Original release date: November 23, 2015
The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.
The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
-
High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0
-
Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9
-
Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9
Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.
High Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
adobe — premiere_clip | The Adobe Premiere Clip app before 1.2.1 for iOS mishandles unspecified input, which has unknown impact and attack vectors. | 2015-11-18 | 10.0 | CVE-2015-8051 CONFIRM |
arista — eos | Arista EOS before 4.11.12, 4.12 before 4.12.11, 4.13 before 4.13.14M, 4.14 before 4.14.5FX.5, and 4.15 before 4.15.0FX1.1 allows remote attackers to execute arbitrary code as root by leveraging management-plane access, aka Bug 138716. | 2015-11-19 | 10.0 | CVE-2015-8236 CONFIRM |
cisco — aironet_access_point_software | Cisco Aironet 1800 devices with software 8.1(131.0) allow remote attackers to cause a denial of service (CPU consumption) by improperly establishing many SSHv2 connections, aka Bug ID CSCux13374. | 2015-11-13 | 7.8 | CVE-2015-6367 CISCO |
cisco — firepower_extensible_operating_system | The Management I/O (MIO) component in Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower 9000 devices allows local users to execute arbitrary OS commands as root via crafted CLI input, aka Bug ID CSCux10578. | 2015-11-18 | 7.2 | CVE-2015-6370 CISCO |
dameware — mini_remote_control | Stack-based buffer overflow in the URI handler in DWRCC.exe in SolarWinds DameWare Mini Remote Control before 12.0 HotFix 1 allows remote attackers to execute arbitrary code via a crafted commandline argument in a link. | 2015-11-17 | 7.5 | CVE-2015-8220 CONFIRM MISC |
dracut_project — dracut | modules.d/90crypt/module-setup.sh in the dracut package before 037-17.30.1 in openSUSE 13.2 allows local users to have unspecified impact via a symlink attack on /tmp/dracut_block_uuid.map. | 2015-11-19 | 7.2 | CVE-2015-0794 SUSE MLIST MLIST |
exemys — telemetry_web_server | Exemys Telemetry Web Server relies on an HTTP Location header to indicate that a client is unauthorized, which allows remote attackers to bypass intended access restrictions by disregarding this header and processing the response body. | 2015-11-19 | 7.8 | CVE-2015-7910 MISC |
ffmpeg — ffmpeg | The ljpeg_decode_yuv_scan function in libavcodec/mjpegdec.c in FFmpeg before 2.8.2 omits certain width and height checks, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted MJPEG data. | 2015-11-16 | 7.5 | CVE-2015-8216 CONFIRM |
ffmpeg — ffmpeg | The ff_hevc_parse_sps function in libavcodec/hevc_ps.c in FFmpeg before 2.8.2 does not validate the Chroma Format Indicator, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted High Efficiency Video Coding (HEVC) data. | 2015-11-16 | 7.5 | CVE-2015-8217 CONFIRM |
ffmpeg — ffmpeg | The init_tile function in libavcodec/jpeg2000dec.c in FFmpeg before 2.8.2 does not enforce minimum-value and maximum-value constraints on tile coordinates, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JPEG 2000 data. | 2015-11-16 | 7.5 | CVE-2015-8219 CONFIRM |
google — picasa | Integer overflow in Google Picasa before 3.9.140 Build 259 allows remote attackers to execute arbitrary code via the CAMF section in a FOVb image, which triggers a heap-based buffer overflow. | 2015-11-17 | 10.0 | CVE-2015-8221 BUGTRAQ MISC MISC |
huawei — espace_firmware | An unspecified module in Huawei eSpace U1910, U1911, U1930, U1960, U1980, and U1981 unified gateways with software before V200R003C00SPC300 does not properly initialize memory when processing timeout messages, which allows remote attackers to cause a denial of service (out-of-bounds memory access and device restart) via unknown vectors. | 2015-11-19 | 7.8 | CVE-2015-8083 CONFIRM |
