspecified commands in an environment that lacks relationship-based firewalling. | 2015-10-19 | 10.0 | CVE-2015-7861 MISC |
adobe — air | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Windows and OS X and before 11.2.202.535 on Linux, Adobe AIR before 19.0.0.213, Adobe AIR SDK before 19.0.0.213, and Adobe AIR SDK & Compiler before 19.0.0.213 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-7629, CVE-2015-7631, CVE-2015-7636, CVE-2015-7637, CVE-2015-7638, CVE-2015-7639, CVE-2015-7640, CVE-2015-7641, CVE-2015-7642, CVE-2015-7643, and CVE-2015-7644. | 2015-10-18 | 10.0 | CVE-2015-7635 CONFIRM |
adobe — air | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Windows and OS X and before 11.2.202.535 on Linux, Adobe AIR before 19.0.0.213, Adobe AIR SDK before 19.0.0.213, and Adobe AIR SDK & Compiler before 19.0.0.213 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-7629, CVE-2015-7631, CVE-2015-7635, CVE-2015-7637, CVE-2015-7638, CVE-2015-7639, CVE-2015-7640, CVE-2015-7641, CVE-2015-7642, CVE-2015-7643, and CVE-2015-7644. | 2015-10-18 | 10.0 | CVE-2015-7636 CONFIRM |
adobe — air | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Windows and OS X and before 11.2.202.535 on Linux, Adobe AIR before 19.0.0.213, Adobe AIR SDK before 19.0.0.213, and Adobe AIR SDK & Compiler before 19.0.0.213 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-7629, CVE-2015-7631, CVE-2015-7635, CVE-2015-7636, CVE-2015-7638, CVE-2015-7639, CVE-2015-7640, CVE-2015-7641, CVE-2015-7642, CVE-2015-7643, and CVE-2015-7644. | 2015-10-18 | 10.0 | CVE-2015-7637 CONFIRM |
adobe — air | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Windows and OS X and before 11.2.202.535 on Linux, Adobe AIR before 19.0.0.213, Adobe AIR SDK before 19.0.0.213, and Adobe AIR SDK & Compiler before 19.0.0.213 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-7629, CVE-2015-7631, CVE-2015-7635, CVE-2015-7636, CVE-2015-7637, CVE-2015-7639, CVE-2015-7640, CVE-2015-7641, CVE-2015-7642, CVE-2015-7643, and CVE-2015-7644. | 2015-10-18 | 10.0 | CVE-2015-7638 CONFIRM |
adobe — air | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Windows and OS X and before 11.2.202.535 on Linux, Adobe AIR before 19.0.0.213, Adobe AIR SDK before 19.0.0.213, and Adobe AIR SDK & Compiler before 19.0.0.213 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-7629, CVE-2015-7631, CVE-2015-7635, CVE-2015-7636, CVE-2015-7637, CVE-2015-7638, CVE-2015-7640, CVE-2015-7641, CVE-2015-7642, CVE-2015-7643, and CVE-2015-7644. | 2015-10-18 | 10.0 | CVE-2015-7639 CONFIRM |
adobe — air | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Windows and OS X and before 11.2.202.535 on Linux, Adobe AIR before 19.0.0.213, Adobe AIR SDK before 19.0.0.213, and Adobe AIR SDK & Compiler before 19.0.0.213 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-7629, CVE-2015-7631, CVE-2015-7635, CVE-2015-7636, CVE-2015-7637, CVE-2015-7638, CVE-2015-7639, CVE-2015-7641, CVE-2015-7642, CVE-2015-7643, and CVE-2015-7644. | 2015-10-18 | 10.0 | CVE-2015-7640 CONFIRM |
adobe — air | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Windows and OS X and before 11.2.202.535 on Linux, Adobe AIR before 19.0.0.213, Adobe AIR SDK before 19.0.0.213, and Adobe AIR SDK & Compiler before 19.0.0.213 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-7629, CVE-2015-7631, CVE-2015-7635, CVE-2015-7636, CVE-2015-7637, CVE-2015-7638, CVE-2015-7639, CVE-2015-7640, CVE-2015-7642, CVE-2015-7643, and CVE-2015-7644. | 2015-10-18 | 10.0 | CVE-2015-7641 CONFIRM |
adobe — air | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Windows and OS X and before 11.2.202.535 on Linux, Adobe AIR before 19.0.0.213, Adobe AIR SDK before 19.0.0.213, and Adobe AIR SDK & Compiler before 19.0.0.213 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-7629, CVE-2015-7631, CVE-2015-7635, CVE-2015-7636, CVE-2015-7637, CVE-2015-7638, CVE-2015-7639, CVE-2015-7640, CVE-2015-7641, CVE-2015-7643, and CVE-2015-7644. | 2015-10-18 | 10.0 | CVE-2015-7642 CONFIRM |
adobe — flash_player | Adobe Flash Player before 18.0.0.255 and 19.x before 19.0.0.226 on Windows and OS X and before 11.2.202.540 on Linux allows attackers to execute arbitrary code by leveraging an unspecified “type confusion,” a different vulnerability than CVE-2015-7648. | 2015-10-18 | 10.0 | CVE-2015-7647 CONFIRM |
adobe — flash_player | Adobe Flash Player before 18.0.0.255 and 19.x before 19.0.0.226 on Windows and OS X and before 11.2.202.540 on Linux allows attackers to execute arbitrary code by leveraging an unspecified “type confusion,” a different vulnerability than CVE-2015-7647. | 2015-10-18 | 10.0 | CVE-2015-7648 CONFIRM |
apple — itunes | CoreText in Apple iOS before 9.1, OS X before 10.11.1, and iTunes before 12.3.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6992 and CVE-2015-7017. | 2015-10-23 | 7.5 | CVE-2015-6975 APPLE CONFIRM CONFIRM CONFIRM APPLE APPLE |
apple — iphone_os | GasGauge in Apple iOS before 9.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | 2015-10-23 | 9.3 | CVE-2015-6979 CONFIRM APPLE |
apple — iphone_os | com.apple.driver.AppleVXD393 in the Graphics Driver subsystem in Apple iOS before 9.1 allows attackers to execute arbitrary code via a crafted app that leverages an unspecified “type confusion.” | 2015-10-23 | 9.3 | CVE-2015-6986 CONFIRM APPLE |
apple — itunes | CoreText in Apple iOS before 9.1, OS X before 10.11.1, and iTunes before 12.3.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6975 and CVE-2015-7017. | 2015-10-23 | 7.5 | CVE-2015-6992 APPLE CONFIRM CONFIRM CONFIRM APPLE APPLE |
apple — iphone_os | The kernel in Apple iOS before 9.1 allows attackers to cause a denial of service via a crafted app. | 2015-10-23 | 7.1 | CVE-2015-7004 CONFIRM APPLE |
apple — itunes | CoreText in Apple iOS before 9.1, OS X before 10.11.1, and iTunes before 12.3.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6975 and CVE-2015-6992. | 2015-10-23 | 7.5 | CVE-2015-7017 APPLE CONFIRM CONFIRM CONFIRM APPLE APPLE |
apple — xcode | The Swift implementation in Apple Xcode before 7.1 mishandles type conversion, which has unspecified impact and attack vectors. | 2015-10-23 | 7.5 | CVE-2015-7030 CONFIRM APPLE |
apple — mac_os_x | Apple Mac EFI before 2015-002, as used in OS X before 10.11.1 and other products, mishandles arguments, which allows attackers to reach “unused” functions via unspecified vectors. | 2015-10-23 | 7.5 | CVE-2015-7035 CONFIRM CONFIRM APPLE APPLE |
cloudbees — jenkins | The API token-issuing service in CloudBees Jenkins before 1.606 and LTS before 1.596.2 allows remote attackers to gain privileges via a “forced API token change” involving anonymous users. | 2015-10-16 | 7.5 | CVE-2015-1814 CONFIRM CONFIRM REDHAT |
