SB15-306: Vulnerability Summary for the Week of October 26, 2015

Original release date: November 02, 2015

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0

  • Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9

  • Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
adobe — shockwave_player Adobe Shockwave Player before 12.2.1.171 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. 2015-10-28 10.0 CVE-2015-7649
CONFIRM
apple — mac_os_x The kernel in Apple OS X before 10.11.1 allows local users to gain privileges by leveraging an unspecified “type confusion” during Mach task processing. 2015-10-23 7.2 CVE-2015-5932
CONFIRM
APPLE
apple — mac_os_x The Sandbox subsystem in Apple OS X before 10.11.1 allows local users to gain privileges via vectors involving NVRAM parameters. 2015-10-23 7.2 CVE-2015-5945
CONFIRM
APPLE
apple — iphone_os IOHIDFamily in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. 2015-10-23 9.3 CVE-2015-6974
CONFIRM
CONFIRM
CONFIRM
APPLE
APPLE
APPLE
apple — iphone_os Double free vulnerability in Apple iOS before 9.1 and OS X before 10.11.1 allows attackers to write to arbitrary files via a crafted app that accesses AtomicBufferedFile descriptors. 2015-10-23 8.8 CVE-2015-6983
CONFIRM
CONFIRM
APPLE
APPLE
apple — mac_os_x libarchive in Apple OS X before 10.11.1 allows attackers to write to arbitrary files via a crafted app that conducts an unspecified symlink attack. 2015-10-23 8.8 CVE-2015-6984
CONFIRM
APPLE
apple — iphone_os The kernel in Apple iOS before 9.1 and OS X before 10.11.1 does not initialize an unspecified data structure, which allows remote attackers to execute arbitrary code via vectors involving an unknown network-connectivity requirement. 2015-10-23 10.0 CVE-2015-6988
CONFIRM
CONFIRM
APPLE
APPLE
apple — iphone_os The kernel in Apple iOS before 9.1 and OS X before 10.11.1 mishandles reuse of virtual memory, which allows attackers to cause a denial of service via a crafted app. 2015-10-23 7.1 CVE-2015-6994
CONFIRM
CONFIRM
APPLE
APPLE
apple — mac_os_x Script Editor in Apple OS X before 10.11.1 allows remote attackers to bypass an intended user-confirmation requirement for AppleScript execution via unspecified vectors. 2015-10-23 7.5 CVE-2015-7007
CONFIRM
APPLE
apple — mac_os_x The MCX Application Restrictions component in Apple OS X before 10.11.1, when Managed Configuration is enabled, mishandles provisioning profiles, which allows attackers to bypass intended entitlement restrictions and gain privileges via a crafted developer-signed app. 2015-10-23 7.6 CVE-2015-7016
CONFIRM
APPLE
apple — mac_os_x The Graphics Drivers subsystem in Apple OS X before 10.11.1 allows local users to gain privileges or cause a denial of service (kernel memory corruption) via unspecified vectors. 2015-10-23 7.2 CVE-2015-7021
CONFIRM
APPLE
cisco — adaptive_security_appliance_software The DHCPv6 relay implementation in Cisco Adaptive Security Appliance (ASA) software 9.0 before 9.0(4.37), 9.1 before 9.1(6.6), 9.2 before 9.2(4), 9.3 before 9.3(3.5), and 9.4 before 9.4(2) allows remote attackers to cause a denial of service (device reload) via crafted DHCPv6 packets, aka Bug IDs CSCus56252 and CSCus57142. 2015-10-24 7.1 CVE-2015-6324
CISCO
cisco — adaptive_security_appliance_software Cisco Adaptive Security Appliance (ASA) software 7.2 and 8.2 before 8.2(5.58), 8.3 and 8.4 before 8.4(7.29), 8.5 through 8.7 before 8.7(1.17), 9.0 before 9.0(4.37), 9.1 before 9.1(6.4), 9.2 before 9.2(4), 9.3 before 9.3(3.1), and 9.4 before 9.4(1.1) allows remote attackers to cause a denial of service (device reload) via a crafted DNS response, aka Bug ID CSCut03495. 2015-10-24 7.1 CVE-2015-6325
CISCO
cisco — adaptive_security_appliance_software Cisco Adaptive Security Appliance (ASA) software 7.2 and 8.2 before 8.2(5.58), 8.3 and 8.4 before 8.4(7.29), 8.5 through 8.7 before 8.7(1.17), 9.0 before 9.0(4.37), 9.1 before 9.1(6.6), 9.2 before 9.2(4), 9.3 before 9.3(3.5), and 9.4 before 9.4(1.5) allows remote attackers to cause a denial of service (device reload) via a crafted DNS response, aka Bug ID CSCuu07799. 2015-10-24 7.8 CVE-2015-6326
CISCO
cisco — adaptive_security_appliance_software The IKEv1 implementation in Cisco Adaptive Security Appliance (ASA) software 7.2 and 8.2 before 8.2(5.58), 8.3 and 8.4 before 8.4(7.29), 8.5 through 8.7 before 8.7(1.17), 9.0 before 9.0(4.37), 9.1 before 9.1(6.8), 9.2 before 9.2(4), and 9.3 before 9.3(3) allows remote attackers to cause a denial of service (device reload) via crafted ISAKMP UDP packets, aka Bug ID CSCus94026. 2015-10-24 7.8 CVE-2015-6327
CISCO
cisco — firesight_system_software The policy implementation in Cisco FireSIGHT Management Center 5.3.1.7, 5.4.0.4, and 6.0.0 for VMware allows remote authenticated administrators to bypass intended policy restrictions and execute Linux commands as root via unspecified vectors, aka Bug ID CSCuw12839. 2015-10-24 9.0 CVE-2015-6335
CISCO
fedoraproject — 389_directory_server 389 Directory Server (formerly Fedora Directory Server) before 1.3.3.12 does not enforce the nsSSL3Ciphers preference when creating an sslSocket, which allows remote attackers to have unspecified impact by requesting to use a disabled cipher. 2015-10-29 7.5 CVE-2015-3230
CONFIRM
CONFIRM
CONFIRM
FEDORA
ibm — general_parallel_file_system IBM General Parallel File System (GPFS) 3.5.x before 3.5.0.27 and 4.1.x before 4.1.1.2 and Spectrum Scale 4.1.1.x before 4.1.1.2 allow local users to obtain root privileges for command execution via unspecified vectors. 2015-10-25 7.2 CVE-2015-4974
