Original release date: December 21, 2015
The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.
The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
-
High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0
-
Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9
-
Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9
Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.
High Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
accunetix — web_vulnerability_scanner | The AcuWVSSchedulerv10 service in Acunetix Web Vulnerability Scanner (WVS) before 10 build 20151125 allows local users to gain privileges via a command parameter in the reporttemplate property in a params JSON object to api/addScan. | 2015-12-17 | 7.2 | CVE-2015-4027 EXPLOIT-DB CONFIRM MISC |
apache — commons_collections | Serialized-object interfaces in certain Cisco Collaboration and Social Media; Endpoint Clients and Client Software; Network Application, Service, and Acceleration; Network and Content Security Devices; Network Management and Provisioning; Routing and Switching – Enterprise and Service Provider; Unified Computing; Voice and Unified Communications Devices; Video, Streaming, TelePresence, and Transcoding Devices; Wireless; and Cisco Hosted Services products allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library. | 2015-12-15 | 7.5 | CVE-2015-6420 CISCO |
apache — tomee | The EjbObjectInputStream class in Apache TomEE allows remote attackers to execute arbitrary commands via a serialized Java stream. | 2015-12-16 | 7.5 | CVE-2015-8581 MISC BID |
bitrix — mpbuilder | Directory traversal vulnerability in the bitrix.mpbuilder module before 1.0.12 for Bitrix allows remote administrators to include and execute arbitrary local files via a .. (dot dot) in the element name of the “work” array parameter to admin/bitrix.mpbuilder_step2.php. | 2015-12-16 | 9.0 | CVE-2015-8358 MISC CONFIRM BUGTRAQ MISC |
cacti — cacti | SQL injection vulnerability in include/top_graph_header.php in Cacti 0.8.8f and earlier allows remote attackers to execute arbitrary SQL commands via the rra_id parameter in a properties action to graph.php. | 2015-12-17 | 7.5 | CVE-2015-8369 FULLDISC MISC |
cisco — prime_collaboration_assurance | Cisco Prime Collaboration Assurance before 11.0 has a hardcoded cmuser account, which allows remote attackers to obtain access by establishing an SSH session and leveraging knowledge of this account’s password, aka Bug ID CSCus62707. | 2015-12-12 | 9.0 | CVE-2015-6389 CISCO |
cisco — epc3928_docsis_3.0_8x4_wireless_residential_ gateway_with_embedded_digital_voice_adapter |
Cisco EPC3928 devices with EDVA 5.5.10, 5.5.11, and 5.7.1 allow remote attackers to bypass an intended authentication requirement and execute unspecified administrative functions via a crafted HTTP request, aka Bug ID CSCux24941. | 2015-12-13 | 7.5 | CVE-2015-6401 CISCO |
cisco — spa300_firmware | The TFTP implementation on Cisco Small Business SPA30x, SPA50x, SPA51x phones 7.5.7 improperly validates firmware-image file integrity, which allows local users to load a Trojan horse image by leveraging shell access, aka Bug ID CSCut67400. | 2015-12-15 | 7.2 | CVE-2015-6403 CISCO |
cisco — unified_computing_system | Cisco Unified Computing System (UCS) 2.2(3f)A on Fabric Interconnect 6200 devices allows remote attackers to cause a denial of service (CPU consumption or device outage) via a SYN flood on the SSH port during the booting process, aka Bug ID CSCuu81757. | 2015-12-12 | 7.1 | CVE-2015-6415 CISCO |
cisco — application_policy_infrastructure_controller | The boot manager in Cisco Application Policy Infrastructure Controller (APIC) 1.1(0.920a) allows local users to bypass intended access restrictions and obtain single-user-mode root access via unspecified vectors, aka Bug ID CSCuu83985. | 2015-12-18 | 7.2 | CVE-2015-6424 CISCO |
cisco — prime_network_services_controller | Cisco Prime Network Services Controller 3.0 allows local users to bypass intended access restrictions and execute arbitrary commands via additional parameters to an unspecified command, aka Bug ID CSCus99427. | 2015-12-18 | 7.2 | CVE-2015-6426 CISCO |
cool_video_gallery_project — cool_video_gallery | lib/core.php in the Cool Video Gallery plugin 1.9 for WordPress allows remote attackers to execute arbitrary code via shell metacharacters in the “Width of preview image” and possibly other input fields in the “Video Gallery Settings” page. | 2015-12-17 | 7.5 | CVE-2015-7527 MISC MISC MISC BUGTRAQ MLIST MISC |