drupal_7_driver_for_sql_server_and_sql_azure_project — drupal_7_driver_for_sql_server_and_sql_azure | The escapeLike function in sqlsrv/database.inc in the Drupal 7 driver for SQL Server and SQL Azure 7.x-1.x before 7.x-1.4 does not properly escape certain characters, which allows remote attackers to execute arbitrary SQL commands vectors involving a module using the db_like function. | 2015-10-21 | 7.5 | CVE-2015-7876 MISC CONFIRM CONFIRM CONFIRM |
emc — sourceone_email_supervisor | EMC SourceOne Email Supervisor before 7.2 does not properly employ random values for session IDs, which makes it easier for remote attackers to obtain access by guessing an ID. | 2015-10-18 | 7.5 | CVE-2015-6845 BUGTRAQ |
juniper — junos | Juniper Junos OS before 11.4R12-S4, 12.1X44 before 12.1X44-D41, 12.1X46 before 12.1X46-D26, 12.1X47 before 12.1X47-D11/D15, 12.2 before 12.2R9, 12.2X50 before 12.2X50-D70, 12.3 before 12.3R8, 12.3X48 before 12.3X48-D10, 12.3X50 before 12.3X50-D42, 13.1 before 13.1R4-S3, 13.1X49 before 13.1X49-D42, 13.1X50 before 13.1X50-D30, 13.2 before 13.2R6, 13.2X51 before 13.2X51-D26, 13.2X52 before 13.2X52-D15, 13.3 before 13.3R3-S3, 14.1 before 14.1R3, 14.2 before 14.2R1, 15.1 before 15.1R1, and 15.1X49 before 15.1X49-D10, when configured for IPv6, allow remote attackers to cause a denial of service (mbuf chain corruption and kernel panic) via crafted IPv6 packets. | 2015-10-16 | 7.8 | CVE-2014-6450 CONFIRM |
juniper — junos | J-Web in Juniper vSRX virtual firewalls with Junos OS before 15.1X49-D20 allows remote attackers to cause a denial of service (system reboot) via unspecified vectors. | 2015-10-16 | 7.8 | CVE-2014-6451 CONFIRM |
juniper — junos | The PFE daemon in Juniper vSRX virtual firewalls with Junos OS before 15.1X49-D20 allows remote attackers to cause a denial of service via an unspecified connection request to the “host-OS.” | 2015-10-19 | 7.8 | CVE-2015-7749 CONFIRM |
juniper — junos | The SSH server in Juniper Junos OS before 12.1X44-D50, 12.1X46 before 12.1X46-D35, 12.1X47 before 12.1X47-D25, 12.3 before 12.3R10, 12.3X48 before 12.3X48-D10, 13.2 before 13.2R8, 13.2X51 before 13.2X51-D35, 13.3 before 13.3R6, 14.1 before 14.1R5, 14.1X53 before 14.1X53-D25, 14.2 before 14.2R3, 15.1 before 15.1R1, and 15.1X49 before 15.1X49-D20 allows remote attackers to cause a denial of service (CPU consumption) via unspecified SSH traffic. | 2015-10-19 | 7.8 | CVE-2015-7752 SECTRACK CONFIRM |
linux — linux_kernel | The __rds_conn_create function in net/rds/connection.c in the Linux kernel through 4.2.3 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by using a socket that was not properly bound. | 2015-10-19 | 7.8 | CVE-2015-6937 CONFIRM CONFIRM MLIST CONFIRM |
microsoft — sharepoint | SQL injection vulnerability in Runtime/Runtime/AjaxCall.ashx in K2 blackpearl, smartforms, and K2 for SharePoint 4.6.7 allows remote attackers to execute arbitrary SQL commands via the xml parameter. | 2015-10-21 | 7.5 | CVE-2015-7299 BUGTRAQ MISC |
opennms — opennms | OpenNMS has a default password of rtc for the rtc account, which makes it easier for remote attackers to obtain access by leveraging knowledge of the credentials. | 2015-10-16 | 10.0 | CVE-2015-7856 MISC CONFIRM |
oracle — communications_applications | Unspecified vulnerability in (1) the Oracle Communications Diameter Signaling Router (DSR) component in Oracle Communications Applications 4.1.6 and earlier, 5.1.0 and earlier, 6.0.2 and earlier, and 7.1.0 and earlier; (2) the Oracle Communications Performance Intelligence Center Software component in Oracle Communications Applications 9.0.3 and earlier and 10.1.5 and earlier; (3) the Oracle Communications Policy Management component in Oracle Communications Applications 9.9.0 and earlier, 10.5.0 and earlier, 11.5.0 and earlier, and 12.1.0 and earlier; (4) the Oracle Communications Tekelec HLR Router component in Oracle Communications Applications 4.0.0; and (5) the Oracle Communications User Data Repository component in Oracle Communications Applications 10.2.0 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to PMAC. | 2015-10-21 | 10.0 | CVE-2015-2608 CONFIRM |
oracle — database_server | Unspecified vulnerability in the Java VM component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors. | 2015-10-21 | 9.0 | CVE-2015-4794 CONFIRM |
oracle — industry_applications | Unspecified vulnerability in the Oracle Utilities Work and Asset Management component in Oracle Industry Applications 1.9.1.1.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Add-On Applications. | 2015-10-21 | 7.5 | CVE-2015-4795 CONFIRM |
oracle — database_server | Unspecified vulnerability in the Java VM component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2, when running on Windows, allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2015-4888. | 2015-10-21 | 9.0 | CVE-2015-4796 CONFIRM |
oracle — jdk | Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Serialization. | 2015-10-21 | 10.0 | CVE-2015-4805 CONFIRM |
oracle — mysql | Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier, and 5.6.25 and earlier, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Client programs. | 2015-10-21 | 7.2 | CVE-2015-4819 CONFIRM |
oracle — oracle_and_sun_systems_product_suite | Unspecified vulnerability in the Integrated Lights Out Manager (ILOM) component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Web. | 2015-10-21 | 9.3 | CVE-2015-4821 CONFIRM |
oracle — jdk | Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA, a different vulnerability than CVE-2015-4881. | 2015-10-21 | 10.0 | CVE-2015-4835 CONFIRM |
oracle — jdk | Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. | 2015-10-21 | 10.0 | CVE-2015-4843 CONFIRM |
oracle — jdk | Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. | 2015-10-21 | 10.0 | CVE-2015-4844 CONFIRM |
oracle — jdk | Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI, a different vulnerability than CVE-2015-4883. | 2015-10-21 | 10.0 | CVE-2015-4860 CONFIRM |
oracle — database_server | Unspecified vulnerability in the Portable Clusterware component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | 2015-10-21 | 10.0 | CVE-2015-4863 CONFIRM |
oracle — jdk | Unspecified vulnerability in Oracle Java SE 8u60 and Java SE Embedded 8u51 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. | 2015-10-21 | 7.6 | CVE-2015-4868 CONFIRM |
oracle — database_server | Unspecified vulnerability in the Database Scheduler component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Local. | 2015-10-21 | 9.0 | CVE-2015-4873 CONFIRM |
oracle — jdk | Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA, a different vulnerability than CVE-2015-4835. | 2015-10-21 | 10.0 | CVE-2015-4881 CONFIRM |
oracle — jdk | Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI, a different vulnerability than CVE-2015-4860. | 2015-10-21 | 10.0 | CVE-2015-4883 CONFIRM |