CONFIRM
ibm — domino Buffer overflow in IBM Domino 8.5.1 through 8.5.3 before 8.5.3 FP6 IF10 and 9.x before 9.0.1 FP4 IF3 allows remote attackers to execute arbitrary code or cause a denial of service (SMTP daemon crash) via a crafted GIF image, aka SPRs KLYH9ZDKRE and KLYH9ZTLEZ, a different vulnerability than CVE-2015-5040. 2015-10-29 7.5 CVE-2015-4994
CONFIRM
ibm — cognos_disclosure_management IBM Cognos Disclosure Management (CDM) 10.1.x and 10.2.x before 10.2.4 IF10 allows man-in-the-middle attackers to obtain access by spoofing an executable file during a client upload operation. 2015-10-25 9.3 CVE-2015-5014
CONFIRM
ibm — domino Buffer overflow in IBM Domino 8.5.1 through 8.5.3 before 8.5.3 FP6 IF10 and 9.x before 9.0.1 FP4 IF3 allows remote attackers to execute arbitrary code or cause a denial of service (SMTP daemon crash) via a crafted GIF image, aka SPRs KLYH9ZDKRE and KLYH9ZTLEZ, a different vulnerability than CVE-2015-4994. 2015-10-29 7.5 CVE-2015-5040
CONFIRM
ininet_solutions — scada_web_server Multiple stack-based buffer overflows in IniNet embeddedWebServer (aka eWebServer) before 2.02 allow remote attackers to execute arbitrary code via a long field in an HTTP request. 2015-10-24 10.0 CVE-2015-1001
MISC
janitza — umg_508 The FTP service on Janitza UMG 508, 509, 511, 604, and 605 devices has a default password, which makes it easier for remote attackers to read or write to files via a session on TCP port 21. 2015-10-28 7.5 CVE-2015-3968
MISC
janitza — umg_508 The debug interface on Janitza UMG 508, 509, 511, 604, and 605 devices does not require authentication, which allows remote attackers to read or write to files, or execute arbitrary JASIC code, via a session on TCP port 1239. 2015-10-28 7.5 CVE-2015-3971
MISC
janitza — umg_508 The web interface on Janitza UMG 508, 509, 511, 604, and 605 devices supports only short PIN values for authentication, which makes it easier for remote attackers to obtain access via a brute-force attack. 2015-10-28 10.0 CVE-2015-3972
MISC
joomla — joomla! SQL injection vulnerability in Joomla! 3.2 before 3.4.4 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2015-7858. 2015-10-29 7.5 CVE-2015-7297
MISC
SECTRACK
CONFIRM
joomla — joomla! SQL injection vulnerability in the getListQuery function in administrator/components/com_contenthistory/models/history.php in Joomla! 3.2 before 3.4.5 allows remote attackers to execute arbitrary SQL commands via the list[select] parameter to index.php. 2015-10-29 7.5 CVE-2015-7857
MISC
SECTRACK
CONFIRM
joomla — joomla! SQL injection vulnerability in Joomla! 3.2 before 3.4.4 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2015-7297. 2015-10-29 7.5 CVE-2015-7858
MISC
SECTRACK
CONFIRM
medicomp — medcin_engine The AddUserFinding implementation in Medicomp MEDCIN Engine 2.22.20153.x before 2.22.20153.226 might allow remote attackers to execute arbitrary code or cause a denial of service (integer truncation and heap-based buffer overflow) via a crafted packet on port 8190. 2015-10-29 7.5 CVE-2015-6006
CERT-VN
MISC
owncloud — owncloud Directory traversal vulnerability in ownCloud Server before 8.0.6 and 8.1.x before 8.1.1 allows remote authenticated users to list directory contents and possibly cause a denial of service (CPU consumption) via a .. (dot dot) in the dir parameter to index.php/apps/files/ajax/scan.php. 2015-10-26 7.5 CVE-2015-6500
MISC
CONFIRM
owncloud — owncloud The files_external app in ownCloud Server before 7.0.9, 8.0.x before 8.0.7, and 8.1.x before 8.1.2 allows remote authenticated users to instantiate arbitrary classes and possibly execute arbitrary code via a crafted mount point option, related to “objectstore.” 2015-10-26 9.0 CVE-2015-7699
CONFIRM
CONFIRM
DEBIAN
rockwellautomation — micrologix_1100_firmware Stack-based buffer overflow on Allen-Bradley MicroLogix 1100 devices before B FRN 15.000 and 1400 devices through B FRN 15.003 allows remote attackers to execute arbitrary code via unspecified vectors. 2015-10-28 10.0 CVE-2015-6490
MISC
rockwellautomation — micrologix_1100_firmware Allen-Bradley MicroLogix 1100 devices before B FRN 15.000 and 1400 devices before B FRN 15.003 allow remote attackers to cause a denial of service (memory corruption and device crash) via a crafted HTTP request. 2015-10-28 7.8 CVE-2015-6492
MISC
sap — hana The index server (hdbindexserver) in SAP HANA 1.00.095 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via an HTTP request, aka SAP Security Note 2197428. 2015-10-27 7.5 CVE-2015-7986
MISC
MISC
techno_project_japan — enisys_gw SQL injection vulnerability in Techno Project Japan Enisys Gw before 1.4.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. 2015-10-29 7.5 CVE-2015-5668
CONFIRM
JVNDB
JVN

Back to top

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
3s-smart_software_solutions — codesys_gateway_server 3S-Smart CODESYS Gateway Server before 2.3.9.48 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted (1) GET or (2) POST request. 2015-10-24 5.0 CVE-2015-6484
MISC
afnetworking_project — afnetworking The default AFSecurityPolicy.validatesDomainName configuration for AFSSLPinningModeNone in the AFNetworking framework before 2.5.3, as used in the ownCloud iOS Library, disables verification of a server hostname against the domain name in the subject’s Common Name (CN) of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. 2015-10-27 4.3 CVE-2015-3996
CONFIRM
CONFIRM
CONFIRM
BID