ibm — websphere_portal | IBM WebSphere Portal 8.0.0.1 before CF19 and 8.5.0 before CF09 allows remote attackers to cause a denial of service (memory consumption) via crafted requests. | 2015-11-13 | 7.8 | CVE-2015-7419 CONFIRM AIXAPAR |
mega-nerd — libsndfile | Heap-based buffer overflow in libsndfile 1.0.25 allows remote attackers to have unspecified impact via the headindex value in the header in an AIFF file. | 2015-11-17 | 9.3 | CVE-2015-7805 EXPLOIT-DB MLIST MLIST MISC MISC SUSE FEDORA |
oracle — weblogic_server | The WLS Security component in Oracle WebLogic Server 10.3.6.0, 12.1.2.0, 12.1.3.0, and 12.2.1.0 allows remote attackers to execute arbitrary commands via a crafted serialized Java object in T3 protocol traffic to TCP port 7001, related to oracle_common/modules/com.bea.core.apache.commons.collections.jar. NOTE: the scope of this CVE is limited to the WebLogic Server product. | 2015-11-18 | 7.5 | CVE-2015-4852 MISC CONFIRM CONFIRM MLIST MISC |
piwik — piwik | Directory traversal vulnerability in core/ViewDataTable/Factory.php in Piwik before 2.15.0 allows remote attackers to include and execute arbitrary local files via the viewDataTable parameter. | 2015-11-16 | 7.5 | CVE-2015-7815 CONFIRM BUGTRAQ FULLDISC MISC MISC |
piwik — piwik | The DisplayTopKeywords function in plugins/Referrers/Controller.php in Piwik before 2.15.0, which allows remote attackers to conduct PHP object injection attacks, conduct Server-Side Request Forgery (SSRF) attacks, and execute arbitrary PHP code via a crafted HTTP header. | 2015-11-16 | 7.5 | CVE-2015-7816 CONFIRM BUGTRAQ FULLDISC MISC MISC |
samsung — galaxy_s6 | The media scanning functionality in the face recognition library in android.media.process in Samsung Galaxy S6 Edge before G925VVRU4B0G9 allows remote attackers to gain privileges or cause a denial of service (memory corruption) via a crafted BMP image file. | 2015-11-16 | 7.5 | CVE-2015-7897 EXPLOIT-DB MISC MISC MISC |
schneider-electric — imt25_magnetic_flow_dtm | Buffer overflow in Schneider Electric IMT25 Magnetic Flow DTM before 1.500.004 for the HART Protocol allows remote authenticated users to execute arbitrary code or cause a denial of service (memory corruption) via a crafted HART reply. | 2015-11-14 | 7.7 | CVE-2015-3977 MISC CONFIRM |
sudo_project — sudo | sudoedit in Sudo before 1.8.15 allows local users to gain privileges via a symlink attack on a file whose full path is defined using multiple wildcards in /etc/sudoers, as demonstrated by “/home/*/*/file.txt.” | 2015-11-17 | 7.2 | CVE-2015-5602 EXPLOIT-DB CONFIRM FEDORA FEDORA CONFIRM |
Medium Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
adobe — coldfusion | Adobe BlazeDS, as used in ColdFusion 10 before Update 18 and 11 before Update 7 and LiveCycle Data Services 3.0.x before 3.0.0.354175, 3.1.x before 3.1.0.354180, 4.5.x before 4.5.1.354177, 4.6.2.x before 4.6.2.354178, and 4.7.x before 4.7.0.354178, allows remote attackers to send HTTP traffic to intranet servers via a crafted XML document, related to a Server-Side Request Forgery (SSRF) issue. | 2015-11-18 | 4.3 | CVE-2015-5255 CONFIRM CONFIRM |
adobe — coldfusion | Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 10 before Update 18 and 11 before Update 7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-8053. | 2015-11-18 | 4.3 | CVE-2015-8052 CONFIRM |
adobe — coldfusion | Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 10 before Update 18 and 11 before Update 7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-8052. | 2015-11-18 | 4.3 | CVE-2015-8053 CONFIRM |
apache — cxf | The SAML Web SSO module in Apache CXF before 2.7.18, 3.0.x before 3.0.7, and 3.1.x before 3.1.3 allows remote authenticated users to bypass authentication via a crafted SAML response with a valid signed assertion, related to a “wrapping attack.” | 2015-11-18 | 4.0 | CVE-2015-5253 CONFIRM SECTRACK MLIST CONFIRM |