oracle — jdk | Unspecified vulnerability in Oracle Java SE 8u60 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to JavaFX. | 2015-10-21 | 9.3 | CVE-2015-4901 CONFIRM |
oracle — oracle_and_sun_systems_product_suite | Unspecified vulnerability in the Integrated Lights Out Manager (ILOM) component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to System Management. | 2015-10-21 | 10.0 | CVE-2015-4915 CONFIRM |
owncloud — owncloud | Directory traversal vulnerability in the routing component in ownCloud Server before 7.0.6 and 8.0.x before 8.0.4, when running on Windows, allows remote attackers to reinstall the application or execute arbitrary code via unspecified vectors. | 2015-10-21 | 10.0 | CVE-2015-4716 CONFIRM DEBIAN |
owncloud — owncloud | The filename sanitization component in ownCloud Server before 6.0.8, 7.0.x before 7.0.6, and 8.0.x before 8.0.4 does not properly handle $_GET parameters cast by PHP to an array, which allows remote attackers to cause a denial of service (infinite loop and log file consumption) via crafted endpoint file names. | 2015-10-21 | 7.8 | CVE-2015-4717 CONFIRM BID DEBIAN |
owncloud — owncloud | The external SMB storage driver in ownCloud Server before 6.0.8, 7.0.x before 7.0.6, and 8.0.x before 8.0.4 allows remote authenticated users to execute arbitrary SMB commands via a ; (semicolon) character in a file. | 2015-10-21 | 9.0 | CVE-2015-4718 CONFIRM BID DEBIAN |
owncloud — owncloud | icewind1991 SMB before 1.0.3 allows remote authenticated users to execute arbitrary SMB commands via shell metacharacters in the user argument in the (1) listShares function in Server.php or the (2) connect or (3) read function in Share.php. | 2015-10-21 | 9.0 | CVE-2015-7698 CONFIRM CONFIRM |
Medium Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
3s-software — codesys_runtime_system | Runtime Toolkit before 2.4.7.48 in 3S-Smart CODESYS before 2.3.9.48 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted request. | 2015-10-18 | 5.0 | CVE-2015-6482 MISC |
accelerite — radia_client_automation | Persistent Accelerite Radia Client Automation (formerly HP Client Automation) 7.9 through 9.1 before 2015-02-19 improperly implements the Role Based Access Control feature, which might allow remote attackers to modify an account’s role assignments via unspecified vectors. | 2015-10-19 | 5.0 | CVE-2015-7862 CONFIRM |
accelerite — radia_client_automation | The default configuration of Persistent Accelerite Radia Client Automation (formerly HP Client Automation) 7.9 through 9.1 before 2015-02-19 enables a remote Notify capability without the Extended Notify Security features, which might allow remote attackers to bypass intended access restrictions via unspecified vectors. | 2015-10-19 | 5.0 | CVE-2015-7863 CONFIRM |
airdroid — airdroid | The SAND STUDIO AirDroid application 1.1.0 and earlier for Android mishandles implicit intents, which allows attackers to obtain sensitive information via a crafted application. | 2015-10-18 | 4.3 | CVE-2015-5661 JVNDB JVN |
apple — iphone_os | WebKit, as used in Apple iOS before 9.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-1. | 2015-10-23 | 6.8 | CVE-2015-6981 CONFIRM APPLE |
apple — iphone_os | WebKit, as used in Apple iOS before 9.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-1. | 2015-10-23 | 6.8 | CVE-2015-6982 CONFIRM APPLE |
apple — iphone_os | The X.509 certificate-trust implementation in Apple iOS before 9.1 does not recognize that the kSecRevocationRequirePositiveResponse flag implies a revocation-checking requirement, which makes it easier for man-in-the-middle attackers to spoof endpoints by leveraging access to a revoked certificate. | 2015-10-23 | 4.3 | CVE-2015-6997 CONFIRM APPLE |
apple — iphone_os | The OCSP client in Apple iOS before 9.1 does not check for certificate expiry, which allows remote attackers to spoof a valid certificate by leveraging access to a revoked certificate. | 2015-10-23 | 5.0 | CVE-2015-6999 CONFIRM APPLE |
apple — iphone_os | WebKit, as used in Apple iOS before 9.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-1. | 2015-10-23 | 6.8 | CVE-2015-7005 CONFIRM APPLE |
apple — iphone_os | The Telephony subsystem in Apple iOS before 9.1 allows attackers to obtain sensitive call-status information via a crafted app. | 2015-10-23 | 4.3 | CVE-2015-7022 CONFIRM APPLE |
apple — mac_os_x_server | The Web Service component in Apple OS X Server before 5.0.15 omits an unspecified HTTP header configuration, which allows remote attackers to bypass intended access restrictions via unknown vectors. | 2015-10-23 | 5.0 | CVE-2015-7031 CONFIRM APPLE |
apple — iwork | The Apple iWork application before 2.6 for iOS, Apple Keynote before 6.6, Apple Pages before 5.6, and Apple Numbers before 3.6 allow remote attackers to obtain sensitive information via a crafted document. | 2015-10-18 | 4.3 | CVE-2015-7032 CONFIRM APPLE |
apple — iwork | The Apple iWork application before 2.6 for iOS, Apple Keynote before 6.6, Apple Pages before 5.6, and Apple Numbers before 3.6 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted document. | 2015-10-18 | 6.8 | CVE-2015-7033 CONFIRM APPLE |
apple — iwork | The Apple iWork application before 2.6 for iOS and Apple Pages before 5.6 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Pages document. | 2015-10-18 | 6.8 | CVE-2015-7034 CONFIRM APPLE |
avast — avast_antivirus | Directory traversal vulnerability in Avast before 150918-0 allows remote attackers to delete or write to arbitrary files via a crafted entry in a ZIP archive. | 2015-10-18 | 6.4 | CVE-2015-5662 JVNDB JVN |
cloudbees — jenkins | The combination filter Groovy script in CloudBees Jenkins before 1.600 and LTS before 1.596.1 allows remote authenticated users with job configuration permission to gain privileges and execute arbitrary code on the master via unspecified vectors. | 2015-10-16 | 6.5 | CVE-2015-1806 CONFIRM CONFIRM REDHAT |
cloudbees — jenkins | The HudsonPrivateSecurityRealm class in CloudBees Jenkins before 1.600 and LTS before 1.596.1 does not restrict access to reserved names when using the “Jenkins’ own user database” setting, which allows remote attackers to gain privileges by creating a reserved name. | 2015-10-16 | 4.6 | CVE-2015-1810 CONFIRM CONFIRM REDHAT |
cloudbees — jenkins | Cross-site scripting (XSS) vulnerability in CloudBees Jenkins before 1.606 and LTS before 1.596.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-1813. | 2015-10-16 | 4.3 | CVE-2015-1812 CONFIRM CONFIRM REDHAT |
cloudbees — jenkins | Cross-site scripting (XSS) vulnerability in CloudBees Jenkins before 1.606 and LTS before 1.596.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-1812. | 2015-10-16 | 4.3 | CVE-2015-1813 CONFIRM CONFIRM REDHAT |