apache — httpclient http/conn/ssl/SSLConnectionSocketFactory.java in Apache HttpComponents HttpClient before 4.3.6 ignores the http.socket.timeout configuration setting during an SSL handshake, which allows remote attackers to cause a denial of service (HTTPS call hang) via unspecified vectors. 2015-10-27 4.3 CVE-2015-5262
CONFIRM
CONFIRM
UBUNTU
SECTRACK
CONFIRM
FEDORA
FEDORA
FEDORA
apple — iphone_os The OpenGL implementation in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site. 2015-10-23 6.8 CVE-2015-5924
CONFIRM
CONFIRM
APPLE
APPLE
apple — iphone_os The CoreGraphics component in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2015-5926. 2015-10-23 6.8 CVE-2015-5925
CONFIRM
CONFIRM
CONFIRM
APPLE
APPLE
APPLE
apple — iphone_os The CoreGraphics component in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2015-5925. 2015-10-23 6.8 CVE-2015-5926
CONFIRM
CONFIRM
CONFIRM
APPLE
APPLE
APPLE
apple — iphone_os FontParser in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-5942. 2015-10-23 6.8 CVE-2015-5927
CONFIRM
CONFIRM
CONFIRM
APPLE
APPLE
APPLE
apple — itunes WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-1, APPLE-SA-2015-10-21-3, and APPLE-SA-2015-10-21-5. 2015-10-23 6.8 CVE-2015-5928
CONFIRM
CONFIRM
CONFIRM
APPLE
APPLE
APPLE
apple — itunes WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-1, APPLE-SA-2015-10-21-3, and APPLE-SA-2015-10-21-5. 2015-10-23 6.8 CVE-2015-5929
APPLE
CONFIRM
CONFIRM
CONFIRM
APPLE
APPLE
apple — itunes WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-1, APPLE-SA-2015-10-21-3, and APPLE-SA-2015-10-21-5. 2015-10-23 6.8 CVE-2015-5930
APPLE
CONFIRM
CONFIRM
CONFIRM
APPLE
APPLE
apple — itunes WebKit, as used in Apple Safari before 9.0.1 and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-3 and APPLE-SA-2015-10-21-5. 2015-10-23 6.8 CVE-2015-5931
CONFIRM
CONFIRM
APPLE
APPLE
apple — mac_os_x Audio in Apple OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted audio file, a different vulnerability than CVE-2015-5934. 2015-10-23 6.8 CVE-2015-5933
CONFIRM
APPLE
apple — mac_os_x Audio in Apple OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted audio file, a different vulnerability than CVE-2015-5933. 2015-10-23 6.8 CVE-2015-5934
CONFIRM
APPLE
apple — iphone_os ImageIO in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted metadata in an image, a different vulnerability than CVE-2015-5936, CVE-2015-5937, and CVE-2015-5939. 2015-10-23 6.8 CVE-2015-5935
CONFIRM
CONFIRM
CONFIRM
APPLE
APPLE
APPLE
apple — iphone_os ImageIO in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted metadata in an image, a different vulnerability than CVE-2015-5935, CVE-2015-5937, and CVE-2015-5939. 2015-10-23 6.8 CVE-2015-5936
CONFIRM
CONFIRM
CONFIRM
APPLE
APPLE
APPLE
apple — iphone_os ImageIO in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted metadata in an image, a different vulnerability than CVE-2015-5935, CVE-2015-5936, and CVE-2015-5939. 2015-10-23 6.8 CVE-2015-5937
CONFIRM
CONFIRM
CONFIRM
APPLE
APPLE
APPLE
apple — mac_os_x ImageIO in Apple OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted metadata in an image. 2015-10-23 6.8 CVE-2015-5938
CONFIRM
APPLE
apple — iphone_os ImageIO in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted metadata in an image, a different vulnerability than CVE-2015-5935, CVE-2015-5936, and CVE-2015-5937. 2015-10-23 6.8 CVE-2015-5939
CONFIRM
CONFIRM
CONFIRM
APPLE
APPLE
APPLE
apple — iphone_os The Accelerate Framework component in Apple iOS before 9.1 and OS X before 10.11.1, when multi-threading is enabled, omits certain validation and locking steps, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site. 2015-10-23 6.8 CVE-2015-5940
CONFIRM
CONFIRM
APPLE
APPLE
apple — iphone_os FontParser in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-5927. 2015-10-23 6.8 CVE-2015-5942
CONFIRM
CONFIRM
CONFIRM
APPLE
APPLE
APPLE
apple — mac_os_x SecurityAgent in Apple OS X before 10.11.1 does not prevent synthetic clicks from reaching keychain windows, which allows attackers to bypass intended access restrictions via a crafted app. 2015-10-23 4.3 CVE-2015-5943
CONFIRM
APPLE
apple — mac_os_x CoreText in Apple OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file. 2015-10-23 6.8 CVE-2015-5944
CONFIRM
APPLE
apple — iphone_os FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6977, CVE-2015-6978, CVE-2015-6990, CVE-2015-6991, CVE-2015-6993, CVE-2015-7008, CVE-2015-7009, CVE-2015-7010, and CVE-2015-7018. 2015-10-23 6.8 CVE-2015-6976
CONFIRM
CONFIRM
APPLE
APPLE
apple — iphone_os FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6976, CVE-2015-6978, CVE-2015-6990, CVE-2015-6991, CVE-2015-6993, CVE-2015-7008, CVE-2015-7009, CVE-2015-7010, and CVE-2015-7018. 2015-10-23 6.8 CVE-2015-6977
CONFIRM
CONFIRM
APPLE
APPLE
apple — iphone_os FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6976, CVE-2015-6977, CVE-2015-6990, CVE-2015-6991, CVE-2015-6993, CVE-2015-7008, CVE-2015-7009, CVE-2015-7010, and CVE-2015-7018. 2015-10-23 6.8 CVE-2015-6978
CONFIRM
CONFIRM
APPLE
APPLE
apple — mac_os_x Apple Type Services (ATS) in Apple OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web page. 2015-10-23 6.8 CVE-2015-6985
CONFIRM
APPLE
apple — iphone_os Grand Central Dispatch in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted package that is mishandled during dispatch calls. 2015-10-23 6.8 CVE-2015-6989
CONFIRM
CONFIRM
CONFIRM
APPLE
APPLE
APPLE