atutor — atutor | Unrestricted file upload vulnerability in mods/_core/properties/lib/course.inc.php in ATutor before 2.2 patch 6 allows remote authenticated users to execute arbitrary PHP code by uploading a file with a PHP extension as a customicon for a new course, then accessing it via a direct request to the file in content/. | 2015-11-16 | 6.5 | CVE-2014-9752 BUGTRAQ CONFIRM FULLDISC MISC MISC |
atutor — atutor | Multiple eval injection vulnerabilities in mods/_standard/gradebook/edit_marks.php in ATutor 2.2 and earlier allow remote authenticated users with the AT_PRIV_GRADEBOOK privilege to execute arbitrary PHP code via the (1) asc or (2) desc parameter. | 2015-11-16 | 6.5 | CVE-2015-7712 BUGTRAQ FULLDISC MISC MISC |
bastian_allgeier — kirby | Unrestricted file upload vulnerability in the Panel component in Bastian Allgeier Kirby before 2.1.2 allows remote authenticated users to execute arbitrary PHP code by uploading a file that lacks an extension, and then renaming this file to have a .php extension. | 2015-11-19 | 6.5 | CVE-2015-7773 CONFIRM JVNDB JVN |
blackberry — enterprise_server | The Management Console in BlackBerry Enterprise Server (BES) 12 before 12.2 does not properly restrict use of FRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site, related to a “cross frame scripting” issue. | 2015-11-19 | 4.3 | CVE-2015-4112 CONFIRM |
canonical — ubuntu_linux | The lxd-unix.socket systemd unit file in the Ubuntu lxd package before 0.20-0ubuntu4.1 uses world-readable permissions for /var/lib/lxd/unix.socket, which allows local users to gain privileges via unspecified vectors. | 2015-11-17 | 4.6 | CVE-2015-8222 UBUNTU CONFIRM CONFIRM |
cisco — prime_collaboration_assurance | Cross-site request forgery (CSRF) vulnerability in Cisco Prime Collaboration Assurance 10.5(1) and 10.6 allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCus62712. | 2015-11-18 | 6.8 | CVE-2015-6330 CISCO |
cisco — firesight_system_software | The rule-update feature in Cisco FireSIGHT Management Center (MC) 5.2 through 5.4.0.1 does not verify the X.509 certificate of the support.sourcefire.com SSL server, which allows man-in-the-middle attackers to spoof this server and provide an invalid package, and consequently execute arbitrary code, via a crafted certificate, aka Bug ID CSCuw06444. | 2015-11-18 | 6.8 | CVE-2015-6357 CISCO |
cisco — videoscape_distribution_suite_service_manager | Cisco Content Delivery System Manager Software 3.2 on Videoscape Distribution Suite Service Manager allows remote attackers to obtain sensitive information via crafted URLs in REST API requests, aka Bug ID CSCuv86960. | 2015-11-13 | 5.0 | CVE-2015-6364 CISCO |
cisco — ios | Cisco IOS 15.2(04)M and 15.4(03)M lets physical-interface ACLs supersede virtual PPP interface ACLs, which allows remote authenticated users to bypass intended network-traffic restrictions in opportunistic circumstances by using PPP, aka Bug ID CSCur61303. | 2015-11-13 | 4.0 | CVE-2015-6365 CISCO |
cisco — firepower_extensible_operating_system | Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower 9000 devices allows remote attackers to read files via a crafted HTTP request, aka Bug ID CSCux10608. | 2015-11-18 | 5.0 | CVE-2015-6368 CISCO |
cisco — firepower_extensible_operating_system | The USB driver in Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower 9000 devices allows physically proximate attackers to cause a denial of service via a crafted USB device that triggers invalid USB commands, aka Bug ID CSCux10531. | 2015-11-18 | 4.9 | CVE-2015-6369 CISCO |
cisco — firepower_extensible_operating_system | Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower 9000 devices allows remote authenticated users to read arbitrary files via crafted parameters to unspecified scripts, aka Bug ID CSCux10621. | 2015-11-18 | 4.0 | CVE-2015-6371 CISCO |