emc — sourceone_email_supervisor | Reviewer in EMC SourceOne Email Supervisor before 7.2 does not properly limit attempts to authenticate, which makes it easier for remote attackers to obtain access via a brute-force approach. | 2015-10-18 | 5.0 | CVE-2015-6843 BUGTRAQ |
emc — sourceone_email_supervisor | Cross-site scripting (XSS) vulnerability in Reviewer in EMC SourceOne Email Supervisor before 7.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2015-10-18 | 4.3 | CVE-2015-6844 BUGTRAQ |
emc — sourceone_email_supervisor | EMC SourceOne Email Supervisor before 7.2 uses hardcoded encryption keys, which makes it easier for attackers to obtain access by examining how a program’s code conducts cryptographic operations. | 2015-10-18 | 6.8 | CVE-2015-6846 BUGTRAQ |
font_project — font | Absolute path traversal vulnerability in Font.php in the Font plugin before 7.5.1 for WordPress allows remote administrators to read arbitrary files via a full pathname in the url parameter to AjaxProxy.php. | 2015-10-16 | 4.0 | CVE-2015-7683 CONFIRM MISC BUGTRAQ MISC |
genetechsolutions — pie_register | Cross-site scripting (XSS) vulnerability in pie-register/pie-register.php in the Pie Register plugin before 2.0.19 for WordPress allows remote attackers to inject arbitrary web script or HTML via the invitaion_code parameter in a pie-register page to the default URI. | 2015-10-16 | 4.3 | CVE-2015-7377 MISC CONFIRM BUGTRAQ MISC |
genetechsolutions — pie_register | Multiple SQL injection vulnerabilities in pie-register/pie-register.php in the Pie Register plugin before 2.0.19 for WordPress allow remote administrators to execute arbitrary SQL commands via the (1) select_invitaion_code_bulk_option or (2) invi_del_id parameter in the pie-invitation-codes page to wp-admin/admin.php. | 2015-10-16 | 6.5 | CVE-2015-7682 MISC CONFIRM BUGTRAQ MISC |
hp — smart_profile_server_data_analytics_layer | Multiple cross-site scripting (XSS) vulnerabilities in HP Smart Profile Server Data Analytics Layer (SPS DAL) 2.3 before 2.3.5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2015-10-18 | 4.3 | CVE-2015-5444 HP |
juniper — junos | Juniper Junos OS before 12.1X44-D50, 12.1X46 before 12.1X46-D35, 12.1X47 before 12.1X47-D25, 12.3 before 12.3R10, 12.3X48 before 12.3X48-D15, 13.2 before 13.2R8, 13.3 before 13.3R7, 14.1 before 14.1R5, and 14.2 before 14.2R1 do not properly handle TCP packet reassembly, which allows remote attackers to cause a denial of service (buffer consumption) via a crafted sequence of packets “destined to the device.” | 2015-10-16 | 5.0 | CVE-2014-6449 CONFIRM |
juniper — junos | Juniper chassis with Trio (Trinity) chipset line cards and Junos OS 13.3 before 13.3R8, 14.1 before 14.1R6, 14.2 before 14.2R5, and 15.1 before 15.1R2 allow remote attackers to cause a denial of service (MPC line card crash) via a crafted uBFD packet. | 2015-10-19 | 5.0 | CVE-2015-7748 CONFIRM |
juniper — screenos | The L2TP packet processing functionality in Juniper Netscreen and ScreenOS Firewall products with ScreenOS before 6.3.0r13-dnd1, 6.3.0r14 through 6.3.0r18 before 6.3.0r18-dnc1, and 6.3.0r19 allows remote attackers to cause a denial of service via a crafted L2TP packet. | 2015-10-19 | 5.0 | CVE-2015-7750 CONFIRM |
juniper — junos | Juniper Junos OS before 12.1X44-D50, 12.1X46 before 12.1X46-D35, 12.1X47 before 12.1X47-D25, 12.3 before 12.3R9, 12.3X48 before 12.3X48-D15, 13.2 before 13.2R7, 13.2X51 before 13.2X51-D35, 13.3 before 13.3R6, 14.1 before 14.1R5, 14.1X50 before 14.1X50-D105, 14.1X51 before 14.1X51-D70, 14.1X53 before 14.1X53-D25, 14.1X55 before 14.1X55-D20, 14.2 before 14.2R1, 15.1 before 15.1F2 or 15.1R1, and 15.1X49 before 15.1X49-D10 does not require a password for the root user when pam.conf is “corrupted,” which allows local users to gain root privileges by modifying the file. | 2015-10-19 | 6.9 | CVE-2015-7751 SECTRACK CONFIRM |
kentico — kentico_cms | Multiple cross-site scripting (XSS) vulnerabilities in Kentico CMS 8.2 allow remote attackers to inject arbitrary web script or HTML via a (1) parameter name to CMSModules/AdminControls/Pages/UIPage.aspx or the (2) CMSBodyClass cookie variable to the default URI. | 2015-10-21 | 5.0 | CVE-2015-7822 MISC |
kentico — kentico_cms | Open redirect vulnerability in CMSPages/GetDocLink.ashx in Kentico CMS 8.2 through 8.2.41 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the link parameter. | 2015-10-21 | 5.8 | CVE-2015-7823 MISC |
linux — linux_kernel | The ext4_zero_range function in fs/ext4/extents.c in the Linux kernel before 4.1 allows local users to cause a denial of service (BUG) via a crafted fallocate zero-range request. | 2015-10-19 | 4.9 | CVE-2015-0275 CONFIRM CONFIRM MLIST MLIST CONFIRM |
linux — linux_kernel | The virtnet_probe function in drivers/net/virtio_net.c in the Linux kernel before 4.2 attempts to support a FRAGLIST feature without proper memory allocation, which allows guest OS users to cause a denial of service (buffer overflow and memory corruption) via a crafted sequence of fragmented packets. | 2015-10-19 | 6.1 | CVE-2015-5156 CONFIRM CONFIRM CONFIRM |
linux — linux_kernel | The sctp_init function in net/sctp/protocol.c in the Linux kernel before 4.2.3 has an incorrect sequence of protocol-initialization steps, which allows local users to cause a denial of service (panic or memory corruption) by creating SCTP sockets before all of the steps have finished. | 2015-10-19 | 4.7 | CVE-2015-5283 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
linux — linux_kernel | Integer overflow in the sg_start_req function in drivers/scsi/sg.c in the Linux kernel 2.6.x through 4.x before 4.1 allows local users to cause a denial of service or possibly have unspecified other impact via a large iov_count value in a write request. | 2015-10-19 | 4.6 | CVE-2015-5707 CONFIRM CONFIRM CONFIRM MLIST CONFIRM CONFIRM |
linux — linux_kernel | Race condition in the IPC object implementation in the Linux kernel through 4.2.3 allows local users to gain privileges by triggering an ipc_addid call that leads to uid and gid comparisons against uninitialized data, related to msg.c, shm.c, and util.c. | 2015-10-19 | 6.9 | CVE-2015-7613 CONFIRM CONFIRM MLIST CONFIRM |
linux — linux_kernel | The slhc_init function in drivers/net/slip/slhc.c in the Linux kernel through 4.2.3 does not ensure that certain slot numbers are valid, which allows local users to cause a denial of service (NULL pointer dereference and system crash) via a crafted PPPIOCSMAXCID ioctl call. | 2015-10-19 | 4.9 | CVE-2015-7799 MISC CONFIRM MLIST |
mozilla — firefox | The fetch API implementation in Mozilla Firefox before 41.0.2 does not restrict access to the HTTP response body in certain situations where user credentials are supplied but the CORS cross-origin request algorithm is improperly followed, which allows remote attackers to bypass the Same Origin Policy via a crafted web site. | 2015-10-18 | 6.8 | CVE-2015-7184 CONFIRM CONFIRM CONFIRM |