apple — iphone_os FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6976, CVE-2015-6977, CVE-2015-6978, CVE-2015-6991, CVE-2015-6993, CVE-2015-7008, CVE-2015-7009, CVE-2015-7010, and CVE-2015-7018. 2015-10-23 6.8 CVE-2015-6990
CONFIRM
CONFIRM
APPLE
APPLE
apple — iphone_os FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6976, CVE-2015-6977, CVE-2015-6978, CVE-2015-6990, CVE-2015-6993, CVE-2015-7008, CVE-2015-7009, CVE-2015-7010, and CVE-2015-7018. 2015-10-23 6.8 CVE-2015-6991
CONFIRM
CONFIRM
APPLE
APPLE
apple — iphone_os FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6976, CVE-2015-6977, CVE-2015-6978, CVE-2015-6990, CVE-2015-6991, CVE-2015-7008, CVE-2015-7009, CVE-2015-7010, and CVE-2015-7018. 2015-10-23 6.8 CVE-2015-6993
CONFIRM
CONFIRM
APPLE
APPLE
apple — iphone_os The Disk Images component in Apple iOS before 9.1 and OS X before 10.11.1 misparses images, which allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted app. 2015-10-23 6.8 CVE-2015-6995
CONFIRM
CONFIRM
APPLE
APPLE
apple — iphone_os IOAcceleratorFamily in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted app. 2015-10-23 6.8 CVE-2015-6996
CONFIRM
CONFIRM
CONFIRM
APPLE
APPLE
APPLE
apple — itunes WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-1, APPLE-SA-2015-10-21-3, and APPLE-SA-2015-10-21-5. 2015-10-23 6.8 CVE-2015-7002
CONFIRM
CONFIRM
CONFIRM
APPLE
APPLE
APPLE
apple — mac_os_x coreaudiod in Audio in Apple OS X before 10.11.1 does not initialize an unspecified data structure, which allows attackers to execute arbitrary code via a crafted app. 2015-10-23 6.8 CVE-2015-7003
CONFIRM
APPLE
apple — iphone_os Directory traversal vulnerability in the BOM (aka Bill of Materials) component in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows remote attackers to execute arbitrary code via a crafted CPIO archive. 2015-10-23 6.8 CVE-2015-7006
CONFIRM
CONFIRM
CONFIRM
APPLE
APPLE
APPLE
apple — iphone_os FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6976, CVE-2015-6977, CVE-2015-6978, CVE-2015-6990, CVE-2015-6991, CVE-2015-6993, CVE-2015-7009, CVE-2015-7010, and CVE-2015-7018. 2015-10-23 6.8 CVE-2015-7008
CONFIRM
CONFIRM
APPLE
APPLE
apple — iphone_os FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6976, CVE-2015-6977, CVE-2015-6978, CVE-2015-6990, CVE-2015-6991, CVE-2015-6993, CVE-2015-7008, CVE-2015-7010, and CVE-2015-7018. 2015-10-23 6.8 CVE-2015-7009
CONFIRM
CONFIRM
APPLE
APPLE
apple — iphone_os FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6976, CVE-2015-6977, CVE-2015-6978, CVE-2015-6990, CVE-2015-6991, CVE-2015-6993, CVE-2015-7008, CVE-2015-7009, and CVE-2015-7018. 2015-10-23 6.8 CVE-2015-7010
CONFIRM
CONFIRM
APPLE
APPLE
apple — itunes WebKit, as used in Apple Safari before 9.0.1 and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-3 and APPLE-SA-2015-10-21-5. 2015-10-23 6.8 CVE-2015-7011
CONFIRM
CONFIRM
APPLE
APPLE
apple — itunes WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-1, APPLE-SA-2015-10-21-3, and APPLE-SA-2015-10-21-5. 2015-10-23 6.8 CVE-2015-7012
APPLE
CONFIRM
CONFIRM
CONFIRM
APPLE
APPLE
apple — itunes WebKit, as used in Apple Safari before 9.0.1 and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-3 and APPLE-SA-2015-10-21-5. 2015-10-23 6.8 CVE-2015-7013
CONFIRM
CONFIRM
APPLE
APPLE
apple — itunes WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-1, APPLE-SA-2015-10-21-3, and APPLE-SA-2015-10-21-5. 2015-10-23 6.8 CVE-2015-7014
APPLE
CONFIRM
CONFIRM
CONFIRM
APPLE
APPLE
apple — iphone_os Heap-based buffer overflow in the DNS client library in configd in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows attackers to execute arbitrary code via a crafted app that sends a spoofed configd response to a client. 2015-10-23 6.8 CVE-2015-7015
CONFIRM
CONFIRM
CONFIRM
APPLE
APPLE
APPLE
apple — iphone_os FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6976, CVE-2015-6977, CVE-2015-6978, CVE-2015-6990, CVE-2015-6991, CVE-2015-6993, CVE-2015-7008, CVE-2015-7009, and CVE-2015-7010. 2015-10-23 6.8 CVE-2015-7018
CONFIRM
CONFIRM
APPLE
APPLE
apple — mac_os_x The NVIDIA driver in the Graphics Drivers subsystem in Apple OS X before 10.11.1 allows local users to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read and system crash) via unspecified vectors, a different vulnerability than CVE-2015-7020. 2015-10-23 5.6 CVE-2015-7019
CONFIRM
APPLE
apple — mac_os_x The NVIDIA driver in the Graphics Drivers subsystem in Apple OS X before 10.11.1 allows local users to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read and system crash) via unspecified vectors, a different vulnerability than CVE-2015-7019. 2015-10-23 5.6 CVE-2015-7020
CONFIRM
APPLE
apple — iphone_os CFNetwork in Apple iOS before 9.1 and OS X before 10.11.1 does not properly consider the uppercase-versus-lowercase distinction during cookie parsing, which allows remote web servers to overwrite cookies via unspecified vectors. 2015-10-23 5.8 CVE-2015-7023
CONFIRM
CONFIRM
APPLE
APPLE
cisco — asr_5000_software The Proxy Mobile IPv6 (PMIPv6) component in the CDMA implementation on Cisco ASR 5000 devices with software 19.0.M0.60737 allows remote attackers to cause a denial of service (hamgr process restart) via a crafted header in a PMIPv6 packet, aka Bug ID CSCuv63280. 2015-10-26 5.0 CVE-2015-6340
CISCO
cisco — wireless_lan_controller_software The Web Management GUI on Cisco Wireless LAN Controller (WLC) devices with software 7.4(140.0) and 8.0(120.0) allows remote attackers to cause a denial of service (client disconnection) via unspecified vectors, aka Bug ID CSCuw10610. 2015-10-24 5.0 CVE-2015-6341