gnu — glibc | The get_contents function in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) before 2.20 might allow local users to cause a denial of service (heap corruption) or gain privileges via a long line in the NSS files database. | 2015-12-17 | 7.2 | CVE-2015-5277 MLIST CONFIRM CONFIRM SECTRACK REDHAT |
google — chrome | The ObjectBackedNativeHandler class in extensions/renderer/object_backed_native_handler.cc in the extensions subsystem in Google Chrome before 47.0.2526.80 improperly implements handler functions, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage “type confusion.” | 2015-12-14 | 10.0 | CVE-2015-6788 CONFIRM CONFIRM CONFIRM |
google — chrome | Race condition in the MutationObserver implementation in Blink, as used in Google Chrome before 47.0.2526.80, allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact by leveraging unanticipated object deletion. | 2015-12-14 | 9.3 | CVE-2015-6789 CONFIRM CONFIRM CONFIRM |
google — chrome | Multiple unspecified vulnerabilities in Google Chrome before 47.0.2526.80 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | 2015-12-14 | 10.0 | CVE-2015-6791 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
google — chrome | Multiple unspecified vulnerabilities in Google V8 before 4.7.80.23, as used in Google Chrome before 47.0.2526.80, allow attackers to cause a denial of service or possibly have other impact via unknown vectors, a different issue than CVE-2015-8478. | 2015-12-14 | 10.0 | CVE-2015-8548 CONFIRM |
isc — bind | Race condition in resolver.c in named in ISC BIND 9.9.8 before 9.9.8-P2 and 9.10.3 before 9.10.3-P2 allows remote attackers to cause a denial of service (INSIST assertion failure and daemon exit) via unspecified vectors. | 2015-12-16 | 7.1 | CVE-2015-8461 CONFIRM |
joomla — joomla! | Joomla! 1.5.x, 2.x, and 3.x before 3.4.6 allow remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the HTTP User-Agent header, as exploited in the wild in December 2015. | 2015-12-16 | 7.5 | CVE-2015-8562 CONFIRM MISC BID |
joomla — joomla! | Directory traversal vulnerability in Joomla! 3.4.x before 3.4.6 allows remote attackers to have unspecified impact via directory traversal sequences in the XML install file in an extension package archive. | 2015-12-16 | 7.5 | CVE-2015-8564 CONFIRM |
joomla — joomla! | Directory traversal vulnerability in Joomla! 3.2.0 through 3.3.x and 3.4.x before 3.4.6 allows remote attackers to have unspecified impact via unknown vectors. | 2015-12-16 | 7.5 | CVE-2015-8565 CONFIRM |
joomla — session | The Session package 1.x before 1.3.1 for Joomla! Framework allows remote attackers to execute arbitrary code via unspecified session values. | 2015-12-16 | 7.5 | CVE-2015-8566 CONFIRM BID |
lepide — active_directory_self_service | The password reset functionality in Lepide Active Directory Self Service allows remote authenticated users to change arbitrary domain user passwords via a crafted request. | 2015-12-15 | 7.4 | CVE-2015-8570 MISC |
linuxfoundation — cups-filters | Incomplete blacklist vulnerability in util.c in foomatic-rip in cups-filters 1.0.42 before 1.2.0 and in foomatic-filters in Foomatic 4.0.x allows remote attackers to execute arbitrary commands via ` (backtick) characters in a print job. | 2015-12-17 | 7.5 | CVE-2015-8327 MLIST MLIST CONFIRM UBUNTU UBUNTU DEBIAN CONFIRM CONFIRM |
mozilla — firefox | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | 2015-12-16 | 10.0 | CVE-2015-7201 CONFIRM CONFIRM CONFIRM CONFIRM |
mozilla — firefox | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 43.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | 2015-12-16 | 10.0 | CVE-2015-7202 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
mozilla — firefox | Buffer overflow in the DirectWriteFontInfo::LoadFontFamilyData function in gfx/thebes/gfxDWriteFontList.cpp in Mozilla Firefox before 43.0 might allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted font-family name. | 2015-12-16 | 10.0 | CVE-2015-7203 CONFIRM CONFIRM CONFIRM |
mozilla — firefox | Integer underflow in the RTPReceiverVideo::ParseRtpPacket function in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 might allow remote attackers to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a crafted WebRTC RTP packet. | 2015-12-16 | 10.0 | CVE-2015-7205 CONFIRM CONFIRM |