nordex — nordex_control_2_scada | Multiple cross-site scripting (XSS) vulnerabilities in the Wind Farm Portal application in Nordex Control 2 (NC2) SCADA 16 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2015-10-18 | 4.3 | CVE-2015-6477 MISC |
oracle — fusion_middleware | Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 10.1.3.5, 11.1.1.7, 11.1.1.9, 12.1.2.0, and 12.1.3.0 allows remote attackers to affect availability via unknown vectors related to Web Listener. | 2015-10-21 | 5.0 | CVE-2015-1829 CONFIRM |
oracle — solaris | Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Gzip. | 2015-10-21 | 4.4 | CVE-2015-2642 CONFIRM |
oracle — mysql | Unspecified vulnerability in Oracle MySQL 5.6.20 and earlier allows remote authenticated users to affect availability via unknown vectors related to Types. | 2015-10-21 | 4.0 | CVE-2015-4730 CONFIRM |
oracle — jdk | Unspecified vulnerability in Oracle Java SE 6u101, 7u85 and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality via vectors related to JGSS. | 2015-10-21 | 5.0 | CVE-2015-4734 CONFIRM |
oracle — e-business_suite | Unspecified vulnerability in the Oracle Applications DBA component in Oracle E-Business Suite 12.2.3 and 12.2.4 allows remote authenticated users to affect confidentiality via unknown vectors related to Online patching. | 2015-10-21 | 4.0 | CVE-2015-4762 CONFIRM |
oracle — communications_applications | Unspecified vulnerability in the Oracle Communications Convergence component in Oracle Communications Applications 2.0 and 3.0.1 allows remote attackers to affect confidentiality via unknown vectors related to Mail Proxy. | 2015-10-21 | 4.3 | CVE-2015-4793 CONFIRM |
oracle — e-business_suite | Unspecified vulnerability in the Oracle Applications Technology Stack component in Oracle E-Business Suite 11.5.10.2 allows remote authenticated users to affect availability via unknown vectors related to DB Listener, a different vulnerability than CVE-2015-4839. | 2015-10-21 | 4.0 | CVE-2015-4798 CONFIRM |
oracle — fusion_middleware | Unspecified vulnerability in the Oracle WebCenter Sites component in Oracle Fusion Middleware 7.6.2, 11.1.1.6.1, and 11.1.1.8.0 allows remote attackers to affect integrity via unknown vectors related to Security. | 2015-10-21 | 4.3 | CVE-2015-4799 CONFIRM |
oracle — mysql | Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer. | 2015-10-21 | 4.0 | CVE-2015-4800 CONFIRM |
oracle — mysql | Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition, a different vulnerability than CVE-2015-4792. | 2015-10-21 | 4.0 | CVE-2015-4802 CONFIRM |
oracle — jdk | Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Java SE Embedded 8u51; and JRockit R28.3.7 allows remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2015-4893 and CVE-2015-4911. | 2015-10-21 | 5.0 | CVE-2015-4803 CONFIRM |
oracle — peoplesoft_products | Unspecified vulnerability in the PeopleSoft Enterprise HCM Talent Acquistion Managment component in Oracle PeopleSoft Products 9.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Security. | 2015-10-21 | 4.0 | CVE-2015-4804 CONFIRM |
oracle — jdk | Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality and integrity via unknown vectors related to Libraries. | 2015-10-21 | 6.4 | CVE-2015-4806 CONFIRM |
oracle — jdk | Unspecified vulnerability in Oracle Java SE 7u85 and 8u60 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. | 2015-10-21 | 6.9 | CVE-2015-4810 CONFIRM |
oracle — mysql | Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DDL. | 2015-10-21 | 4.0 | CVE-2015-4815 CONFIRM |
oracle — mysql | Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB. | 2015-10-21 | 4.0 | CVE-2015-4816 CONFIRM |
oracle — solaris | Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect confidentiality, integrity, and availability via vectors related to Kernel Zones virtualized NIC driver. | 2015-10-21 | 6.2 | CVE-2015-4817 CONFIRM |
oracle — peoplesoft_products | Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.54 allows remote authenticated users to affect confidentiality and integrity via vectors related to PIA Core Technology. | 2015-10-21 | 5.5 | CVE-2015-4818 CONFIRM |
oracle — solaris | Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Solaris Kernel Zones, a different vulnerability than CVE-2015-4907. | 2015-10-21 | 6.2 | CVE-2015-4820 CONFIRM |
oracle — mysql | Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Types. | 2015-10-21 | 4.0 | CVE-2015-4826 CONFIRM |
oracle — retail_applications | Unspecified vulnerability in the Oracle Retail Open Commerce Platform component in Oracle Retail Applications 3.0 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Framework. | 2015-10-21 | 6.4 | CVE-2015-4827 CONFIRM |
oracle — peoplesoft_products | Unspecified vulnerability in the PeopleSoft Enterprise FSCM component in Oracle PeopleSoft Products 9.2 allows remote authenticated users to affect confidentiality via vectors related to FIN Resource Management (Security). | 2015-10-21 | 4.0 | CVE-2015-4828 CONFIRM |
oracle — mysql | Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Privileges. | 2015-10-21 | 4.0 | CVE-2015-4830 CONFIRM |
oracle — solaris | Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect availability via unknown vectors related to Solaris Kernel Zones, a different vulnerability than CVE-2015-4822. | 2015-10-21 | 4.9 | CVE-2015-4831 CONFIRM |
oracle — fusion_middleware | Unspecified vulnerability in the Oracle Identity Manager component in Oracle Fusion Middleware 11.1.1.7, 11.1.2.2, and 11.1.2.3 allows remote attackers to affect integrity via vectors related to OIM Legacy UI. | 2015-10-21 | 4.3 | CVE-2015-4832 CONFIRM |
oracle — mysql | Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition. | 2015-10-21 | 4.0 | CVE-2015-4833 CONFIRM |
oracle — solaris | Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Utility/Security. | 2015-10-21 | 6.6 | CVE-2015-4837 CONFIRM |
oracle — fusion_middleware | Unspecified vulnerability in the Oracle JDeveloper component in Oracle Fusion Middleware 11.1.2.4.0, 12.1.2.0.0, and 12.1.3.0.0 allows remote authenticated users to affect confidentiality via vectors related to ADF Faces. | 2015-10-21 | 4.0 | CVE-2015-4838 CONFIRM |
oracle — e-business_suite | Unspecified vulnerability in the Oracle Applications Technology Stack component in Oracle E-Business Suite 11.5.10.2 allows remote authenticated users to affect availability via unknown vectors related to DB Listener, a different vulnerability than CVE-2015-4798. | 2015-10-21 | 4.0 | CVE-2015-4839 CONFIRM |
oracle — jdk | Unspecified vulnerability in Oracle Java SE 7u85 and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality via unknown vectors related to 2D. | 2015-10-21 | 5.0 | CVE-2015-4840 CONFIRM |