cisco — firepower_extensible_operating_system | Cross-site scripting (XSS) vulnerability in the web-based management interface in Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower 9000 devices allows remote attackers to inject arbitrary web script or HTML via a crafted value, aka Bug ID CSCux10614. | 2015-11-18 | 4.3 | CVE-2015-6372 CISCO |
cisco — firepower_extensible_operating_system | Cross-site request forgery (CSRF) vulnerability in Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower 9000 devices allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCux10611. | 2015-11-18 | 6.8 | CVE-2015-6373 CISCO |
cisco — firepower_extensible_operating_system | The web interface in Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower 9000 devices does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, aka Bug ID CSCux10604. | 2015-11-18 | 4.3 | CVE-2015-6374 CISCO |
citrix — netscaler_application_delivery_controller_firmware | The Nitro API in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.1 Build 133.9, 10.5 before Build 58.11, and 10.5.e before Build 56.1505.e on NetScaler Service Delivery Appliance Service VM (SVM) devices allow attackers to obtain credentials via the browser cache. | 2015-11-17 | 5.0 | CVE-2015-7996 CONFIRM |
citrix — netscaler_application_delivery_controller_firmware | Multiple cross-site scripting (XSS) vulnerabilities in the Nitro API in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.1 Build 133.9, 10.5 before Build 58.11, and 10.5.e before Build 56.1505.e on NetScaler Service Delivery Appliance Service VM (SVM) devices allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2015-11-17 | 4.3 | CVE-2015-7997 CONFIRM |
citrix — netscaler_application_delivery_controller_firmware | The administration UI in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.1 Build 133.9, 10.5 before Build 58.11, and 10.5.e before Build 56.1505.e on NetScaler Service Delivery Appliance Service VM (SVM) devices allows attackers to obtain sensitive information via unspecified vectors. | 2015-11-17 | 5.0 | CVE-2015-7998 CONFIRM |
d-link — dir-816l_firmware | Multiple cross-site request forgery (CSRF) vulnerabilities in the D-Link DIR-816L Wireless Router with firmware before 2.06.B09_BETA allow remote attackers to hijack the authentication of administrators for requests that (1) change the admin password, (2) change the network policy, or (3) possibly have other unspecified impact via crafted requests to hedwig.cgi and pigwidgeon.cgi. | 2015-11-18 | 6.8 | CVE-2015-5999 BUGTRAQ FULLDISC MISC CONFIRM |
ffmpeg — ffmpeg | The decode_uncompressed function in libavcodec/faxcompr.c in FFmpeg before 2.8.2 does not validate uncompressed runs, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted CCITT FAX data. | 2015-11-16 | 6.8 | CVE-2015-8218 CONFIRM |
gentoo — libsndfile | The psf_fwrite function in file_io.c in libsndfile allows attackers to cause a denial of service (divide-by-zero error and application crash) via unspecified vectors related to the headindex variable. | 2015-11-19 | 5.0 | CVE-2014-9756 CONFIRM CONFIRM MLIST MLIST SUSE |
gnome — networkmanager | GNOME NetworkManager allows remote attackers to cause a denial of service (IPv6 traffic disruption) via a crafted MTU value in an IPv6 Router Advertisement (RA) message, a different vulnerability than CVE-2015-8215. | 2015-11-17 | 5.0 | CVE-2015-0272 CONFIRM BID CONFIRM |
gnu — gcc | The std::random_device class in libstdc++ in the GNU Compiler Collection (aka GCC) before 4.9.4 does not properly handle short reads from blocking sources, which makes it easier for context-dependent attackers to predict the random values via unspecified vectors. | 2015-11-17 | 5.0 | CVE-2015-5276 CONFIRM CONFIRM SUSE |