mozilla — firefox | Use-after-free vulnerability in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allows remote attackers to execute arbitrary code by triggering attempted use of a data channel that has been closed by a WebRTC function. | 2015-12-16 | 7.5 | CVE-2015-7210 CONFIRM CONFIRM |
mozilla — firefox | Integer overflow in the mozilla::layers::BufferTextureClient::AllocateForSurface function in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allows remote attackers to execute arbitrary code by triggering a graphics operation that requires a large texture allocation. | 2015-12-16 | 7.5 | CVE-2015-7212 CONFIRM CONFIRM |
mozilla — firefox | Buffer overflow in the XDRBuffer::grow function in js/src/vm/Xdr.cpp in Mozilla Firefox before 43.0 might allow remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code. | 2015-12-16 | 10.0 | CVE-2015-7220 CONFIRM CONFIRM CONFIRM |
mozilla — firefox | Buffer overflow in the nsDeque::GrowCapacity function in xpcom/glue/nsDeque.cpp in Mozilla Firefox before 43.0 might allow remote attackers to cause a denial of service or possibly have unspecified other impact by triggering a deque size change. | 2015-12-16 | 10.0 | CVE-2015-7221 CONFIRM CONFIRM CONFIRM |
sap — mobile_platform | The SysAdminWebTool servlets in SAP Mobile Platform allow remote attackers to bypass authentication and obtain sensitive information, gain privileges, or have unspecified other impact via unknown vectors, aka SAP Security Note 2227855. | 2015-12-17 | 7.5 | CVE-2015-8600 MISC MISC |
xen — xen | Xen 4.6.x and earlier does not properly enforce limits on page order inputs for the (1) XENMEM_increase_reservation, (2) XENMEM_populate_physmap, (3) XENMEM_exchange, and possibly other HYPERVISOR_memory_op suboperations, which allows ARM guest OS administrators to cause a denial of service (CPU consumption, guest reboot, or watchdog timeout and host reboot) and possibly have unspecified other impact via unknown vectors. | 2015-12-17 | 7.2 | CVE-2015-8338 CONFIRM |
xen — xen | The libxl toolstack library in Xen 4.1.x through 4.6.x does not properly release mappings of files used as kernels and initial ramdisks when managing multiple domains in the same process, which allows attackers to cause a denial of service (memory and disk consumption) by starting domains. | 2015-12-17 | 7.8 | CVE-2015-8341 CONFIRM |
xmlsoft — libxml2 | The xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.3 does not properly prevent entity expansion, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data, a different vulnerability than CVE-2014-3660. | 2015-12-15 | 7.1 | CVE-2015-5312 CONFIRM CONFIRM CONFIRM UBUNTU REDHAT REDHAT |
Medium Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
apache — cordova_file_transfer | CRLF injection vulnerability in the Apache Cordova File Transfer Plugin (cordova-plugin-file-transfer) for Android before 1.3.0 allows remote attackers to inject arbitrary headers via CRLF sequences in the filename of an uploaded file. | 2015-12-17 | 4.3 | CVE-2015-5204 CONFIRM BID |
autodesk — design_review | Integer overflow in Autodesk Design Review (ADR) before 2013 Hotfix 2 allows remote attackers to execute arbitrary code via a crafted biClrUsed value in a BMP file, which triggers a buffer overflow. | 2015-12-15 | 6.8 | CVE-2015-8571 CONFIRM MISC |
autodesk — design_review | Multiple buffer overflows in Autodesk Design Review (ADR) before 2013 Hotfix 2 allow remote attackers to execute arbitrary code via crafted RLE data in a (1) BMP or (2) FLI file, (3) encoded scan lines in a PCX file, or (4) DataSubBlock or (5) GlobalColorTable in a GIF file. | 2015-12-15 | 6.8 | CVE-2015-8572 CONFIRM MISC MISC MISC MISC MISC |
avg — internet_security | AVG Internet Security 2015 allocates memory with Read, Write, Execute (RWX) permissions at predictable addresses when protecting user-mode processes, which allows attackers to bypass the DEP and ASLR protection mechanisms via unspecified vectors. | 2015-12-16 | 6.4 | CVE-2015-8578 MISC MISC MISC |
bitrix — xscan | Directory traversal vulnerability in the bitrix.xscan module before 1.0.4 for Bitrix allows remote authenticated users to rename arbitrary files, and consequently obtain sensitive information or cause a denial of service, via a .. (dot dot) in the file parameter to admin/bitrix.xscan_worker.php. | 2015-12-16 | 6.5 | CVE-2015-8357 MISC CONFIRM BUGTRAQ MISC |
cacti — cacti | SQL injection vulnerability in the host_new_graphs_save function in graphs_new.php in Cacti 0.8.8f and earlier allows remote authenticated users to execute arbitrary SQL commands via crafted serialized data in the selected_graphs_array parameter in a save action. | 2015-12-15 | 6.5 | CVE-2015-8377 FULLDISC |