oracle — siebel_crm | Unspecified vulnerability in the Siebel Core – Server Framework component in Oracle Siebel CRM IP2014 PS10 and IP2015 PS5 allows remote attackers to affect confidentiality via unknown vectors related to Services. | 2015-10-21 | 4.3 | CVE-2015-4841 CONFIRM |
oracle — jdk | Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality via vectors related to JAXP. | 2015-10-21 | 5.0 | CVE-2015-4842 CONFIRM |
oracle — e-business_suite | Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3, 12.2.3, and 12.2.4 allows remote attackers to affect confidentiality via vectors related to Java APIs – AOL/J. | 2015-10-21 | 4.3 | CVE-2015-4845 CONFIRM |
oracle — supply_chain_products_suite | Unspecified vulnerability in the Oracle Configurator component in Oracle Supply Chain Products Suite 12.0.6, 12.1.3, 12.2.3, and 12.2.4 allows remote attackers to affect integrity via vectors related to OCI. | 2015-10-21 | 4.3 | CVE-2015-4847 CONFIRM |
oracle — supply_chain_products_suite | Unspecified vulnerability in the Oracle Configurator component in Oracle Supply Chain Products Suite 12.0.6, 12.1.3, 12.2.3, and 12.2.4 allows remote attackers to affect confidentiality via unknown vectors related to Integration with Peoplesoft. | 2015-10-21 | 5.0 | CVE-2015-4848 CONFIRM |
oracle — e-business_suite | Unspecified vulnerability in the Oracle Payments component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3, 12.2.3, and 12.2.4 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Punch-in. | 2015-10-21 | 6.8 | CVE-2015-4849 CONFIRM |
oracle — peoplesoft_products | Unspecified vulnerability in the PeopleSoft Enterprise HCM component in Oracle PeopleSoft Products 9.2 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Talent Acquisition Management. | 2015-10-21 | 5.5 | CVE-2015-4850 CONFIRM |
oracle — e-business_suite | Unspecified vulnerability in the Oracle iSupplier Portal component in Oracle E-Business Suite 12.0.6, 12.1.3, 12.2.3, and 12.2.4 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to XML input. | 2015-10-21 | 6.8 | CVE-2015-4851 CONFIRM |
oracle — e-business_suite | Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 12.0.6, 12.1.3, 12.2.3, and 12.2.4 allows remote attackers to affect integrity via unknown vectors related to Single Signon. | 2015-10-21 | 4.3 | CVE-2015-4854 CONFIRM |
oracle — vm_virtualbox | Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.0.30, 4.1.38, 4.2.30, 4.3.26, and 5.0.0 allows local users to affect availability via unknown vectors related to Core. | 2015-10-21 | 4.9 | CVE-2015-4856 CONFIRM |
oracle — database_server | Unspecified vulnerability in the RDBMS component in Oracle Database Server 12.1.0.1 and 12.1.0.2 allows remote authenticated users to affect confidentiality and integrity via unknown vectors. | 2015-10-21 | 5.5 | CVE-2015-4857 CONFIRM |
oracle — mysql | Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via vectors related to DML, a different vulnerability than CVE-2015-4913. | 2015-10-21 | 4.0 | CVE-2015-4858 CONFIRM |
oracle — enterprise_manager_grid_control | Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control 12.1.0.4 and 12.1.0.5 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Agent Next Gen. | 2015-10-21 | 5.8 | CVE-2015-4859 CONFIRM |
oracle — mysql | Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to DML. | 2015-10-21 | 4.0 | CVE-2015-4862 CONFIRM |
oracle — mysql | Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB. | 2015-10-21 | 4.0 | CVE-2015-4866 CONFIRM |
oracle — fusion_middleware | Unspecified vulnerability in the Oracle WebCenter Content component in Oracle Fusion Middleware 10.1.3.5.1 allows remote attackers to affect integrity via unknown vectors related to Content Server, a different vulnerability than CVE-2015-4880. | 2015-10-21 | 4.3 | CVE-2015-4867 CONFIRM |
oracle — solaris | Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows local users to affect availability via unknown vectors related to Kernel. | 2015-10-21 | 4.9 | CVE-2015-4869 CONFIRM |
oracle — mysql | Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Parser. | 2015-10-21 | 4.0 | CVE-2015-4870 CONFIRM |
oracle — jdk | Unspecified vulnerability in Oracle Java SE 7u85 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Libraries. | 2015-10-21 | 5.8 | CVE-2015-4871 CONFIRM |
oracle — jdk | Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Java SE Embedded 8u51; and JRockit R28.3.7 allows remote attackers to affect integrity via unknown vectors related to Security. | 2015-10-21 | 5.0 | CVE-2015-4872 CONFIRM |
oracle — enterprise_manager_grid_control | Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control 12.1.0.4 and 12.1.0.5 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Agent Next Gen. | 2015-10-21 | 4.1 | CVE-2015-4874 CONFIRM |
oracle — enterprise_manager_grid_control | Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control 12.1.0.4 and 12.1.0.5 allows remote attackers to affect availability via unknown vectors related to Agent Next Gen. | 2015-10-21 | 5.0 | CVE-2015-4875 CONFIRM |
oracle — peoplesoft_products | Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53 and 8.54 allows remote authenticated users to affect integrity via unknown vectors related to Pivot Grid. | 2015-10-21 | 4.0 | CVE-2015-4876 CONFIRM |
oracle — mysql | Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier, and 5.6.25 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to DML. | 2015-10-21 | 4.6 | CVE-2015-4879 CONFIRM |
oracle — fusion_middleware | Unspecified vulnerability in the Oracle WebCenter Content component in Oracle Fusion Middleware 10.1.3.5.1 allows remote attackers to affect integrity via unknown vectors related to Content Server, a different vulnerability than CVE-2015-4867. | 2015-10-21 | 4.3 | CVE-2015-4880 CONFIRM |
oracle — jdk | Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect availability via vectors related to CORBA. | 2015-10-21 | 5.0 | CVE-2015-4882 CONFIRM |
oracle — e-business_suite | Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3, 12.2.3, and 12.2.4 allows remote attackers to affect confidentiality via unknown vectors related to Single Signon. | 2015-10-21 | 5.0 | CVE-2015-4884 CONFIRM |
oracle — e-business_suite | Unspecified vulnerability in the Oracle Report Manager component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3, 12.2.3, and 12.2.4 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Reports Security. | 2015-10-21 | 6.4 | CVE-2015-4886 CONFIRM |
oracle — peoplesoft_products | Unspecified vulnerability in the PeopleSoft Enterprise HCM component in Oracle PeopleSoft Products 9.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to ePerformance. | 2015-10-21 | 6.0 | CVE-2015-4887 CONFIRM |
