Original release date: November 09, 2015
The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.
The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
-
High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0
-
Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9
-
Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9
Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.
High Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
adobe — acrobat | Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (out-of-bounds read and memory corruption) via a crafted CMAP table in a PDF document, a different vulnerability than CVE-2015-6685, CVE-2015-6686, CVE-2015-6693, CVE-2015-6694, CVE-2015-6695, and CVE-2015-7622. | 2015-11-03 | 9.3 | CVE-2015-7650 CONFIRM MISC |
cisco — email_security_appliance | Cisco AsyncOS before 8.5.7-043, 9.x before 9.1.1-023, and 9.5.x and 9.6.x before 9.6.0-046 on Email Security Appliance (ESA) devices mishandles malformed fields during body-contains, attachment-contains, every-attachment-contains, attachment-binary-contains, dictionary-match, and attachment-dictionary-match filtering, which allows remote attackers to cause a denial of service (memory consumption) via a crafted attachment in an e-mail message, aka Bug ID CSCuv47151. | 2015-11-05 | 7.8 | CVE-2015-6291 CISCO |
cisco — web_security_appliance | The proxy-cache implementation in Cisco AsyncOS 8.0.x before 8.0.7-151, 8.1.x and 8.5.x before 8.5.2-004, 8.6.x and 8.7.x before 8.7.0-171-LD, and 8.8.x before 8.8.0-085 on Web Security Appliance (WSA) devices allows remote attackers to cause a denial of service (memory consumption) via multiple proxy connections, aka Bug ID CSCus10922. | 2015-11-06 | 7.8 | CVE-2015-6292 CISCO |
cisco — web_security_appliance | Cisco AsyncOS 8.x before 8.0.8-113, 8.1.x and 8.5.x before 8.5.3-051, 8.6.x and 8.7.x before 8.7.0-171-LD, and 8.8.x before 8.8.0-085 on Web Security Appliance (WSA) devices allows remote attackers to cause a denial of service (memory consumption) via multiple file-range requests, aka Bug ID CSCur39155. | 2015-11-05 | 7.8 | CVE-2015-6293 CISCO |
cisco — web_security_appliance | The admin web interface in Cisco AsyncOS 8.x before 8.0.8-113, 8.1.x and 8.5.x before 8.5.3-051, 8.6.x and 8.7.x before 8.7.0-171-LD, and 8.8.x before 8.8.0-085 on Web Security Appliance (WSA) devices allows remote authenticated users to obtain root privileges via crafted certificate-generation arguments, aka Bug ID CSCus83445. | 2015-11-06 | 9.0 | CVE-2015-6298 CISCO |
cisco — content_security_management_appliance | Cisco AsyncOS before 8.5.7-042, 9.x before 9.1.0-032, 9.1.x before 9.1.1-023, and 9.5.x and 9.6.x before 9.6.0-042 on Email Security Appliance (ESA) devices; before 9.1.0-032, 9.1.1 before 9.1.1-005, and 9.5.x before 9.5.0-025 on Content Security Management Appliance (SMA) devices; and before 7.7.0-725 and 8.x before 8.0.8-113 on Web Security Appliance (WSA) devices allows remote attackers to cause a denial of service (memory consumption) via a flood of TCP packets, aka Bug IDs CSCus79774, CSCus79777, and CSCzv95795. | 2015-11-05 | 7.8 | CVE-2015-6321 CISCO |
commvault — edge_server | The Web Console in Commvault Edge Server 10 R2 allows remote attackers to execute arbitrary OS commands via crafted serialized data in a cookie. | 2015-11-03 | 10.0 | CVE-2015-7253 CERT-VN |
google — android | mediaserver in Android 5.x before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bugs 19779574, 23680780, 23876444, and 23658148, a different vulnerability than CVE-2015-8072 and CVE-2015-8073. | 2015-11-03 | 10.0 | CVE-2015-6608 MLIST |
google — android | libutils in Android before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted audio file, aka internal bug 22953624. | 2015-11-03 | 10.0 | CVE-2015-6609 MLIST |
google — android | libstagefright in Android before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows attackers to gain privileges or cause a denial of service (memory corruption) via a crafted application, aka internal bug 23707088. | 2015-11-03 | 9.3 | CVE-2015-6610 MLIST |