chat_room_project — chat_room | The Chat Room module 7.x-2.x before 7.x-2.2 for Drupal does not properly check permissions when setting up a websocket for chat messages, which allows remote attackers to bypass intended access restrictions and read messages from arbitrary Chat Rooms via unspecified vectors. | 2015-12-17 | 5.0 | CVE-2015-8601 MISC CONFIRM |
cisco — unified_communications_manager | Cisco Unified Communications Manager (UCM) 8.0 through 8.6 allows remote attackers to bypass an XSS protection mechanism via a crafted parameter, aka Bug ID CSCuu15266. | 2015-12-15 | 4.3 | CVE-2015-4206 CISCO |
cisco — ios | The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Cisco IOS 15.3(3)S0.1 on ASR devices mishandles internal tables, which allows remote attackers to cause a denial of service (memory consumption or device crash) via a flood of crafted ND messages, aka Bug ID CSCup28217. | 2015-12-15 | 6.1 | CVE-2015-6359 CISCO |
cisco — dpc3939_wireless_residential_voice_gateway_firmware | The administrative web interface on Cisco DPC3939 (XB3) devices with firmware 121109aCMCST allows remote authenticated users to execute arbitrary commands via unspecified fields, aka Bug ID CSCuw86170. | 2015-12-12 | 6.5 | CVE-2015-6361 CISCO |
cisco — dpq3925_8x4_docsis_3.0_wireless_residential_ gateway_with_embedded_digital_voice_adapter |
Cross-site request forgery (CSRF) vulnerability on Cisco DPQ3925 devices with EDVA 5.5.2 allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuv05943. | 2015-12-13 | 6.8 | CVE-2015-6378 CISCO |
cisco — prime_service_catalog | Cisco Prime Service Catalog 10.0, 10.0(R2), 10.1, and 11.0 does not properly restrict access to web pages, which allows remote attackers to modify the configuration via a direct request, aka Bug ID CSCuw48188. | 2015-12-12 | 6.5 | CVE-2015-6395 CISCO |
cisco — integrated_management_controller_supervisor | The Supervisor 1.0.0.0 and 1.0.0.1 in Cisco Integrated Management Controller (IMC) before 2.0(9) allows remote authenticated users to cause a denial of service (IP interface outage) via crafted parameters in an HTTP request, aka Bug ID CSCuv38286. | 2015-12-15 | 6.8 | CVE-2015-6399 CISCO |
cisco — emergency_responder | Multiple cross-site scripting (XSS) vulnerabilities in Cisco Emergency Responder 10.5(1a) allow remote attackers to inject arbitrary web script or HTML via unspecified fields, aka Bug ID CSCuv25547. | 2015-12-12 | 4.3 | CVE-2015-6400 CISCO |
cisco — epc3928_docsis_3.0_8x4_wireless_residential_ gateway_with_embedded_digital_voice_adapter |
Cross-site scripting (XSS) vulnerability in the management interface on Cisco EPC3928 devices with EDVA 5.5.10, 5.5.11, and 5.7.1 allows remote attackers to inject arbitrary web script or HTML via an unspecified value, aka Bug ID CSCux24935. | 2015-12-13 | 4.3 | CVE-2015-6402 CISCO |
cisco — hosted_collaboration_solution | Cisco Hosted Collaboration Mediation Fulfillment 10.6(3) does not use RBAC, which allows remote authenticated users to obtain sensitive credential information by leveraging admin access and making SOAP API requests, aka Bug ID CSCuw84374. | 2015-12-15 | 4.0 | CVE-2015-6404 CISCO |
cisco — emergency_responder | Cross-site request forgery (CSRF) vulnerability in Cisco Emergency Responder 10.5(1) and 10.5(1a) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuv26501. | 2015-12-12 | 6.8 | CVE-2015-6405 CISCO |
cisco — emergency_responder | Directory traversal vulnerability in the Tools menu in Cisco Emergency Responder 10.5(1.10000.5) allows remote authenticated users to write to arbitrary files via a crafted filename, aka Bug ID CSCuv21781. | 2015-12-12 | 4.0 | CVE-2015-6406 CISCO |
cisco — emergency_responder | Cisco Emergency Responder 10.5(3.10000.9) allows remote attackers to upload files to arbitrary locations via a crafted parameter, aka Bug ID CSCuv25501. | 2015-12-12 | 4.0 | CVE-2015-6407 CISCO |
cisco — unity_connection | Cross-site request forgery (CSRF) vulnerability in Cisco Unity Connection 11.5(0.98) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCux24578. | 2015-12-12 | 6.8 | CVE-2015-6408 CISCO |
cisco — telepresence_video_communication_server_software | The Mobile and Remote Access (MRA) services implementation in Cisco Unified Communications Manager mishandles edge-device identity validation, which allows remote attackers to bypass intended call-reception and call-setup restrictions by spoofing a user, aka Bug ID CSCuu97283. | 2015-12-13 | 4.0 | CVE-2015-6410 CISCO |