oracle — database_server | Unspecified vulnerability in the Java VM component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2015-4796. | 2015-10-21 | 6.5 | CVE-2015-4888 CONFIRM |
oracle — solaris | Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect confidentiality, integrity, and availability via vectors related to NSCD. | 2015-10-21 | 4.6 | CVE-2015-4891 CONFIRM |
oracle — jdk | Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Java SE Embedded 8u51; and JRockit R28.3.7 allows remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2015-4803 and CVE-2015-4911. | 2015-10-21 | 5.0 | CVE-2015-4893 CONFIRM |
oracle — database_mobile/lite_server | Unspecified vulnerability in the Mobile Server component in Oracle Database Mobile/Lite Server 10.3.0.3, 11.3.0.2, and 12.1.0.0 allows remote authenticated users to affect integrity and availability via unknown vectors. | 2015-10-21 | 4.9 | CVE-2015-4894 CONFIRM |
oracle — vm_virtualbox | Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.0.34, 4.1.42, 4.2.34, 4.3.32, and 5.0.8 allows remote attackers to affect availability via unknown vectors related to Core. | 2015-10-21 | 5.0 | CVE-2015-4896 CONFIRM |
oracle — e-business_suite | Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3, 12.2.3, and 12.2.4 allows remote authenticated users to affect integrity via vectors related to Diagnostics and DMZ. | 2015-10-21 | 4.0 | CVE-2015-4898 CONFIRM |
oracle — fusion_middleware | Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 3.0.1 and 3.1.2 allows remote attackers to affect confidentiality via unknown vectors related to Security. | 2015-10-21 | 4.3 | CVE-2015-4899 CONFIRM |
oracle — database_server | Unspecified vulnerability in the XDB – XML Database component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors. | 2015-10-21 | 6.5 | CVE-2015-4900 CONFIRM |
oracle — jdk | Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60 allows remote attackers to affect integrity via unknown vectors related to Deployment. | 2015-10-21 | 5.0 | CVE-2015-4902 CONFIRM |
oracle — jdk | Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality via vectors related to RMI. | 2015-10-21 | 5.0 | CVE-2015-4903 CONFIRM |
oracle — mysql | Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows remote authenticated users to affect availability via unknown vectors related to libmysqld. | 2015-10-21 | 4.0 | CVE-2015-4904 CONFIRM |
oracle — mysql | Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via vectors related to Server : DML. | 2015-10-21 | 4.0 | CVE-2015-4905 CONFIRM |
oracle — javafx | Unspecified vulnerability in Oracle Java SE 8u60 and JavaFX 2.2.85 allows remote attackers to affect confidentiality via unknown vectors related to JavaFX, a different vulnerability than CVE-2015-4908 and CVE-2015-4916. | 2015-10-21 | 5.0 | CVE-2015-4906 CONFIRM |
oracle — solaris | Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Solaris Kernel Zones, a different vulnerability than CVE-2015-4820. | 2015-10-21 | 4.6 | CVE-2015-4907 CONFIRM |
oracle — javafx | Unspecified vulnerability in Oracle Java SE 8u60 and JavaFX 2.2.85 allows remote attackers to affect confidentiality via unknown vectors, a different vulnerability than CVE-2015-4906 and CVE-2015-4916. | 2015-10-21 | 5.0 | CVE-2015-4908 CONFIRM |
oracle — fusion_middleware | Unspecified vulnerability in the Oracle JDeveloper component in Oracle Fusion Middleware 11.1.2.4.0, 12.1.2.0.0, and 12.1.3.0.0 allows remote attackers to affect integrity via vectors related to ADF Faces. | 2015-10-21 | 5.0 | CVE-2015-4909 CONFIRM |
oracle — jdk | Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Java SE Embedded 8u51; and JRockit R28.3.7 allows remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2015-4803 and CVE-2015-4893. | 2015-10-21 | 5.0 | CVE-2015-4911 CONFIRM |
oracle — fusion_middleware | Unspecified vulnerability in the Oracle Access Manager component in Oracle Fusion Middleware 11.1.2.2 and 11.1.2.3 allows remote attackers to affect confidentiality via vectors related to SSO Engine. | 2015-10-21 | 4.3 | CVE-2015-4912 CONFIRM |
oracle — javafx | Unspecified vulnerability in Oracle Java SE 8u60 and JavaFX 2.2.85 allows remote attackers to affect confidentiality via unknown vectors, a different vulnerability than CVE-2015-4906 and CVE-2015-4908. | 2015-10-21 | 5.0 | CVE-2015-4916 CONFIRM |
owncloud — owncloud | The virtual filesystem in ownCloud Server before 6.0.9, 7.0.x before 7.0.7, and 8.0.x before 8.0.5 does not consider that NULL is a valid getPath return value, which allows remote authenticated users to bypass intended access restrictions and gain access to users files via a sharing link to a file with a deleted parent folder. | 2015-10-21 | 4.0 | CVE-2015-5954 CONFIRM DEBIAN |
redhat — enterprise_linux | The usbvision driver in the Linux kernel package 3.10.0-123.20.1.el7 through 3.10.0-229.14.1.el7 in Red Hat Enterprise Linux (RHEL) 7.1 allows physically proximate attackers to cause a denial of service (panic) via a nonzero bInterfaceNumber value in a USB device descriptor. | 2015-10-19 | 4.9 | CVE-2015-7833 MISC BUGTRAQ MISC |
Low Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
apple — iphone_os | Notification Center in Apple iOS before 9.1 mishandles changes to “Show on Lock Screen” settings, which allows physically proximate attackers to obtain sensitive information by looking for a (1) Phone or (2) Messages notification on the lock screen soon after a setting was disabled. | 2015-10-23 | 2.1 | CVE-2015-7000 CONFIRM APPLE |
cloudbees — jenkins | Directory traversal vulnerability in CloudBees Jenkins before 1.600 and LTS before 1.596.1 allows remote authenticated users with certain permissions to read arbitrary files via a symlink, related to building artifacts. | 2015-10-16 | 3.5 | CVE-2015-1807 CONFIRM CONFIRM REDHAT |
cloudbees — jenkins | CloudBees Jenkins before 1.600 and LTS before 1.596.1 allows remote authenticated users to cause a denial of service (improper plug-in and tool installation) via crafted update center data. | 2015-10-16 | 3.5 | CVE-2015-1808 CONFIRM CONFIRM REDHAT |
linux — linux_kernel | The vhost_dev_ioctl function in drivers/vhost/vhost.c in the Linux kernel before 4.1.5 allows local users to cause a denial of service (memory consumption) via a VHOST_SET_LOG_FD ioctl call that triggers permanent file-descriptor allocation. | 2015-10-19 | 2.1 | CVE-2015-6252 CONFIRM CONFIRM MLIST CONFIRM CONFIRM |
oracle — enterprise_manager_grid_control | Unspecified vulnerability in the Enterprise Manager Ops Center component in Oracle Enterprise Manager Grid Control 12.1.0.1 and 12.2.2 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Ops Center. | 2015-10-21 | 3.6 | CVE-2015-2633 CONFIRM |