horde — groupware | Multiple cross-site request forgery (CSRF) vulnerabilities in Horde before 5.2.8, Horde Groupware before 5.2.11, and Horde Groupware Webmail Edition before 5.2.11 allow remote attackers to hijack the authentication of administrators for requests that execute arbitrary (1) commands via the cmd parameter to admin/cmdshell.php, (2) SQL queries via the sql parameter to admin/sqlshell.php, or (3) PHP code via the php parameter to admin/phpshell.php. | 2015-11-19 | 6.8 | CVE-2015-7984 MISC DEBIAN MLIST MLIST MLIST |
huawei — espace_firmware | The exception handling mechanism in the CLI Module in Huawei eSpace U1910, U1911, U1930, U1960, U1980, and U1981 unified gateways with software before V100R001C20SPH605 allows remote attackers to cause a denial of service (CLI outage) via crafted SSH packets. | 2015-11-19 | 5.0 | CVE-2015-7845 CONFIRM |
huawei — ne_router_software | Huawei NE20E-S, NE40E-M, and NE40E-M2 routers with software before V800R007C10SPC100 and NE40E and NE80E routers with software before V800R007C00SPC100 allows remote attackers to send packets to other VPNs and conduct flooding attacks via a crafted MPLS forwarding packet, aka a “VPN routing and forwarding (VRF) hopping vulnerability.” | 2015-11-19 | 5.0 | CVE-2015-8087 CONFIRM |
ibm — datapower_gateway | IBM DataPower Gateway appliances with firmware 6.x before 6.0.0.17, 6.0.1.x before 6.0.1.17, 7.x before 7.0.0.10, 7.1.0.x before 7.1.0.7, and 7.2.x before 7.2.0.1 do not set the secure flag for unspecified cookies in an https session, which makes it easier for remote attackers to capture these cookies by intercepting their transmission within an http session. | 2015-11-13 | 5.0 | CVE-2015-7427 CONFIRM AIXAPAR |
ipsilon_project — ipsilon | providers/saml2/admin.py in the Identity Provider (IdP) server in Ipsilon 0.1.0 before 1.0.1 does not properly check permissions to update the SAML2 Service Provider (SP) owner, which allows remote authenticated users to cause a denial of service via a duplicate SP name. | 2015-11-17 | 4.0 | CVE-2015-5217 CONFIRM CONFIRM CONFIRM MLIST |
ipsilon_project — ipsilon | providers/saml2/admin.py in the Identity Provider (IdP) server in Ipsilon 0.1.0 before 1.0.2 and 1.1.x before 1.1.1 does not properly check permissions, which allows remote authenticated users to cause a denial of service by deleting a SAML2 Service Provider (SP). | 2015-11-17 | 5.5 | CVE-2015-5301 CONFIRM CONFIRM CONFIRM CONFIRM MLIST |
linux — linux_kernel | The prepend_path function in fs/dcache.c in the Linux kernel before 4.2.4 does not properly handle rename actions inside a bind mount, which allows local users to bypass an intended container protection mechanism by renaming a directory, related to a “double-chroot attack.” | 2015-11-16 | 6.9 | CVE-2015-2925 CONFIRM CONFIRM CONFIRM CONFIRM MLIST CONFIRM CONFIRM MLIST MLIST CONFIRM CONFIRM |
linux — linux_kernel | drivers/usb/serial/whiteheat.c in the Linux kernel before 4.2.4 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact via a crafted USB device. | 2015-11-16 | 4.9 | CVE-2015-5257 CONFIRM CONFIRM MLIST CONFIRM CONFIRM |
linux — linux_kernel | The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host OS panic or hang) by triggering many #AC (aka Alignment Check) exceptions, related to svm.c and vmx.c. | 2015-11-16 | 4.9 | CVE-2015-5307 CONFIRM CONFIRM CONFIRM MLIST CONFIRM |
linux — linux_kernel | Multiple race conditions in the Advanced Union Filesystem (aufs) aufs3-mmap.patch and aufs4-mmap.patch patches for the Linux kernel 3.x and 4.x allow local users to cause a denial of service (use-after-free and BUG) or possibly gain privileges via a (1) madvise or (2) msync system call, related to mm/madvise.c and mm/msync.c. | 2015-11-16 | 4.4 | CVE-2015-7312 MLIST MLIST |
linux — linux_kernel | The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host OS panic or hang) by triggering many #DB (aka Debug) exceptions, related to svm.c. | 2015-11-16 | 4.7 | CVE-2015-8104 CONFIRM CONFIRM CONFIRM MLIST CONFIRM |