CISCO
cisco — asa_cx_context-aware_security_software The web-based GUI in Cisco Adaptive Security Appliance (ASA) CX Context-Aware Security 9.3(4.1.11) allows remote authenticated users to bypass intended access restrictions and obtain sensitive user information via an unspecified HTTP request, aka Bug ID CSCuv74105. 2015-10-30 4.0 CVE-2015-6344
CISCO
cisco — secure_access_control_server SQL injection vulnerability in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCuw24700. 2015-10-30 6.5 CVE-2015-6345
CISCO
cisco — secure_access_control_server Cross-site scripting (XSS) vulnerability in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote attackers to inject arbitrary web script or HTML via a crafted URL. 2015-10-30 4.3 CVE-2015-6346
CISCO
cisco — secure_access_control_server The Solution Engine in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote authenticated users to bypass intended RBAC restrictions, and create a dashboard or portlet, by visiting an unspecified web page. 2015-10-30 4.0 CVE-2015-6347
CISCO
cisco — secure_access_control_server The report-generation web interface in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote authenticated users to bypass intended RBAC restrictions, and read report or status information, by visiting an unspecified web page. 2015-10-30 4.0 CVE-2015-6348
CISCO
cisco — secure_access_control_server Cross-site scripting (XSS) vulnerability in the web interface in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote attackers to inject arbitrary web script or HTML via a crafted URL. 2015-10-30 4.3 CVE-2015-6349
CISCO
cisco — prime_service_catalog SQL injection vulnerability in the web framework in Cisco Prime Service Catalog 11.0 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuw50843. 2015-10-30 6.5 CVE-2015-6350
CISCO
cisco — asr_5000_software Cisco ASR 5500 System Architecture Evolution (SAE) Gateway devices with software 19.1.0.61559 and 19.2.0 allow remote attackers to cause a denial of service (BGP process restart) via a crafted header in a BGP packet, aka Bug ID CSCuw65781. 2015-10-30 5.0 CVE-2015-6351
CISCO
cisco — hosted_collaboration_solution Cisco Unified Communications Domain Manager before 10.6(1) provides different error messages for pathname access attempts depending on whether the pathname exists, which allows remote attackers to map a filesystem via a series of requests, aka Bug ID CSCut67891. 2015-10-30 4.3 CVE-2015-6352
CISCO
digia — qt ownCloud Desktop Client before 2.0.1, when compiled with a Qt release after 5.3.x, does not call QNetworkReply::ignoreSslErrors with the list of errors to be ignored, which makes it easier for remote attackers to conduct man-in-the-middle (MITM) attacks by leveraging a server using a self-signed certificate. NOTE: this vulnerability exists because of a partial CVE-2015-4456 regression. 2015-10-26 5.1 CVE-2015-7298
CONFIRM
epson — network_utility EPSON Network Utility 4.10 uses weak permissions (Everyone: Full Control) for eEBSVC.exe, which allows local users to gain privileges via a Trojan horse file. 2015-10-28 6.9 CVE-2015-6034
CERT-VN
CONFIRM
fedoraproject — sssd Memory leak in the Privilege Attribute Certificate (PAC) responder plugin (sssd_pac_plugin.so) in System Security Services Daemon (SSSD) 1.10 before 1.13.1 allows remote authenticated users to cause a denial of service (memory consumption) via a large number of logins that trigger parsing of PAC blobs during Kerberos authentication. 2015-10-29 6.8 CVE-2015-5292
CONFIRM
CONFIRM
CONFIRM
MLIST
FEDORA
gnome — gdk-pixbuf io-tga.c in gdk-pixbuf before 2.32.0 uses heap memory after its allocation failed, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) and possibly execute arbitrary code via a crafted Truevision TGA (TARGA) file. 2015-10-26 6.8 CVE-2015-7673
UBUNTU
CONFIRM
CONFIRM
CONFIRM
MLIST
MLIST
CONFIRM
gnome — gdk-pixbuf Integer overflow in the pixops_scale_nearest function in pixops/pixops.c in gdk-pixbuf before 2.32.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted GIF image file, which triggers a heap-based buffer overflow. 2015-10-26 6.8 CVE-2015-7674
UBUNTU
CONFIRM
MLIST
MLIST
MLIST
MLIST
CONFIRM
ibm — websphere_portal IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 through 8.0.0.1 CF18, and 8.5.0 before CF08 improperly restricts resource access, which allows remote attackers to obtain sensitive information via unspecified vectors, as demonstrated by configuration information. 2015-10-28 5.0 CVE-2014-8912
CONFIRM
AIXAPAR
ibm — websphere_portal IBM WebSphere Portal 8.5.0 before CF08 allows remote attackers to bypass intended access restrictions via a crafted request. 2015-10-29 6.8 CVE-2015-4997
CONFIRM
AIXAPAR
infinite_automation_systems — mango_automation Cross-site request forgery (CSRF) vulnerability in Infinite Automation Mango Automation 2.5.x and 2.6.x through 2.6.0 build 430 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors. 2015-10-28 6.8 CVE-2015-6493
MISC
infinite_automation_systems — mango_automation Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 build 430 allows remote attackers to obtain sensitive debugging information by entering a crafted URL to trigger an exception, and then visiting a certain status page. 2015-10-28 4.3 CVE-2015-7900
MISC
infinite_automation_systems — mango_automation Infinite Automation Mango Automation 2.5.x and 2.6.x through 2.6.0 build 430 allows remote authenticated users to execute arbitrary OS commands via unspecified vectors. 2015-10-28 6.5 CVE-2015-7901