google — android | libmedia in Android before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows attackers to gain privileges via a crafted application, aka internal bug 23540426. | 2015-11-03 | 9.3 | CVE-2015-6612 MLIST |
google — android | mediaserver in Android 4.4 through 5.x before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23881715, a different vulnerability than CVE-2015-6608 and CVE-2015-8073. | 2015-11-03 | 10.0 | CVE-2015-8072 MLIST |
google — android | mediaserver in Android 4.4 and 5.1 before 5.1.1 LMY48X allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 14388161, a different vulnerability than CVE-2015-6608 and CVE-2015-8072. | 2015-11-03 | 10.0 | CVE-2015-8073 MLIST |
hp — arcsight_command_center | HP ArcSight Logger 6.0.0.7307.1, ArcSight Command Center 6.8.0.1896.0, and ArcSight Connector Appliance 6.4.0.6881.3 use the root account to execute files owned by the arcsight user, which might allow local users to gain privileges by leveraging arcsight account access. | 2015-11-03 | 7.2 | CVE-2015-6030 CERT-VN |
hp — vertica | The vertica-udx-zygote process in HP Vertica 7.1.1 UDx does not require authentication, which allows remote attackers to execute arbitrary commands via a crafted packet, aka ZDI-CAN-2914. | 2015-11-03 | 7.5 | CVE-2015-6867 HP MISC |
ibm — tivoli_storage_manager | The Reporting and Monitoring component in Tivoli Monitoring in IBM Tivoli Storage Manager 6.3 before 6.3.6 and 7.1 before 7.1.3 on Linux and AIX uses world-writable permissions for unspecified files, which allows local users to gain privileges by writing to a file. | 2015-11-03 | 7.2 | CVE-2015-4927 CONFIRM |
mobatek — mobaxterm | The default configuration of the server in MobaXterm before 8.3 has a disabled Access Control setting and consequently does not require authentication for X11 connections, which allows remote attackers to execute arbitrary commands or obtain sensitive information via X11 packets. | 2015-11-03 | 7.5 | CVE-2015-7244 CERT-VN CONFIRM MISC |
mozilla — firefox | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | 2015-11-05 | 7.5 | CVE-2015-4513 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
mozilla — firefox | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 42.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | 2015-11-05 | 7.5 | CVE-2015-4514 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
mozilla — firefox | The sec_asn1d_parse_leaf function in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, improperly restricts access to an unspecified data structure, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OCTET STRING data, related to a “use-after-poison” issue. | 2015-11-05 | 7.5 | CVE-2015-7181 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
mozilla — firefox | Heap-based buffer overflow in the ASN.1 decoder in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OCTET STRING data. | 2015-11-05 | 7.5 | CVE-2015-7182 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
mozilla — firefox | Integer overflow in the PL_ARENA_ALLOCATE implementation in Netscape Portable Runtime (NSPR) in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors. | 2015-11-05 | 7.5 | CVE-2015-7183 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
mozilla — firefox | Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 allow remote attackers to bypass the Same Origin Policy for an IP address origin, and conduct cross-site scripting (XSS) attacks, by appending whitespace characters to an IP address string. | 2015-11-05 | 7.5 | CVE-2015-7188 CONFIRM CONFIRM |
mozilla — firefox | The accessibility-tools feature in Mozilla Firefox before 42.0 on OS X improperly interacts with the implementation of the TABLE element, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code by using an NSAccessibilityIndexAttribute value to reference a row index. | 2015-11-05 | 7.5 | CVE-2015-7192 CONFIRM CONFIRM |