linux — linux_kernel | net/ipv6/addrconf.c in the IPv6 stack in the Linux kernel before 4.0 does not validate attempted changes to the MTU value, which allows context-dependent attackers to cause a denial of service (packet loss) via a value that is (1) smaller than the minimum compliant value or (2) larger than the MTU of an interface, as demonstrated by a Router Advertisement (RA) message that is not validated by a daemon, a different vulnerability than CVE-2015-0272. NOTE: the scope of CVE-2015-0272 is limited to the NetworkManager product. | 2015-11-16 | 5.0 | CVE-2015-8215 CONFIRM MISC CONFIRM CONFIRM CONFIRM |
newphoria_corporation — applican | Cross-site scripting (XSS) vulnerability in the runtime engine in the Newphoria applican framework before 1.13.0 for Android and iOS allows remote attackers to inject arbitrary web script or HTML via a crafted SSID that is encountered by an applican application, a different vulnerability than CVE-2015-7772. | 2015-11-19 | 4.3 | CVE-2015-7771 JVNDB JVN CONFIRM |
newphoria_corporation — applican | Cross-site scripting (XSS) vulnerability in the runtime engine in the Newphoria applican framework before 1.13.0 for Android and iOS allows remote attackers to inject arbitrary web script or HTML via a crafted URL that triggers WebView anchor attachment in an applican application, a different vulnerability than CVE-2015-7771. | 2015-11-19 | 4.3 | CVE-2015-7772 JVNDB JVN CONFIRM |
open-xchange — ox_guard | Cross-site scripting (XSS) vulnerability in Open-Xchange OX Guard before 2.0.0-rev11 allows remote attackers to inject arbitrary web script or HTML via the uid field in a PGP public key, which is not properly handled in “Guard PGP Settings.” | 2015-11-19 | 4.3 | CVE-2015-7385 CONFIRM MISC |
pc-egg — pwebmanager | PC-EGG pWebManager before 3.3.10, and before 2.2.2 for PHP 4.x, allows remote authenticated users to execute arbitrary OS commands by leveraging the editor role. | 2015-11-13 | 6.5 | CVE-2015-7774 CONFIRM JVNDB JVN |
powerdns — authoritative | PowerDNS (aka pdns) Authoritative Server 3.4.4 before 3.4.7 allows remote attackers to cause a denial of service (assertion failure and server crash) via crafted query packets. | 2015-11-17 | 5.0 | CVE-2015-5311 CONFIRM SECTRACK MLIST |
strongswan — strongswan | The server implementation of the EAP-MSCHAPv2 protocol in the eap-mschapv2 plugin in strongSwan 4.2.12 through 5.x before 5.3.4 does not properly validate local state, which allows remote attackers to bypass authentication via an empty Success message in response to an initial Challenge message. | 2015-11-18 | 5.0 | CVE-2015-8023 CONFIRM UBUNTU DEBIAN |
tibco — loglogic_unity | The Web Server component in TIBCO LogLogic Unity before 1.1.1 allows remote authenticated users to gain privileges, and consequently obtain sensitive information, via an HTTP request. | 2015-11-18 | 4.0 | CVE-2015-8090 CONFIRM CONFIRM |
uc_profile_project — uc_profile | The UC Profile module 6.x-1.x before 6.x-1.3 for Drupal does not properly check access to profiles in certain circumstances, which might allow remote attackers to obtain sensitive information from the anonymous user profile via unspecified vectors. | 2015-11-17 | 4.3 | CVE-2015-8232 MISC CONFIRM |
wireshark — wireshark | The pcapng_read_if_descr_block function in wiretap/pcapng.c in the pcapng parser in Wireshark 1.12.x before 1.12.8 uses too many levels of pointer indirection, which allows remote attackers to cause a denial of service (incorrect free and application crash) via a crafted packet that triggers interface-filter copying. | 2015-11-14 | 4.3 | CVE-2015-7830 CONFIRM CONFIRM CONFIRM |
xen — xen | The hypercall_create_continuation function in arch/arm/domain.c in Xen 4.4.x through 4.6.x allows local guest users to cause a denial of service (host crash) via a preemptable hypercall to the multicall interface. | 2015-11-17 | 4.9 | CVE-2015-7812 CONFIRM SECTRACK |
