SB15-355: Vulnerability Summary for the Week of December 14, 2015

Original release date: December 21, 2015

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0

  • Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9

  • Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
accunetix — web_vulnerability_scanner The AcuWVSSchedulerv10 service in Acunetix Web Vulnerability Scanner (WVS) before 10 build 20151125 allows local users to gain privileges via a command parameter in the reporttemplate property in a params JSON object to api/addScan. 2015-12-17 7.2 CVE-2015-4027
EXPLOIT-DB
CONFIRM
MISC
apache — commons_collections Serialized-object interfaces in certain Cisco Collaboration and Social Media; Endpoint Clients and Client Software; Network Application, Service, and Acceleration; Network and Content Security Devices; Network Management and Provisioning; Routing and Switching – Enterprise and Service Provider; Unified Computing; Voice and Unified Communications Devices; Video, Streaming, TelePresence, and Transcoding Devices; Wireless; and Cisco Hosted Services products allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library. 2015-12-15 7.5 CVE-2015-6420
CISCO
apache — tomee The EjbObjectInputStream class in Apache TomEE allows remote attackers to execute arbitrary commands via a serialized Java stream. 2015-12-16 7.5 CVE-2015-8581
MISC
BID
bitrix — mpbuilder Directory traversal vulnerability in the bitrix.mpbuilder module before 1.0.12 for Bitrix allows remote administrators to include and execute arbitrary local files via a .. (dot dot) in the element name of the “work” array parameter to admin/bitrix.mpbuilder_step2.php. 2015-12-16 9.0 CVE-2015-8358
MISC
CONFIRM
BUGTRAQ
MISC
cacti — cacti SQL injection vulnerability in include/top_graph_header.php in Cacti 0.8.8f and earlier allows remote attackers to execute arbitrary SQL commands via the rra_id parameter in a properties action to graph.php. 2015-12-17 7.5 CVE-2015-8369
FULLDISC
MISC
cisco — prime_collaboration_assurance Cisco Prime Collaboration Assurance before 11.0 has a hardcoded cmuser account, which allows remote attackers to obtain access by establishing an SSH session and leveraging knowledge of this account’s password, aka Bug ID CSCus62707. 2015-12-12 9.0 CVE-2015-6389
CISCO