cisco — firepower_management_center | Cisco FirePOWER Management Center 5.4.1.3, 6.0.0, and 6.0.1 provides verbose responses to requests for help files, which allows remote attackers to obtain potentially sensitive version information by reading an unspecified field, aka Bug ID CSCux37061. | 2015-12-15 | 5.0 | CVE-2015-6411 CISCO |
cisco — telepresence_video_communication_server_software | Cisco TelePresence Video Communication Server (VCS) Expressway X8.6 allows remote authenticated users to bypass intended read-only restrictions and upload Tandberg Linux Package (TLP) files by visiting an administrative page, aka Bug ID CSCuw55651. | 2015-12-12 | 4.0 | CVE-2015-6413 CISCO |
cisco — unified_web_and_e-mail_interaction_manager | Cross-site scripting (XSS) vulnerability in Cisco Unified Email Interaction Manager and Unified Web Interaction Manager 11.0(1) allows remote attackers to inject arbitrary web script or HTML a crafted URL, aka Bug ID CSCuw24479. | 2015-12-13 | 4.3 | CVE-2015-6416 CISCO |
cisco — videoscape_distribution_suite_service_manager | Cisco Videoscape Distribution Suite Service Manager (VDS-SM) 3.4.0 and earlier does not always use RBAC for backend database access, which allows remote authenticated users to read or write to database entries via (1) the GUI or (2) a crafted HTTP request, aka Bug ID CSCuv87025. | 2015-12-12 | 6.5 | CVE-2015-6417 CISCO |
cisco — rv016_multi-wan_vpn_firmware | The random-number generator on Cisco Small Business RV routers 4.x and SA500 security appliances 2.2.07 does not have sufficient entropy, which makes it easier for remote attackers to determine a TLS key pair via unspecified computations upon handshake key-exchange data, aka Bug ID CSCus15224. | 2015-12-12 | 4.3 | CVE-2015-6418 CISCO |
cisco — firesight_system_software | Cisco FireSIGHT Management Center with software 4.10.3, 5.2.0, 5.3.0, 5.3.1, and 5.4.0 allows remote authenticated users to read arbitrary files via a crafted GET request, aka Bug ID CSCur25410. | 2015-12-12 | 6.8 | CVE-2015-6419 CISCO |
cisco — unified_communications_domain_manager | The self-service application in Cisco Unified Communications Domain Manager (CUCDM) 10.6(1) allows remote authenticated users to cause a denial of service (subapplication outage) via malformed requests, aka Bug ID CSCuu10981. | 2015-12-13 | 4.0 | CVE-2015-6422 CISCO |
cisco — unified_communications_manager | The WebApplications Identity Management subsystem in Cisco Unified Communications Manager 10.5(0.98000.88) allows remote attackers to cause a denial of service (subsystem outage) via invalid session tokens, aka Bug ID CSCul83786. | 2015-12-16 | 5.0 | CVE-2015-6425 CISCO |
cisco — firesight_system_software | Cisco FireSIGHT Management Center allows remote attackers to bypass the HTTP attack detection feature and avoid triggering Snort IDS rules via an SSL session that is mishandled after decryption, aka Bug ID CSCux53437. | 2015-12-18 | 5.0 | CVE-2015-6427 CISCO |
cisco — dpq3925_8x4_docsis_3.0_wireless_residential_ gateway_with_embedded_digital_voice_adapter |
Cisco DPQ3925 devices with EDVA r1 Base allow remote attackers to obtain sensitive information via a crafted HTTP request, aka Bug ID CSCuv03958. | 2015-12-18 | 5.0 | CVE-2015-6428 CISCO |
foxitsoftware — phantompdf | Multiple use-after-free vulnerabilities in the (1) Print method and (2) App object handling in Foxit Reader before 7.2.2 and Foxit PhantomPDF before 7.2.2 allow remote attackers to execute arbitrary code via a crafted PDF document. | 2015-12-16 | 6.8 | CVE-2015-8580 CONFIRM MISC MISC |
gnu — grub2 | Multiple integer underflows in Grub2 1.98 through 2.02 allow physically proximate attackers to bypass authentication, obtain sensitive information, or cause a denial of service (disk corruption) via backspace characters in the (1) grub_username_get function in grub-core/normal/auth.c or the (2) grub_password_get function in lib/crypto.c, which trigger an “Off-by-two” or “Out of bounds overwrite” memory error. | 2015-12-16 | 6.9 | CVE-2015-8370 BUGTRAQ MLIST FEDORA MISC |
google — chrome | The WebPageSerializerImpl::openTagToString function in WebKit/Source/web/WebPageSerializerImpl.cpp in the page serializer in Google Chrome before 47.0.2526.80 does not properly use HTML entities, which might allow remote attackers to inject arbitrary web script or HTML via a crafted document, as demonstrated by a double-quote character inside a single-quoted string. | 2015-12-14 | 4.3 | CVE-2015-6790 CONFIRM CONFIRM CONFIRM |