mozilla — firefox | Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 improperly follow the CORS cross-origin request algorithm for the POST method in situations involving an unspecified Content-Type header manipulation, which allows remote attackers to bypass the Same Origin Policy by leveraging the lack of a preflight-request step. | 2015-11-05 | 7.5 | CVE-2015-7193 CONFIRM CONFIRM |
mozilla — firefox | Buffer underflow in libjar in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted ZIP archive. | 2015-11-05 | 7.5 | CVE-2015-7194 CONFIRM CONFIRM |
mozilla — firefox | Buffer overflow in the rx::TextureStorage11 class in ANGLE, as used in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted texture data. | 2015-11-05 | 7.5 | CVE-2015-7198 CONFIRM CONFIRM |
mozilla — firefox | The (1) AddWeightedPathSegLists and (2) SVGPathSegListSMILType::Interpolate functions in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 lack status checking, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted SVG document. | 2015-11-05 | 7.5 | CVE-2015-7199 CONFIRM CONFIRM |
mozilla — firefox | The CryptoKey interface implementation in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 lacks status checking, which allows attackers to have an unspecified impact via vectors related to a cryptographic key. | 2015-11-05 | 7.5 | CVE-2015-7200 CONFIRM CONFIRM |
powerdns — authoritative | The label decompression functionality in PowerDNS Recursor before 3.6.4 and 3.7.x before 3.7.3 and Authoritative (Auth) Server before 3.3.3 and 3.4.x before 3.4.5 allows remote attackers to cause a denial of service (CPU consumption or crash) via a request with a long name that refers to itself. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1868. | 2015-11-02 | 7.8 | CVE-2015-5470 CONFIRM MLIST MLIST |
qolsys — iq_panel | Qolsys IQ Panel (aka QOL) before 1.5.1 has hardcoded cryptographic keys, which allows remote attackers to create digital signatures for code by leveraging knowledge of a key from a different installation. | 2015-10-31 | 9.3 | CVE-2015-6032 CERT-VN |
qolsys — iq_panel | Qolsys IQ Panel (aka QOL) before 1.5.1 does not verify the digital signatures of software updates, which allows man-in-the-middle attackers to bypass intended access restrictions via a modified update. | 2015-10-31 | 9.3 | CVE-2015-6033 CERT-VN |
typemoon — fate/hollow_ataraxia | TYPE-MOON Fate/stay night, Fate/hollow ataraxia, Witch on the Holy Night, and Fate/stay night + hollow ataraxia set allow remote attackers to execute arbitrary OS commands via crafted saved data. | 2015-11-06 | 10.0 | CVE-2015-5672 CONFIRM JVNDB JVN |
wp-championship_project — wp-championship | Multiple SQL injection vulnerabilities in cs_admin_users.php in the wp-championship plugin 5.8 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) user, (2) isadmin, (3) mail service, (4) mailresceipt, (5) stellv, (6) champtipp, (7) tippgroup, or (8) userid parameter. | 2015-11-02 | 7.5 | CVE-2015-5308 MISC MISC |
xen — xen | The mod_l2_entry function in arch/x86/mm.c in Xen 3.4 through 4.6.x does not properly validate level 2 page table entries, which allows local PV guest administrators to gain privileges via a crafted superpage mapping. | 2015-10-30 | 7.2 | CVE-2015-7835 MISC CONFIRM |
Medium Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
apache — ambari | Server-side request forgery (SSRF) vulnerability in the proxy endpoint (api/v1/proxy) in Apache Ambari before 2.1.0 allows remote authenticated users to conduct port scans and access unsecured services via a crafted REST call. | 2015-11-02 | 5.5 | CVE-2015-1775 CONFIRM MLIST |
apache — ambari | Apache Ambari before 2.0.2 or 2.1.x before 2.1.1 allows remote authenticated users to gain administrative privileges via unspecified vectors, possibly related to changing passwords. | 2015-11-02 | 6.5 | CVE-2015-3270 CONFIRM MLIST |
apache — ambari | Open redirect vulnerability in Apache Ambari before 2.1.2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the targetURI parameter. | 2015-11-02 | 5.8 | CVE-2015-5210 CONFIRM MLIST |