cisco — epc3928_docsis_3.0_8x4_wireless_residential_

gateway_with_embedded_digital_voice_adapter

Cisco EPC3928 devices with EDVA 5.5.10, 5.5.11, and 5.7.1 allow remote attackers to bypass an intended authentication requirement and execute unspecified administrative functions via a crafted HTTP request, aka Bug ID CSCux24941. 2015-12-13 7.5 CVE-2015-6401
CISCO
cisco — spa300_firmware The TFTP implementation on Cisco Small Business SPA30x, SPA50x, SPA51x phones 7.5.7 improperly validates firmware-image file integrity, which allows local users to load a Trojan horse image by leveraging shell access, aka Bug ID CSCut67400. 2015-12-15 7.2 CVE-2015-6403
CISCO
cisco — unified_computing_system Cisco Unified Computing System (UCS) 2.2(3f)A on Fabric Interconnect 6200 devices allows remote attackers to cause a denial of service (CPU consumption or device outage) via a SYN flood on the SSH port during the booting process, aka Bug ID CSCuu81757. 2015-12-12 7.1 CVE-2015-6415
CISCO
cisco — application_policy_infrastructure_controller The boot manager in Cisco Application Policy Infrastructure Controller (APIC) 1.1(0.920a) allows local users to bypass intended access restrictions and obtain single-user-mode root access via unspecified vectors, aka Bug ID CSCuu83985. 2015-12-18 7.2 CVE-2015-6424
CISCO
cisco — prime_network_services_controller Cisco Prime Network Services Controller 3.0 allows local users to bypass intended access restrictions and execute arbitrary commands via additional parameters to an unspecified command, aka Bug ID CSCus99427. 2015-12-18 7.2 CVE-2015-6426
CISCO
cool_video_gallery_project — cool_video_gallery lib/core.php in the Cool Video Gallery plugin 1.9 for WordPress allows remote attackers to execute arbitrary code via shell metacharacters in the “Width of preview image” and possibly other input fields in the “Video Gallery Settings” page. 2015-12-17 7.5 CVE-2015-7527
MISC
MISC
MISC
BUGTRAQ
MLIST
MISC
gnu — glibc The get_contents function in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) before 2.20 might allow local users to cause a denial of service (heap corruption) or gain privileges via a long line in the NSS files database. 2015-12-17 7.2 CVE-2015-5277
MLIST
CONFIRM
CONFIRM
SECTRACK
REDHAT
google — chrome The ObjectBackedNativeHandler class in extensions/renderer/object_backed_native_handler.cc in the extensions subsystem in Google Chrome before 47.0.2526.80 improperly implements handler functions, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage “type confusion.” 2015-12-14 10.0 CVE-2015-6788
CONFIRM
CONFIRM
CONFIRM
google — chrome Race condition in the MutationObserver implementation in Blink, as used in Google Chrome before 47.0.2526.80, allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact by leveraging unanticipated object deletion. 2015-12-14 9.3 CVE-2015-6789
CONFIRM
CONFIRM
CONFIRM
google — chrome Multiple unspecified vulnerabilities in Google Chrome before 47.0.2526.80 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. 2015-12-14 10.0 CVE-2015-6791
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
google — chrome Multiple unspecified vulnerabilities in Google V8 before 4.7.80.23, as used in Google Chrome before 47.0.2526.80, allow attackers to cause a denial of service or possibly have other impact via unknown vectors, a different issue than CVE-2015-8478. 2015-12-14 10.0 CVE-2015-8548
CONFIRM
isc — bind Race condition in resolver.c in named in ISC BIND 9.9.8 before 9.9.8-P2 and 9.10.3 before 9.10.3-P2 allows remote attackers to cause a denial of service (INSIST assertion failure and daemon exit) via unspecified vectors. 2015-12-16 7.1 CVE-2015-8461
CONFIRM
joomla — joomla! Joomla! 1.5.x, 2.x, and 3.x before 3.4.6 allow remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the HTTP User-Agent header, as exploited in the wild in December 2015. 2015-12-16 7.5 CVE-2015-8562
CONFIRM
MISC
BID
joomla — joomla! Directory traversal vulnerability in Joomla! 3.4.x before 3.4.6 allows remote attackers to have unspecified impact via directory traversal sequences in the XML install file in an extension package archive. 2015-12-16 7.5 CVE-2015-8564
CONFIRM
joomla — joomla! Directory traversal vulnerability in Joomla! 3.2.0 through 3.3.x and 3.4.x before 3.4.6 allows remote attackers to have unspecified impact via unknown vectors. 2015-12-16 7.5 CVE-2015-8565