ibm — websphere_application_server | The Edge Component Caching Proxy in IBM WebSphere Application Server (WAS) 8.0 before 8.0.0.12 and 8.5 before 8.5.5.8 does not properly encrypt data, which allows remote authenticated users to obtain sensitive information via unspecified vectors. | 2015-12-15 | 4.0 | CVE-2015-5004 CONFIRM AIXAPAR |
isc — bind | db.c in named in ISC BIND 9.x before 9.9.8-P2 and 9.10.x before 9.10.3-P2 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via a malformed class attribute. | 2015-12-16 | 5.0 | CVE-2015-8000 CONFIRM |
joomla — joomla! | Cross-site request forgery (CSRF) vulnerability in the com_templates component in Joomla! 3.2.0 through 3.3.x and 3.4.x before 3.4.6 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | 2015-12-16 | 6.8 | CVE-2015-8563 CONFIRM BID |
kaspersky — total_security_2015 | Kaspersky Total Security 2015 15.0.2.361 allocates memory with Read, Write, Execute (RWX) permissions at predictable addresses when protecting user-mode processes, which allows attackers to bypass the DEP and ASLR protection mechanisms via unspecified vectors. | 2015-12-16 | 6.4 | CVE-2015-8579 MISC MISC |
mozilla — firefox | Mozilla Firefox before 43.0 does not properly store the properties of unboxed objects, which allows remote attackers to execute arbitrary code via crafted JavaScript variable assignments. | 2015-12-16 | 6.8 | CVE-2015-7204 CONFIRM CONFIRM |
mozilla — firefox | Mozilla Firefox before 43.0 does not properly restrict the availability of IFRAME Resource Timing API times, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via crafted JavaScript code that leverages history.back and performance.getEntries calls, a related issue to CVE-2015-1300. | 2015-12-16 | 5.0 | CVE-2015-7207 MISC CONFIRM CONFIRM |
mozilla — firefox | Mozilla Firefox before 43.0 stores cookies containing vertical tab characters, which allows remote attackers to obtain sensitive information by reading HTTP Cookie headers. | 2015-12-16 | 5.0 | CVE-2015-7208 CONFIRM CONFIRM |
mozilla — firefox | Mozilla Firefox before 43.0 mishandles the # (number sign) character in a data: URI, which allows remote attackers to spoof web sites via unspecified vectors. | 2015-12-16 | 5.0 | CVE-2015-7211 CONFIRM CONFIRM |
mozilla — firefox | Integer overflow in the MPEG4Extractor::readMetaData function in MPEG4Extractor.cpp in libstagefright in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 on 64-bit platforms allows remote attackers to execute arbitrary code via a crafted MP4 video file that triggers a buffer overflow. | 2015-12-16 | 6.8 | CVE-2015-7213 CONFIRM CONFIRM |
mozilla — firefox | Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allow remote attackers to bypass the Same Origin Policy via data: and view-source: URIs. | 2015-12-16 | 5.0 | CVE-2015-7214 CONFIRM CONFIRM |
mozilla — firefox | The importScripts function in the Web Workers API implementation in Mozilla Firefox before 43.0 allows remote attackers to bypass the Same Origin Policy by triggering use of the no-cors mode in the fetch API to attempt resource access that throws an exception, leading to information disclosure after a rethrow. | 2015-12-16 | 5.0 | CVE-2015-7215 MISC MISC MISC CONFIRM CONFIRM |
mozilla — firefox | The gdk-pixbuf configuration in Mozilla Firefox before 43.0 on Linux GNOME platforms incorrectly enables the JasPer decoder, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted JPEG 2000 image. | 2015-12-16 | 6.8 | CVE-2015-7216 CONFIRM CONFIRM |
mozilla — firefox | The gdk-pixbuf configuration in Mozilla Firefox before 43.0 on Linux GNOME platforms incorrectly enables the TGA decoder, which allows remote attackers to cause a denial of service (heap-based buffer overflow) via a crafted Truevision TGA image. | 2015-12-16 | 4.3 | CVE-2015-7217 CONFIRM CONFIRM |
mozilla — firefox | The HTTP/2 implementation in Mozilla Firefox before 43.0 allows remote attackers to cause a denial of service (integer underflow, assertion failure, and application exit) via a single-byte header frame that triggers incorrect memory allocation. | 2015-12-16 | 5.0 | CVE-2015-7218 CONFIRM CONFIRM |
mozilla — firefox | The HTTP/2 implementation in Mozilla Firefox before 43.0 allows remote attackers to cause a denial of service (integer underflow, assertion failure, and application exit) via a malformed PushPromise frame that triggers decompressed-buffer length miscalculation and incorrect memory allocation. | 2015-12-16 | 5.0 | CVE-2015-7219 CONFIRM CONFIRM |