arm — mbed_tls | Heap-based buffer overflow in PolarSSL 1.x before 1.2.17 and ARM mbed TLS (formerly PolarSSL) 1.3.x before 1.3.14 and 2.x before 2.1.2 allows remote SSL servers to cause a denial of service (client crash) and possibly execute arbitrary code via a long hostname to the server name indication (SNI) extension, which is not properly handled when creating a ClientHello message. NOTE: this identifier has been SPLIT per ADT3 due to different affected version ranges. See CVE-2015-8036 for the session ticket issue that was introduced in 1.3.0. | 2015-11-02 | 6.8 | CVE-2015-5291 CONFIRM MISC MISC FEDORA |
arm — mbed_tls | Heap-based buffer overflow in ARM mbed TLS (formerly PolarSSL) 1.3.x before 1.3.14 and 2.x before 2.1.2 allows remote SSL servers to cause a denial of service (client crash) and possibly execute arbitrary code via a long session ticket name to the session ticket extension, which is not properly handled when creating a ClientHello message to resume a session. NOTE: this identifier was SPLIT from CVE-2015-5291 per ADT3 due to different affected version ranges. | 2015-11-02 | 6.8 | CVE-2015-8036 CONFIRM MISC MISC FEDORA |
cisco — mobility_services_engine | Cisco Mobility Services Engine (MSE) through 8.0.120.7 uses weak permissions for unspecified binary files, which allows local users to obtain root privileges by writing to a file, aka Bug ID CSCuv40504. | 2015-11-06 | 6.9 | CVE-2015-4282 CISCO |
cisco — mobility_services_engine | The default configuration of sshd_config in Cisco Mobility Services Engine (MSE) through 8.0.120.7 allows logins by the oracle account, which makes it easier for remote attackers to obtain access by entering this account’s hardcoded password in an SSH session, aka Bug ID CSCuv40501. | 2015-11-06 | 6.5 | CVE-2015-6316 CISCO |
cisco — ios | The SIP implementation in Cisco IOS 15.5(3)M on Cisco Unified Border Element (CUBE) devices allows remote attackers to cause a denial of service via crafted SIP messages, aka Bug ID CSCuv79202. | 2015-10-31 | 5.0 | CVE-2015-6343 CISCO |
cisco — unified_computing_system_(managed) | The web interface in Cisco Unified Computing System (UCS) 2.2(5b)A on blade servers allows remote attackers to obtain potentially sensitive version information by visiting an unspecified URL, aka Bug ID CSCuw87226. | 2015-11-03 | 5.0 | CVE-2015-6355 CISCO |
cisco — socialminer | Cross-site scripting (XSS) vulnerability in the WeChat page in Cisco Social Miner 10.0(1) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCuw60212. | 2015-11-03 | 4.3 | CVE-2015-6356 CISCO |
dell — sonicwall_totalsecure_tz_100_firmware | Dell SonicWall TotalSecure TZ 100 devices with firmware before 5.9.1.0-22o allow remote attackers to cause a denial of service via a crafted packet. | 2015-11-06 | 5.0 | CVE-2015-7770 JVNDB JVN |
fortinet — fortimanager_firmware | Multiple cross-site scripting (XSS) vulnerabilities in the Graphical User Interface (GUI) in Fortinet FortiManager before 5.2.4 allow remote attackers to inject arbitrary web script or HTML via the (1) SOMVpnSSLPortalDialog or (2) FGDMngUpdHistory. | 2015-11-02 | 4.3 | CVE-2015-8037 CONFIRM |
fortinet — fortimanager_firmware | Multiple cross-site scripting (XSS) vulnerabilities in the Graphical User Interface (GUI) in Fortinet FortiManager before 5.2.4 allow remote attackers to inject arbitrary web script or HTML via the (1) sharedjobmanager or (2) SOMServiceObjDialog. | 2015-11-02 | 4.3 | CVE-2015-8038 CONFIRM |
google — android | mediaserver in Android before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows remote attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via unknown vectors, aka internal bugs 23905951, 23912202, 23953967, 23696300, 23600291, 23756261, 23541506, 23284974, 23542351, and 23542352, a different vulnerability than CVE-2015-8074. | 2015-11-03 | 5.0 | CVE-2015-6611 MLIST |