MISC
infinite_automation_systems — mango_automation Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 build 430 provides different error messages for failed login attempts in unspecified circumstances, which allows remote attackers to obtain sensitive information via a series of requests. 2015-10-28 5.0 CVE-2015-7902
MISC
infinite_automation_systems — mango_automation SQL injection vulnerability in Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 build 430 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. 2015-10-28 6.5 CVE-2015-7903
MISC
infinite_automation_systems — mango_automation Unrestricted file upload vulnerability in Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 build 430 allows remote authenticated users to execute arbitrary JSP code via vectors involving an upload of an image file. 2015-10-28 6.5 CVE-2015-7904
MISC
ininet_solutions — scada_web_server IniNet embeddedWebServer (aka eWebServer) before 2.02 mishandles URL encoding, which allows remote attackers to write to or delete files via a crafted string. 2015-10-24 6.4 CVE-2015-1002
MISC
ininet_solutions — scada_web_server Directory traversal vulnerability in IniNet embeddedWebServer (aka eWebServer) before 2.02 allows remote attackers to read arbitrary files via a crafted pathname. 2015-10-24 5.0 CVE-2015-1003
MISC
janitza — umg_508 Cross-site request forgery (CSRF) vulnerability on Janitza UMG 508, 509, 511, 604, and 605 devices allows remote attackers to hijack the authentication of arbitrary users. 2015-10-28 6.8 CVE-2015-3967
MISC
janitza — umg_508 Janitza UMG 508, 509, 511, 604, and 605 devices allow remote attackers to obtain sensitive network-connection information via a request to UDP port (1) 1234 or (2) 1235. 2015-10-28 5.0 CVE-2015-3969
MISC
janitza — umg_508 Multiple cross-site scripting (XSS) vulnerabilities in the web interface on Janitza UMG 508, 509, 511, 604, and 605 devices allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2015-10-28 4.3 CVE-2015-3970
MISC
janitza — umg_508 Janitza UMG 508, 509, 511, 604, and 605 devices improperly generate session tokens, which makes it easier for remote attackers to determine a PIN value via unspecified computations on session-token values. 2015-10-28 5.0 CVE-2015-3973
MISC
joomla — joomla! The com_contenthistory component in Joomla! 3.2 before 3.4.5 does not properly check ACLs, which allows remote attackers to obtain sensitive information via unspecified vectors. 2015-10-29 5.0 CVE-2015-7859
SECTRACK
CONFIRM
joomla — joomla! The com_content component in Joomla! 3.x before 3.4.5 does not properly check ACLs, which allows remote attackers to obtain sensitive information via unspecified vectors. 2015-10-29 5.0 CVE-2015-7899
SECTRACK
CONFIRM
kallithea — kallithea CRLF injection vulnerability in Kallithea before 0.3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the came_from parameter to _admin/login. 2015-10-29 5.0 CVE-2015-5285
CONFIRM
EXPLOIT-DB
MISC
MISC
librsync_project — librsync librsync before 1.0.0 uses a truncated MD4 checksum to match blocks, which makes it easier for remote attackers to modify transmitted data via a birthday attack. 2015-10-26 5.8 CVE-2014-8242
CONFIRM
CONFIRM
MISC
CONFIRM
MLIST
MLIST
MLIST
SUSE
FEDORA
FEDORA
FEDORA
lockon — ec-cube Cross-site request forgery (CSRF) vulnerability in LOCKON EC-CUBE 2.11.0 through 2.13.3 allows remote attackers to hijack the authentication of arbitrary users for requests that write to PHP scripts, related to the doValidToken function. 2015-10-26 5.1 CVE-2015-5665
CONFIRM
CONFIRM
JVNDB
JVN
medicomp — medcin_engine Multiple stack-based buffer overflows in Medicomp MEDCIN Engine before 2.22.20153.226 might allow remote attackers to execute arbitrary code via a crafted packet on port 8190, related to (1) the SetGroupSequenceEx na_setgroupsequenceex function, (2) the FormatDate julptostr function, and (3) the UserFindingCodes addtocl function. 2015-10-29 6.8 CVE-2015-2898
CERT-VN
MISC
medicomp — medcin_engine Heap-based buffer overflow in the QualifierList retrieve_qualifier_list function in Medicomp MEDCIN Engine before 2.22.20153.226 might allow remote attackers to execute arbitrary code via a long list name in a packet on port 8190. 2015-10-29 6.8 CVE-2015-2899
CERT-VN
MISC
medicomp — medcin_engine The AddUserFinding add_userfinding2 function in Medicomp MEDCIN Engine before 2.22.20153.226 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted packet on port 8190. 2015-10-29 6.8 CVE-2015-2900
CERT-VN
MISC
medicomp — medcin_engine Multiple stack-based buffer overflows in Medicomp MEDCIN Engine 2.22.20142.166 might allow remote attackers to execute arbitrary code via a crafted packet on port 8190, related to (1) the GetProperty info_getproperty function and (2) the GetProperty UdfCodeList function. 2015-10-29 6.8 CVE-2015-2901
CERT-VN
MISC
openstack — compute OpenStack Compute (nova) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) does not properly delete instances from compute nodes, which allows remote authenticated users to cause a denial of service (disk consumption) by deleting instances while in the resize state. 2015-10-26 6.8 CVE-2015-3280
CONFIRM
CONFIRM
REDHAT
openstack — swift OpenStack Object Storage (Swift) before 2.4.0 allows attackers to obtain sensitive information via a PUT tempurl and a DLO object manifest that references an object in another container. 2015-10-26 5.0 CVE-2015-5223
CONFIRM
CONFIRM
CONFIRM
MLIST
REDHAT