mozilla — firefox | Integer underflow in the Metadata::setData function in MetaData.cpp in libstagefright in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allows remote attackers to execute arbitrary code or cause a denial of service (incorrect memory allocation and application crash) via an MP4 video file with crafted covr metadata that triggers a buffer overflow. | 2015-12-16 | 6.8 | CVE-2015-7222 CONFIRM CONFIRM |
mozilla — firefox | The WebExtension APIs in Mozilla Firefox before 43.0 allow remote attackers to gain privileges, and possibly obtain sensitive information or conduct cross-site scripting (XSS) attacks, via a crafted web site. | 2015-12-16 | 4.0 | CVE-2015-7223 CONFIRM CONFIRM |
ntop — ntopng | ntopng (aka ntop) before 2.2 allows remote authenticated users to change the login context and gain privileges via the user cookie and username parameter to admin/password_reset.lua. | 2015-12-17 | 6.0 | CVE-2015-8368 EXPLOIT-DB FULLDISC MISC |
php — php | The phar_get_entry_data function in ext/phar/util.c in PHP before 5.5.30 and 5.6.x before 5.6.14 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a .phar file with a crafted TAR archive entry in which the Link indicator references a file that does not exist. | 2015-12-11 | 6.8 | CVE-2015-7803 CONFIRM CONFIRM CONFIRM MLIST APPLE CONFIRM |
php — php | Off-by-one error in the phar_parse_zipfile function in ext/phar/zip.c in PHP before 5.5.30 and 5.6.x before 5.6.14 allows remote attackers to cause a denial of service (uninitialized pointer dereference and application crash) by including the / filename in a .zip PHAR archive. | 2015-12-11 | 6.8 | CVE-2015-7804 CONFIRM CONFIRM CONFIRM MLIST APPLE CONFIRM |
phpmailer_project — phpmailer | Multiple CRLF injection vulnerabilities in PHPMailer before 5.2.14 allow attackers to inject arbitrary SMTP commands via CRLF sequences in an (1) email address to the validateAddress function in class.phpmailer.php or (2) SMTP command to the sendCommand function in class.smtp.php, a different vulnerability than CVE-2012-0796. | 2015-12-16 | 5.0 | CVE-2015-8476 CONFIRM CONFIRM BID MLIST MLIST DEBIAN |
schneider-electric — proclima | Multiple buffer overflows in the F1BookView ActiveX control in F1 Bookview in Schneider Electric ProClima before 6.2 allow remote attackers to execute arbitrary code via the (1) Attach, (2) DefinedName, (3) DefinedNameLocal, (4) ODBCPrepareEx, (5) ObjCreatePolygon, (6) SetTabbedTextEx, or (7) SetValidationRule method, a different vulnerability than CVE-2015-8561. | 2015-12-15 | 6.8 | CVE-2015-7918 MISC MISC MISC MISC MISC MISC MISC MISC CONFIRM |
schneider-electric — proclima | The F1BookView ActiveX control in F1 Bookview in Schneider Electric ProClima before 6.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted integer value to the (1) AttachToSS, (2) CopyAll, (3) CopyRange, (4) CopyRangeEx, or (5) SwapTable method, a different vulnerability than CVE-2015-7918. | 2015-12-15 | 6.8 | CVE-2015-8561 MISC MISC MISC MISC MISC CONFIRM |
synnefoims — internet_management_software | Cross-site scripting (XSS) vulnerability in synnefoclient in Synnefo Internet Management Software (IMS) 2015 allows remote attackers to inject arbitrary web script or HTML via the plan_name parameter to packagehistory/listusagesdata. | 2015-12-15 | 4.3 | CVE-2015-8247 BUGTRAQ FULLDISC |
theforeman — foreman | Multiple cross-site scripting (XSS) vulnerabilities in information popups in Foreman before 1.10.0 allow remote attackers to inject arbitrary web script or HTML via (1) global parameters, (2) smart class parameters, or (3) smart variables in the (a) host or (b) hostgroup edit forms. | 2015-12-17 | 4.3 | CVE-2015-7518 MLIST CONFIRM CONFIRM |
xen — xen | The memory_exchange function in common/memory.c in Xen 3.2.x through 4.6.x does not properly hand back pages to a domain, which might allow guest OS administrators to cause a denial of service (host crash) via unspecified vectors related to domain teardown. | 2015-12-17 | 4.7 | CVE-2015-8339 CONFIRM CONFIRM |
xen — xen | The memory_exchange function in common/memory.c in Xen 3.2.x through 4.6.x does not properly release locks, which might allow guest OS administrators to cause a denial of service (deadlock or host crash) via unspecified vectors, related to XENMEM_exchange error handling. | 2015-12-17 | 4.7 | CVE-2015-8340 CONFIRM CONFIRM |