google — android | Bluetooth in Android before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows attackers to send commands to a debugging port, and consequently gain privileges, via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 24371736. | 2015-11-03 | 5.1 | CVE-2015-6613 MLIST |
google — android | Telephony in Android 5.x before 5.1.1 LMY48X allows attackers to gain privileges, and consequently bypass intended network-interface restrictions, perform expensive data transfers, or cause a denial of service (call-reception outage or mute manipulation), via a crafted application, aka internal bug 21900139. | 2015-11-03 | 5.8 | CVE-2015-6614 MLIST |
google — android | mediaserver in Android before 5.1.1 LMY48X allows remote attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via unknown vectors, aka internal bugs 23540907 and 23515142, a different vulnerability than CVE-2015-6611. | 2015-11-03 | 5.0 | CVE-2015-8074 MLIST |
hp — arcsight_smartconnectors | HP ArcSight SmartConnectors before 7.1.6 do not verify X.509 certificates from Logger devices, which allows man-in-the-middle attackers to spoof devices and obtain sensitive information via a crafted certificate. | 2015-11-03 | 6.8 | CVE-2015-2902 CERT-VN HP |
hp — arcsight_smartconnectors | The CWSAPI SOAP service in HP ArcSight SmartConnectors before 7.1.6 has a hardcoded password, which makes it easier for remote attackers to obtain administrative access by leveraging knowledge of this password. | 2015-11-03 | 6.9 | CVE-2015-2903 CERT-VN HP |
hp — arcsight_logger | HP ArcSight Logger before 6.0 P2 does not limit attempts to authenticate to the SOAP interface, which makes it easier for remote attackers to obtain access via a brute-force approach. | 2015-11-03 | 5.0 | CVE-2015-6029 CERT-VN HP |
ibm — infosphere_information_server | IBM InfoSphere Information Server 11.3 and 11.5 allows remote authenticated DataStage users to bypass intended job-execution restrictions or obtain sensitive information via unspecified vectors. | 2015-11-03 | 5.5 | CVE-2015-5021 CONFIRM AIXAPAR |
isucon — isucon_5_qualifier_eventapp | eventapp/lib/gcloud.rb in the ISUCON5 qualifier portal (aka eventapp) web application before 2015-10-30 makes improper popen calls, which allows remote attackers to execute arbitrary commands via an HTTP request that includes shell metacharacters in an argument to a “gcloud compute” command. | 2015-11-03 | 6.5 | CVE-2015-5673 CONFIRM CONFIRM JVNDB JVN |
miniupnp_project — miniupnp | Buffer overflow in the IGDstartelt function in igd_desc_parse.c in the MiniUPnP client (aka MiniUPnPc) before 1.9.20150917 allows remote UPNP servers to cause a denial of service (application crash) and possibly execute arbitrary code via an “oversized” XML element name. | 2015-11-02 | 6.8 | CVE-2015-6031 CONFIRM CONFIRM UBUNTU UBUNTU DEBIAN MISC |
mozilla — firefox | Mozilla Firefox before 42.0, when NTLM v1 is enabled for HTTP authentication, allows remote attackers to obtain sensitive hostname information by constructing a crafted web site that sends an NTLM request and reads the Workstation field of an NTLM type 3 message. | 2015-11-05 | 4.3 | CVE-2015-4515 CONFIRM CONFIRM |
mozilla — firefox | The Reader View implementation in Mozilla Firefox before 42.0 has an improper whitelist, which makes it easier for remote attackers to bypass the Content Security Policy (CSP) protection mechanism and conduct cross-site scripting (XSS) attacks via vectors involving SVG animations and the about:reader URL. | 2015-11-05 | 4.3 | CVE-2015-4518 CONFIRM CONFIRM CONFIRM |
mozilla — firefox | Mozilla Firefox before 42.0 on Android does not ensure that the address bar is restored upon fullscreen-mode exit, which allows remote attackers to spoof the address bar via crafted JavaScript code. | 2015-11-05 | 4.3 | CVE-2015-7185 CONFIRM CONFIRM |
mozilla — firefox | Mozilla Firefox before 42.0 on Android allows user-assisted remote attackers to bypass the Same Origin Policy and trigger (1) a download or (2) cached profile-data reading via a file: URL in a saved HTML document. | 2015-11-05 | 4.3 | CVE-2015-7186 CONFIRM CONFIRM |