CONFIRM
joomla — session The Session package 1.x before 1.3.1 for Joomla! Framework allows remote attackers to execute arbitrary code via unspecified session values. 2015-12-16 7.5 CVE-2015-8566
CONFIRM
BID
lepide — active_directory_self_service The password reset functionality in Lepide Active Directory Self Service allows remote authenticated users to change arbitrary domain user passwords via a crafted request. 2015-12-15 7.4 CVE-2015-8570
MISC
linuxfoundation — cups-filters Incomplete blacklist vulnerability in util.c in foomatic-rip in cups-filters 1.0.42 before 1.2.0 and in foomatic-filters in Foomatic 4.0.x allows remote attackers to execute arbitrary commands via ` (backtick) characters in a print job. 2015-12-17 7.5 CVE-2015-8327
MLIST
MLIST
CONFIRM
UBUNTU
UBUNTU
DEBIAN
CONFIRM
CONFIRM
mozilla — firefox Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. 2015-12-16 10.0 CVE-2015-7201
CONFIRM
CONFIRM
CONFIRM
CONFIRM
mozilla — firefox Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 43.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. 2015-12-16 10.0 CVE-2015-7202
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
mozilla — firefox Buffer overflow in the DirectWriteFontInfo::LoadFontFamilyData function in gfx/thebes/gfxDWriteFontList.cpp in Mozilla Firefox before 43.0 might allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted font-family name. 2015-12-16 10.0 CVE-2015-7203
CONFIRM
CONFIRM
CONFIRM
mozilla — firefox Integer underflow in the RTPReceiverVideo::ParseRtpPacket function in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 might allow remote attackers to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a crafted WebRTC RTP packet. 2015-12-16 10.0 CVE-2015-7205
CONFIRM
CONFIRM
mozilla — firefox Use-after-free vulnerability in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allows remote attackers to execute arbitrary code by triggering attempted use of a data channel that has been closed by a WebRTC function. 2015-12-16 7.5 CVE-2015-7210
CONFIRM
CONFIRM
mozilla — firefox Integer overflow in the mozilla::layers::BufferTextureClient::AllocateForSurface function in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allows remote attackers to execute arbitrary code by triggering a graphics operation that requires a large texture allocation. 2015-12-16 7.5 CVE-2015-7212
CONFIRM
CONFIRM
mozilla — firefox Buffer overflow in the XDRBuffer::grow function in js/src/vm/Xdr.cpp in Mozilla Firefox before 43.0 might allow remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code. 2015-12-16 10.0 CVE-2015-7220
CONFIRM
CONFIRM
CONFIRM
mozilla — firefox Buffer overflow in the nsDeque::GrowCapacity function in xpcom/glue/nsDeque.cpp in Mozilla Firefox before 43.0 might allow remote attackers to cause a denial of service or possibly have unspecified other impact by triggering a deque size change. 2015-12-16 10.0 CVE-2015-7221
CONFIRM
CONFIRM
CONFIRM
sap — mobile_platform The SysAdminWebTool servlets in SAP Mobile Platform allow remote attackers to bypass authentication and obtain sensitive information, gain privileges, or have unspecified other impact via unknown vectors, aka SAP Security Note 2227855. 2015-12-17 7.5 CVE-2015-8600
MISC
MISC
xen — xen Xen 4.6.x and earlier does not properly enforce limits on page order inputs for the (1) XENMEM_increase_reservation, (2) XENMEM_populate_physmap, (3) XENMEM_exchange, and possibly other HYPERVISOR_memory_op suboperations, which allows ARM guest OS administrators to cause a denial of service (CPU consumption, guest reboot, or watchdog timeout and host reboot) and possibly have unspecified other impact via unknown vectors. 2015-12-17 7.2 CVE-2015-8338
CONFIRM
xen — xen The libxl toolstack library in Xen 4.1.x through 4.6.x does not properly release mappings of files used as kernels and initial ramdisks when managing multiple domains in the same process, which allows attackers to cause a denial of service (memory and disk consumption) by starting domains. 2015-12-17 7.8 CVE-2015-8341
CONFIRM
xmlsoft — libxml2 The xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.3 does not properly prevent entity expansion, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data, a different vulnerability than CVE-2014-3660. 2015-12-15 7.1 CVE-2015-5312
CONFIRM
CONFIRM
CONFIRM
UBUNTU
REDHAT
REDHAT