xmlsoft — libxml2 | Heap-based buffer overflow in the xmlDictComputeFastQKey function in dict.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors. | 2015-12-15 | 5.0 | CVE-2015-7497 CONFIRM CONFIRM CONFIRM UBUNTU REDHAT REDHAT |
xmlsoft — libxml2 | Heap-based buffer overflow in the xmlParseXmlDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors related to extracting errors after an encoding conversion failure. | 2015-12-15 | 5.0 | CVE-2015-7498 CONFIRM CONFIRM CONFIRM UBUNTU REDHAT REDHAT |
xmlsoft — libxml2 | Heap-based buffer overflow in the xmlGROW function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive process memory information via unspecified vectors. | 2015-12-15 | 5.0 | CVE-2015-7499 CONFIRM CONFIRM CONFIRM CONFIRM UBUNTU REDHAT REDHAT |
xmlsoft — libxml2 | The xmlParseMisc function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (out-of-bounds heap read) via unspecified vectors related to incorrect entities boundaries and start tags. | 2015-12-15 | 5.0 | CVE-2015-7500 CONFIRM CONFIRM CONFIRM UBUNTU REDHAT REDHAT |
xmlsoft — libxml2 | The xmlNextChar function in libxml2 2.9.2 does not properly check the state, which allows context-dependent attackers to cause a denial of service (heap-based buffer over-read and application crash) or obtain sensitive information via crafted XML data. | 2015-12-15 | 6.4 | CVE-2015-8241 CONFIRM CONFIRM CONFIRM UBUNTU MLIST MLIST REDHAT REDHAT |
xmlsoft — libxml2 | The xmlSAX2TextNode function in SAX2.c in the push interface in the HTML parser in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (stack-based buffer over-read and application crash) or obtain sensitive information via crafted XML data. | 2015-12-15 | 5.8 | CVE-2015-8242 CONFIRM CONFIRM CONFIRM CONFIRM UBUNTU MLIST MLIST REDHAT REDHAT |
xmlsoft — libxml2 | The xmlParseXMLDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive information via an (1) unterminated encoding value or (2) incomplete XML declaration in XML data, which triggers an out-of-bounds heap read. | 2015-12-15 | 5.0 | CVE-2015-8317 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM MISC UBUNTU MLIST MLIST REDHAT |
Low Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
apple — iphone_os | CFNetwork HTTPProtocol in Apple iOS before 9.2 and OS X before 10.11.2 allows man-in-the-middle attackers to bypass the HSTS protection mechanism via a crafted URL. | 2015-12-11 | 2.6 | CVE-2015-7094 CONFIRM CONFIRM APPLE APPLE |
cisco — telepresence_video_communication_server_software | Cisco TelePresence Video Communication Server (VCS) X8.6 uses the same encryption key across different customers’ installations, which makes it easier for local users to defeat cryptographic protection mechanisms by leveraging knowledge of a key from another installation, aka Bug ID CSCuw64516. | 2015-12-12 | 2.1 | CVE-2015-6414 CISCO |
mcafee — virusscan_enterprise | The Buffer Overflow Protection (BOP) feature in McAfee VirusScan Enterprise before 8.8 Patch 6 allocates memory with Read, Write, Execute (RWX) permissions at predictable addresses on 32-bit platforms when protecting another application, which allows attackers to bypass the DEP and ASLR protection mechanisms via unspecified vectors. | 2015-12-16 | 2.6 | CVE-2015-8577 CONFIRM MISC MISC |
redhat — jboss_enterprise_application_platform | Red Hat JBoss Enterprise Application Platform (EAP) before 6.4.5 does not properly authorize access to shut down the server, which allows remote authenticated users with the Monitor, Deployer, or Auditor role to cause a denial of service via unspecified vectors. | 2015-12-16 | 3.5 | CVE-2015-5304 CONFIRM SECTRACK REDHAT REDHAT REDHAT REDHAT REDHAT |
symantec — endpoint_encryption | EACommunicatorSrv.exe in the Framework Service in the client in Symantec Endpoint Encryption (SEE) before 11.1.0 allows remote authenticated users to discover credentials by triggering a memory dump. | 2015-12-18 | 2.3 | CVE-2015-6556 CONFIRM BID |
token_insert_entity_project — token_insert_entity | The Token Insert Entity module 7.x-1.x before 7.x-1.1 for Drupal does not properly check permissions, which allows remote authenticated users with certain permissions to bypass intended access restrictions and possibly obtain sensitive information by inserting a token, which embeds a rendered entity in the main node. | 2015-12-17 | 3.5 | CVE-2015-8602 MISC CONFIRM |
This product is provided subject to this Notification and this Privacy & Use policy.