mozilla — firefox | The Add-on SDK in Mozilla Firefox before 42.0 misinterprets a “script: false” panel setting, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via inline JavaScript code that is executed within a third-party extension. | 2015-11-05 | 4.3 | CVE-2015-7187 CONFIRM CONFIRM |
mozilla — firefox | Race condition in the JPEGEncoder function in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow) via vectors involving a CANVAS element and crafted JavaScript code. | 2015-11-05 | 6.8 | CVE-2015-7189 CONFIRM CONFIRM |
mozilla — firefox | The Search feature in Mozilla Firefox before 42.0 on Android through 4.4 supports search-engine URL registration through an intent and can access this URL in a privileged context in conjunction with the crash reporter, which allows attackers to read log files and visit file: URLs of HTML documents via a crafted application. | 2015-11-05 | 5.0 | CVE-2015-7190 CONFIRM CONFIRM |
mozilla — firefox | Mozilla Firefox before 42.0 on Android improperly restricts URL strings in intents, which allows attackers to conduct cross-site scripting (XSS) attacks via vectors involving an intent: URL and fallback navigation, aka “Universal XSS (UXSS).” | 2015-11-05 | 4.3 | CVE-2015-7191 CONFIRM CONFIRM |
mozilla — firefox | The URL parsing implementation in Mozilla Firefox before 42.0 improperly recognizes escaped characters in hostnames within Location headers, which allows remote attackers to obtain sensitive information via vectors involving a redirect. | 2015-11-05 | 5.0 | CVE-2015-7195 CONFIRM CONFIRM |
mozilla — firefox | Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4, when a Java plugin is enabled, allow remote attackers to cause a denial of service (incorrect garbage collection and application crash) or possibly execute arbitrary code via a crafted Java applet that deallocates an in-use JavaScript wrapper. | 2015-11-05 | 6.8 | CVE-2015-7196 CONFIRM CONFIRM |
mozilla — firefox | Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 improperly control the ability of a web worker to create a WebSocket object, which allows remote attackers to bypass intended mixed-content restrictions via crafted JavaScript code. | 2015-11-05 | 5.0 | CVE-2015-7197 CONFIRM CONFIRM |
oxwall — oxwall | Multiple cross-site request forgery (CSRF) vulnerabilities in Oxwall before 1.8 allow remote attackers to hijack the authentication of administrators for requests that (1) put the website under maintenance via the maintenance_enable parameter or (2) conduct cross-site scripting (XSS) attacks via the maintenance_text parameter to admin/pages/maintenance. | 2015-11-02 | 6.8 | CVE-2015-5534 MISC BUGTRAQ MISC |
samsung — smartviewer | Samsung SmartViewer allow remote attackers to execute arbitrary code via unspecified vectors to the (1) DVRSetupSave method in the STWAxConfig control or (2) SendCustomPacket method in the STWAxConfigNVR control, which trigger an untrusted pointer dereference. | 2015-11-02 | 6.8 | CVE-2015-8039 MISC MISC |
samsung — smartviewer | The rtsp_getdlsendtime method in the CNC_Ctrl control in Samsung SmartViewer allows remote attackers to execute arbitrary code via an index value. | 2015-11-02 | 6.8 | CVE-2015-8040 MISC |
sap — 3d_visual_enterprise_viewer | Multiple buffer overflows in SAP 3D Visual Enterprise Viewer (VEV) allow remote attackers to execute arbitrary code via a crafted (1) 3DM or (2) Flic Animation file. | 2015-10-30 | 6.8 | CVE-2015-8028 MISC MISC |
sap — 3d_visual_enterprise_viewer | SAP 3D Visual Enterprise Viewer (VEV) allows remote attackers to execute arbitrary code via a crafted Filmbox document, which triggers memory corruption. | 2015-10-30 | 6.8 | CVE-2015-8029 MISC |
sap — 3d_visual_enterprise_viewer | SAP 3D Visual Enterprise Viewer (VEV) allows remote attackers to execute arbitrary code via a crafted (1) U3D, (2) LWO, (3) JPEG2000, or (4) FBX file, aka “Out-Of-Bounds Indexing” vulnerabilities. | 2015-10-30 | 6.8 | CVE-2015-8030 MISC MISC MISC MISC |