openstack — image_registry_and_delivery_service_(glance) OpenStack Image Service (Glance) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) allow remote authenticated users to change the status of their images and bypass access restrictions via the HTTP x-image-meta-status header to images/*. 2015-10-26 5.5 CVE-2015-5251
CONFIRM
CONFIRM
REDHAT
openstack — image_registry_and_delivery_service_(glance) OpenStack Image Service (Glance) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) allows remote authenticated users to bypass the storage quota and cause a denial of service (disk consumption) by deleting images that are being uploaded using a token that expires during the process. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-9623. 2015-10-26 6.8 CVE-2015-5286
CONFIRM
CONFIRM
REDHAT
openstack — compute OpenStack Compute (Nova) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) do not properly apply security group changes, which allows remote attackers to bypass intended restriction by leveraging an instance that was running when the change was made. 2015-10-29 5.0 CVE-2015-7713
CONFIRM
CONFIRM
CONFIRM
owncloud — owncloud ownCloud iOS app before 3.4.4 does not properly switch state between multiple instances, which might allow remote instance administrators to obtain sensitive credential and cookie information by reading authentication headers. 2015-10-29 5.0 CVE-2015-5955
CONFIRM
owncloud — owncloud ownCloud Server before 7.0.8, 8.0.x before 8.0.6, and 8.1.x before 8.1.1 does not properly check ownership of calendars, which allows remote authenticated users to read arbitrary calendars via the calid parameter to apps/calendar/export.php. 2015-10-26 4.0 CVE-2015-6670
CONFIRM
phpmyadmin — phpmyadmin The redirection feature in url.php in phpMyAdmin 4.4.x before 4.4.15.1 and 4.5.x before 4.5.1 allows remote attackers to spoof content via the url parameter. 2015-10-28 5.0 CVE-2015-7873
CONFIRM
CONFIRM
polkit_project — polkit The polkit_backend_action_pool_init function in polkitbackend/polkitbackendactionpool.c in PolicyKit (aka polkit) before 0.113 might allow local users to gain privileges via duplicate action IDs in action descriptions. 2015-10-26 4.6 CVE-2015-3255
CONFIRM
CONFIRM
SUSE
MLIST
polkit_project — polkit PolicyKit (aka polkit) before 0.113 allows local users to cause a denial of service (memory corruption and polkitd daemon crash) and possibly gain privileges via unspecified vectors, related to “javascript rule evaluation.” 2015-10-26 4.6 CVE-2015-3256
CONFIRM
SUSE
MLIST
polkit_project — polkit Integer overflow in the authentication_agent_new_cookie function in PolicyKit (aka polkit) before 0.113 allows local users to gain privileges by creating a large number of connections, which triggers the issuance of a duplicate cookie value. 2015-10-26 4.6 CVE-2015-4625
BID
MLIST
MLIST
MLIST
SUSE
MLIST
MLIST
MLIST
FEDORA
FEDORA
postgresql — postgresql The crypt function in contrib/pgcrypto in PostgreSQL before 9.0.23, 9.1.x before 9.1.19, 9.2.x before 9.2.14, 9.3.x before 9.3.10, and 9.4.x before 9.4.5 allows attackers to cause a denial of service (server crash) or read arbitrary server memory via a “too-short” salt. 2015-10-26 6.4 CVE-2015-5288
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
FEDORA
postgresql — postgresql Multiple stack-based buffer overflows in json parsing in PostgreSQL before 9.3.x before 9.3.10 and 9.4.x before 9.4.5 allow attackers to cause a denial of service (server crash) via unspecified vectors, which are not properly handled in (1) json or (2) jsonb values. 2015-10-26 6.4 CVE-2015-5289
SECTRACK
CONFIRM
CONFIRM
CONFIRM
FEDORA
CONFIRM
redhat — jboss_enterprise_application_platform The Management Console in Red Hat Enterprise Application Platform before 6.4.4 and WildFly (formerly JBoss Application Server) does not send an X-Frame-Options HTTP header, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web page that contains a (1) FRAME or (2) IFRAME element. 2015-10-27 4.3 CVE-2015-5178
CONFIRM
SECTRACK
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
redhat — jboss_enterprise_application_platform Cross-site request forgery (CSRF) vulnerability in the Web Console (web-console) in Red Hat Enterprise Application Platform before 6.4.4 and WildFly (formerly JBoss Application Server) before 2.0.0.CR9 allows remote attackers to hijack the authentication of administrators for requests that make arbitrary changes to an instance via vectors involving a file upload using a multipart/form-data submission. 2015-10-27 6.8 CVE-2015-5188
CONFIRM
CONFIRM
SECTRACK
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
redhat — jboss_enterprise_application_platform The Web Console in Red Hat Enterprise Application Platform (EAP) before 6.4.4 and WildFly (formerly JBoss Application Server) allows remote attackers to cause a denial of service (memory consumption) via a large request header. 2015-10-27 5.0 CVE-2015-5220
CONFIRM
SECTRACK
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
rockwellautomation — micrologix_1100_firmware SQL injection vulnerability on Allen-Bradley MicroLogix 1100 devices before B FRN 15.000 and 1400 devices before B FRN 15.003 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. 2015-10-28 6.5 CVE-2015-6486
MISC
rockwellautomation — micrologix_1100_firmware Cross-site scripting (XSS) vulnerability in the web server on Allen-Bradley MicroLogix 1100 devices before B FRN 15.000 and 1400 devices before B FRN 15.003 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2015-10-28 4.3 CVE-2015-6488