oracle — mysql | Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows local users to affect availability via unknown vectors related to Server : Security : Firewall. | 2015-10-21 | 1.9 | CVE-2015-4766 CONFIRM |
oracle — mysql | Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Privileges. | 2015-10-21 | 3.5 | CVE-2015-4791 CONFIRM |
oracle — mysql | Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition, a different vulnerability than CVE-2015-4802. | 2015-10-21 | 1.7 | CVE-2015-4792 CONFIRM |
oracle — supply_chain_products_suite | Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.3 allows remote authenticated users to affect integrity via unknown vectors related to Security. | 2015-10-21 | 3.5 | CVE-2015-4797 CONFIRM |
oracle — solaris | Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect confidentiality via unknown vectors related to Solaris Kernel Zones. | 2015-10-21 | 2.1 | CVE-2015-4801 CONFIRM |
oracle — mysql | Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier, when running on Windows, allows remote authenticated users to affect availability via unknown vectors related to Server : Query Cache. | 2015-10-21 | 3.5 | CVE-2015-4807 CONFIRM |
oracle — fusion_middleware | Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows local users to affect availability via vectors related to Outside In PDF Export SDK, a different vulnerability than CVE-2015-4811. | 2015-10-21 | 1.5 | CVE-2015-4809 CONFIRM |
oracle — fusion_middleware | Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows local users to affect availability via vectors related to Outside In PDF Export SDKutside In PDF Export SDK, a different vulnerability than CVE-2015-4809. | 2015-10-21 | 1.5 | CVE-2015-4811 CONFIRM |
oracle — fusion_middleware | Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 11.1.1.9 allows remote attackers to affect confidentiality via vectors related to OSSL Module. | 2015-10-21 | 2.6 | CVE-2015-4812 CONFIRM |
oracle — vm_virtualbox | Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 4.0.34, 4.1.42, 4.2.34, 4.3.32, and 5.0.8, when using a Windows guest, allows local users to affect availability via unknown vectors related to Core. | 2015-10-21 | 2.1 | CVE-2015-4813 CONFIRM |
oracle — solaris | Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect availability via unknown vectors related to Solaris Kernel Zones, a different vulnerability than CVE-2015-4831. | 2015-10-21 | 1.2 | CVE-2015-4822 CONFIRM |
oracle — hyperion | Unspecified vulnerability in the Hyperion Installation Technology component in Oracle Hyperion 11.1.2.3 allows local users to affect confidentiality via unknown vectors related to Essbase Rapid Deploy. | 2015-10-21 | 1.2 | CVE-2015-4823 CONFIRM |
oracle — supply_chain_products_suite | Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 allows remote authenticated users to affect confidentiality via unknown vectors related to Security. | 2015-10-21 | 2.1 | CVE-2015-4824 CONFIRM |
oracle — peoplesoft_products | Unspecified vulnerability in the PeopleSoft Enterprise FIN Expenses component in Oracle PeopleSoft Products 9.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Expense Report General. | 2015-10-21 | 3.5 | CVE-2015-4825 CONFIRM |
oracle — solaris | Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Utility/Zones. | 2015-10-21 | 3.7 | CVE-2015-4834 CONFIRM |
oracle — mysql | Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : SP. | 2015-10-21 | 2.8 | CVE-2015-4836 CONFIRM |
oracle — e-business_suite | Unspecified vulnerability in the Oracle Applications Manager component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3, 12.2.3, and 12.2.4 allows remote authenticated users to affect confidentiality and integrity via vectors related to SQL Extensions. | 2015-10-21 | 3.6 | CVE-2015-4846 CONFIRM |
oracle — mysql | Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB. | 2015-10-21 | 3.5 | CVE-2015-4861 CONFIRM |
oracle — mysql | Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Privileges. | 2015-10-21 | 3.5 | CVE-2015-4864 CONFIRM |
oracle — e-business_suite | Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 12.1.3, 12.2.3, and 12.2.4 allows remote authenticated users to affect confidentiality via vectors related to Business Objects – BC4J. | 2015-10-21 | 2.1 | CVE-2015-4865 CONFIRM |
oracle — fusion_middleware | Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows local users to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2015-4878. | 2015-10-21 | 1.5 | CVE-2015-4877 CONFIRM |
oracle — fusion_middleware | Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows local users to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2015-4877. | 2015-10-21 | 1.5 | CVE-2015-4878 CONFIRM |
oracle — mysql | Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Replication. | 2015-10-21 | 3.5 | CVE-2015-4890 CONFIRM |
oracle — supply_chain_products_suite | Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 allows remote authenticated users to affect integrity via unknown vectors related to Security, a different vulnerability than CVE-2015-4917. | 2015-10-21 | 3.5 | CVE-2015-4892 CONFIRM |
oracle — mysql | Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB. | 2015-10-21 | 3.5 | CVE-2015-4895 CONFIRM |
oracle — mysql | Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Memcached. | 2015-10-21 | 2.1 | CVE-2015-4910 CONFIRM |
oracle — mysql | Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DML, a different vulnerability than CVE-2015-4858. | 2015-10-21 | 3.5 | CVE-2015-4913 CONFIRM |
oracle — fusion_middleware | Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 10.1.3.5, 11.1.1.7, 11.1.1.9, 12.1.2.0, and 12.1.3.0 allows remote authenticated users to affect confidentiality via unknown vectors related to Web Listener. | 2015-10-21 | 3.5 | CVE-2015-4914 CONFIRM |
oracle — supply_chain_products_suite | Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 allows remote authenticated users to affect integrity via unknown vectors related to Security, a different vulnerability than CVE-2015-4892. | 2015-10-21 | 3.5 | CVE-2015-4917 CONFIRM |
owncloud — owncloud | Cross-site scripting (XSS) vulnerability in the activity application in ownCloud Server before 7.0.5 and 8.0.x before 8.0.4 allows remote authenticated users to inject arbitrary web script or HTML via a ” (double quote) character in a filename in a shared folder. | 2015-10-21 | 3.5 | CVE-2015-5953 CONFIRM |
veeam — backup_and_replication | VeeamVixProxy in Veeam Backup & Replication (B&R) before 8.0 update 3 stores local administrator credentials in log files with world-readable permissions, which allows local users to obtain sensitive information by reading the files. | 2015-10-16 | 2.1 | CVE-2015-5742 CONFIRM MISC BUGTRAQ FULLDISC MISC |
This product is provided subject to this Notification and this Privacy & Use policy.