xmlsoft — libxml2 | libxml2 2.9.2 does not properly stop parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and libxml2 crash) via crafted XML data to the (1) xmlParseEntityDecl or (2) xmlParseConditionalSections function in parser.c, as demonstrated by non-terminated entities. | 2015-11-18 | 4.3 | CVE-2015-7941 CONFIRM CONFIRM CONFIRM UBUNTU MLIST MLIST |
xmlsoft — libxml2 | The xmlParseConditionalSections function in parser.c in libxml2 does not properly skip intermediary entities when it stops parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via crafted XML data, a different vulnerability than CVE-2015-7941. | 2015-11-18 | 6.8 | CVE-2015-7942 CONFIRM CONFIRM UBUNTU MLIST MLIST |
xmlsoft — libxslt | The xsltStylePreCompute function in preproc.c in libxslt 1.1.28 does not check if the parent node is an element, which allows attackers to cause a denial of service via a crafted XML file, related to a “type confusion” issue. | 2015-11-17 | 5.0 | CVE-2015-7995 CONFIRM CONFIRM BID MLIST MLIST |
Low Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
apple — apple_remote_desktop | The Remote Desktop full-screen feature in Apple OS X before 10.9 and Apple Remote Desktop before 3.7 sends dialog-box text to a connected remote host upon being woken from sleep, which allows physically proximate attackers to bypass intended access restrictions by entering a command in this box. | 2015-11-13 | 3.7 | CVE-2013-5229 JVNDB JVN CONFIRM |
emc — vplex_geosynchrony | The default configuration of EMC VPLEX GeoSynchrony 5.4 SP1 before P3 stores cleartext NAVISPHERE GUI passwords in a log file, which allows local users to obtain sensitive information by reading this file. | 2015-11-18 | 2.1 | CVE-2015-6847 BUGTRAQ |
ibm — tivoli_storage_flashcopy_manager | IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server (aka Spectrum Protect for Databases) 5.5 before 5.5.6.2, 6.3 before 6.3.1.6, 6.4 before 6.4.1.8, and 7.1 before 7.1.4; Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server (aka Spectrum Protect for Mail) 5.5 before 5.5.1.1, 6.1 and 6.3 before 6.3.1.6, 6.4 before 6.4.1.8, and 7.1 before 7.1.4; and Tivoli Storage FlashCopy Manager for Windows (aka Spectrum Protect Snapshot) 2.x and 3.1 before 3.1.1.6, 3.2 before 3.2.1.8, and 4.1 before 4.1.4, when application tracing is configured, write cleartext passwords during changetsmpassword command execution, which allows local users to obtain sensitive information by reading the application trace output. | 2015-11-13 | 1.9 | CVE-2015-7404 CONFIRM AIXAPAR |
linux — linux_kernel | The key_gc_unused_keys function in security/keys/gc.c in the Linux kernel through 4.2.6 allows local users to cause a denial of service (OOPS) via crafted keyctl commands. | 2015-11-16 | 2.1 | CVE-2015-7872 CONFIRM CONFIRM CONFIRM CONFIRM MLIST CONFIRM CONFIRM |
mayo_project — mayo | Cross-site scripting (XSS) vulnerability in the MAYO theme 7.x-1.x before 7.x-1.4 and 7.x-2.x before 7.x-2.6 for Drupal allows remote administrators with the “Administer themes” permission to inject arbitrary web script or HTML via unspecified vectors related to theme settings. | 2015-11-17 | 2.6 | CVE-2015-8233 MISC CONFIRM CONFIRM |
networkmanager_project — networkmanager | The receive_ra function in rdisc/nm-lndp-rdisc.c in the Neighbor Discovery (ND) protocol implementation in the IPv6 stack in NetworkManager 1.x allows remote attackers to reconfigure a hop-limit setting via a small hop_limit value in a Router Advertisement (RA) message, a similar issue to CVE-2015-2922. | 2015-11-16 | 3.3 | CVE-2015-2924 MLIST |
xmlsoft — libxml2 | The xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly detect compression errors, which allows context-dependent attackers to cause a denial of service (process hang) via crafted XML data. | 2015-11-18 | 2.6 | CVE-2015-8035 CONFIRM UBUNTU MLIST MLIST MLIST |
This product is provided subject to this Notification and this Privacy & Use policy.