MISC
rockwellautomation — micrologix_1100_firmware Allen-Bradley MicroLogix 1100 devices before B FRN 15.000 and 1400 devices before B FRN 15.003 allow remote authenticated users to insert the content of an arbitrary file into a FRAME element via unspecified vectors. 2015-10-28 4.0 CVE-2015-6491
MISC
techno_project_japan — enisys_gw Techno Project Japan Enisys Gw before 1.4.1 allows remote authenticated users to write to arbitrary files and consequently execute arbitrary code via unspecified vectors. 2015-10-29 6.5 CVE-2015-5669
CONFIRM
JVNDB
JVN
techno_project_japan — enisys_gw Cross-site scripting (XSS) vulnerability in Techno Project Japan Enisys Gw before 1.4.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2015-10-29 4.3 CVE-2015-5670
CONFIRM
JVNDB
JVN
techno_project_japan — enisys_gw Techno Project Japan Enisys Gw before 1.4.1 allows remote attackers to bypass intended access restrictions and read arbitrary uploaded files via unspecified vectors. 2015-10-29 5.0 CVE-2015-5671
CONFIRM
JVNDB
JVN
tibco — spotfire_analytics_platform_for_aws Spotfire Parsing Library and Spotfire Security Filter in TIBCO Spotfire Server 5.5.x before 5.5.4, 6.0.x before 6.0.5, 6.5.x before 6.5.4, and 7.0.x before 7.0.1 and Spotfire Analytics Platform before 7.0.2 for AWS Marketplace allow remote authenticated users to obtain sensitive system information by visiting an unspecified URL. 2015-10-28 4.0 CVE-2015-5712
CONFIRM
CONFIRM
tibco — spotfire_analytics_platform_for_aws Spotfire Parsing Library and Spotfire Security Filter in TIBCO Spotfire Server 5.5.x before 5.5.4, 6.0.x before 6.0.5, 6.5.x before 6.5.4, and 7.0.x before 7.0.1 and Spotfire Analytics Platform before 7.0.2 for AWS Marketplace allow remote attackers to obtain sensitive log information by visiting an unspecified URL. 2015-10-28 5.0 CVE-2015-5713
CONFIRM
CONFIRM

Back to top

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
apple — mac_os_x The File Bookmark component in Apple OS X before 10.11.1 allows local users to cause a denial of service (application crash) via crafted bookmark metadata in a folder. 2015-10-23 2.1 CVE-2015-6987
CONFIRM
APPLE
colorbox_project — colorbox The Colorbox module 7.x-2.x before 7.x-2.10 for Drupal allows remote authenticated users with certain permissions to bypass intended access restrictions and “add unexpected content to a Colorbox” via unspecified vectors, possibly related to a link in a comment. 2015-10-26 3.5 CVE-2015-7881
MISC
CONFIRM
ibm — general_parallel_file_system IBM General Parallel File System (GPFS) 3.5.x before 3.5.0.27 and 4.1.x before 4.1.1.2 and Spectrum Scale 4.1.1.x before 4.1.1.2 allow local users to obtain sensitive information from system memory via unspecified vectors. 2015-10-25 2.1 CVE-2015-4981
CONFIRM
ibm — integration_bus IBM WebSphere Message Broker 8 before 8.0.0.6 and Integration Bus 9 before 9.0.0.4 do not check authorization for MQSISTARTMSGFLOW and MQSISTOPMSGFLOW commands, which allows local users to bypass intended access restrictions, and start or stop a service, by issuing a command. 2015-10-25 3.2 CVE-2015-5011
AIXAPAR
CONFIRM
infinite_automation_systems — mango_automation Cross-site scripting (XSS) vulnerability in Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 build 430 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. 2015-10-28 3.5 CVE-2015-6494
MISC
ininet_solutions — scada_web_server IniNet embeddedWebServer (aka eWebServer) before 2.02 for Windows CE uses cleartext for password storage, which allows context-dependent attackers to obtain sensitive information via unspecified vectors. 2015-10-24 2.1 CVE-2015-1005
MISC
numara — asset_manager HP Asset Manager 9.40 and 9.41 before 9.41.11103 P4-rev1 and 9.50 before 9.50.11925 P3 allows local users to obtain sensitive information via unspecified vectors. 2015-10-25 2.1 CVE-2015-5448
HP
openstack — neutron Race condition in OpenStack Neutron before 2014.2.4 and 2015.1 before 2015.1.2, when using the ML2 plugin or the security groups AMQP API, allows authenticated users to bypass IP anti-spoofing controls by changing the device owner of a port to start with network: before the security group rules are applied. 2015-10-27 3.5 CVE-2015-5240
CONFIRM
CONFIRM
CONFIRM
MLIST
REDHAT
owncloud — owncloud_desktop_client ownCloud Desktop Client before 1.8.2 does not call QNetworkReply::ignoreSslErrors with the list of errors to be ignored, allows man-in-the-middle attackers to bypass the user’s certificate distrust decision and obtain sensitive information by leveraging a self-signed certificate and a connection to a server using its own self-signed certificate. 2015-10-26 2.6 CVE-2015-4456
CONFIRM
CONFIRM
polkit_project — polkit The authentication_agent_new function in polkitbackend/polkitbackendinteractiveauthority.c in PolicyKit (aka polkit) before 0.113 allows local users to cause a denial of service (NULL pointer dereference and polkitd daemon crash) by calling RegisterAuthenticationAgent with an invalid object path. 2015-10-26 2.1 CVE-2015-3218
BID
SUSE
MLIST
MLIST
MLIST
FEDORA
FEDORA
siemens — ruggedcom_rugged_operating_system Siemens RUGGEDCOM ROS before 4.2.1 allows remote attackers to obtain sensitive information by sniffing the network for VLAN data within the padding section of an Ethernet frame. 2015-10-28 3.3 CVE-2015-7836
MISC
CONFIRM

Back to top


This product is provided subject to this Notification and this Privacy & Use policy.

Leave a Reply