xen — xen | Race condition in the relinquish_memory function in arch/arm/domain.c in Xen 4.6.x and earlier allows local domains with partial management control to cause a denial of service (host crash) via vectors involving the destruction of a domain and using XENMEM_decrease_reservation to reduce the memory of the domain. | 2015-10-30 | 4.7 | CVE-2015-7814 CONFIRM |
xen — xen | Multiple memory leaks in Xen 4.0 through 4.6.x allow local guest administrators or domains with certain permission to cause a denial of service (memory consumption) via a large number of “teardowns” of domains with the vcpu pointer array allocated using the (1) XEN_DOMCTL_max_vcpus hypercall or the xenoprofile state vcpu pointer array allocated using the (2) XENOPROF_get_buffer or (3) XENOPROF_set_passive hypercall. | 2015-10-30 | 4.9 | CVE-2015-7969 CONFIRM CONFIRM |
xen — xen | The p2m_pod_emergency_sweep function in arch/x86/mm/p2m-pod.c in Xen 3.4.x, 3.5.x, and 3.6.x is not preemptible, which allows local x86 HVM guest administrators to cause a denial of service (CPU consumption and possibly reboot) via crafted memory contents that triggers a “time-consuming linear scan,” related to Populate-on-Demand. | 2015-10-30 | 4.9 | CVE-2015-7970 CONFIRM |
Low Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
apache — ambari | Cross-site scripting (XSS) vulnerability in Apache Ambari before 2.1.0 allows remote authenticated cluster operator users to inject arbitrary web script or HTML via the note field in a configuration change. | 2015-11-02 | 3.5 | CVE-2015-3186 CONFIRM MLIST |
cisco — firesight_system_software | Multiple cross-site scripting (XSS) vulnerabilities in Cisco FireSight Management Center (MC) 5.3.1.5 and 5.4.x through 5.4.1.3 allow remote authenticated users to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuu28922. | 2015-10-31 | 3.5 | CVE-2015-6353 CISCO |
cisco — firesight_system_software | Multiple cross-site scripting (XSS) vulnerabilities in Cisco FireSight Management Center (MC) 5.4.1.3 and 6.0 allow remote authenticated users to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuv73338. | 2015-10-31 | 3.5 | CVE-2015-6354 CISCO |
html-scrubber_project — html-scrubber | Cross-site scripting (XSS) vulnerability in the HTML-Scrubber module before 0.15 for Perl, when the comment feature is enabled, allows remote attackers to inject arbitrary web script or HTML via a crafted comment. | 2015-10-31 | 2.6 | CVE-2015-5667 CONFIRM JVNDB JVN |
xen — xen | Xen 4.4.x, 4.5.x, and 4.6.x does not limit the number of printk console messages when reporting unimplemented hypercalls, which allows local guests to cause a denial of service via a sequence of (1) HYPERVISOR_physdev_op hypercalls, which are not properly handled in the do_physdev_op function in arch/arm/physdev.c, or (2) HYPERVISOR_hvm_op hypercalls, which are not properly handled in the do_hvm_op function in arch/arm/hvm.c. | 2015-10-30 | 2.1 | CVE-2015-7813 CONFIRM |
xen — xen | Xen 3.2.x through 4.6.x does not limit the number of printk console messages when logging certain pmu and profiling hypercalls, which allows local guests to cause a denial of service via a sequence of crafted (1) HYPERCALL_xenoprof_op hypercalls, which are not properly handled in the do_xenoprof_op function in common/xenoprof.c, or (2) HYPERVISOR_xenpmu_op hypercalls, which are not properly handled in the do_xenpmu_op function in arch/x86/cpu/vpmu.c. | 2015-10-30 | 2.1 | CVE-2015-7971 CONFIRM |
xen — xen | The (1) libxl_set_memory_target function in tools/libxl/libxl.c and (2) libxl__build_post function in tools/libxl/libxl_dom.c in Xen 3.4.x through 4.6.x do not properly calculate the balloon size when using the populate-on-demand (PoD) system, which allows local HVM guest users to cause a denial of service (guest crash) via unspecified vectors related to “heavy memory pressure.” | 2015-10-30 | 2.1 | CVE-2015-7972 CONFIRM |
This product is provided subject to this Notification and this Privacy & Use policy.