Back to top

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
apache — cordova_file_transfer CRLF injection vulnerability in the Apache Cordova File Transfer Plugin (cordova-plugin-file-transfer) for Android before 1.3.0 allows remote attackers to inject arbitrary headers via CRLF sequences in the filename of an uploaded file. 2015-12-17 4.3 CVE-2015-5204
CONFIRM
BID
autodesk — design_review Integer overflow in Autodesk Design Review (ADR) before 2013 Hotfix 2 allows remote attackers to execute arbitrary code via a crafted biClrUsed value in a BMP file, which triggers a buffer overflow. 2015-12-15 6.8 CVE-2015-8571
CONFIRM
MISC
autodesk — design_review Multiple buffer overflows in Autodesk Design Review (ADR) before 2013 Hotfix 2 allow remote attackers to execute arbitrary code via crafted RLE data in a (1) BMP or (2) FLI file, (3) encoded scan lines in a PCX file, or (4) DataSubBlock or (5) GlobalColorTable in a GIF file. 2015-12-15 6.8 CVE-2015-8572
CONFIRM
MISC
MISC
MISC
MISC
MISC
avg — internet_security AVG Internet Security 2015 allocates memory with Read, Write, Execute (RWX) permissions at predictable addresses when protecting user-mode processes, which allows attackers to bypass the DEP and ASLR protection mechanisms via unspecified vectors. 2015-12-16 6.4 CVE-2015-8578
MISC
MISC
MISC
bitrix — xscan Directory traversal vulnerability in the bitrix.xscan module before 1.0.4 for Bitrix allows remote authenticated users to rename arbitrary files, and consequently obtain sensitive information or cause a denial of service, via a .. (dot dot) in the file parameter to admin/bitrix.xscan_worker.php. 2015-12-16 6.5 CVE-2015-8357
MISC
CONFIRM
BUGTRAQ
MISC
cacti — cacti SQL injection vulnerability in the host_new_graphs_save function in graphs_new.php in Cacti 0.8.8f and earlier allows remote authenticated users to execute arbitrary SQL commands via crafted serialized data in the selected_graphs_array parameter in a save action. 2015-12-15 6.5 CVE-2015-8377
FULLDISC
chat_room_project — chat_room The Chat Room module 7.x-2.x before 7.x-2.2 for Drupal does not properly check permissions when setting up a websocket for chat messages, which allows remote attackers to bypass intended access restrictions and read messages from arbitrary Chat Rooms via unspecified vectors. 2015-12-17 5.0 CVE-2015-8601
MISC
CONFIRM
cisco — unified_communications_manager Cisco Unified Communications Manager (UCM) 8.0 through 8.6 allows remote attackers to bypass an XSS protection mechanism via a crafted parameter, aka Bug ID CSCuu15266. 2015-12-15 4.3 CVE-2015-4206
CISCO
cisco — ios The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Cisco IOS 15.3(3)S0.1 on ASR devices mishandles internal tables, which allows remote attackers to cause a denial of service (memory consumption or device crash) via a flood of crafted ND messages, aka Bug ID CSCup28217. 2015-12-15 6.1 CVE-2015-6359
CISCO
cisco — dpc3939_wireless_residential_voice_gateway_firmware The administrative web interface on Cisco DPC3939 (XB3) devices with firmware 121109aCMCST allows remote authenticated users to execute arbitrary commands via unspecified fields, aka Bug ID CSCuw86170. 2015-12-12 6.5 CVE-2015-6361
CISCO

cisco — dpq3925_8x4_docsis_3.0_wireless_residential_

gateway_with_embedded_digital_voice_adapter

Cross-site request forgery (CSRF) vulnerability on Cisco DPQ3925 devices with EDVA 5.5.2 allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuv05943. 2015-12-13 6.8 CVE-2015-6378
CISCO
cisco — prime_service_catalog Cisco Prime Service Catalog 10.0, 10.0(R2), 10.1, and 11.0 does not properly restrict access to web pages, which allows remote attackers to modify the configuration via a direct request, aka Bug ID CSCuw48188. 2015-12-12 6.5 CVE-2015-6395
CISCO
cisco — integrated_management_controller_supervisor The Supervisor 1.0.0.0 and 1.0.0.1 in Cisco Integrated Management Controller (IMC) before 2.0(9) allows remote authenticated users to cause a denial of service (IP interface outage) via crafted parameters in an HTTP request, aka Bug ID CSCuv38286. 2015-12-15 6.8 CVE-2015-6399
CISCO
cisco — emergency_responder Multiple cross-site scripting (XSS) vulnerabilities in Cisco Emergency Responder 10.5(1a) allow remote attackers to inject arbitrary web script or HTML via unspecified fields, aka Bug ID CSCuv25547. 2015-12-12 4.3 CVE-2015-6400
CISCO

cisco — epc3928_docsis_3.0_8x4_wireless_residential_

gateway_with_embedded_digital_voice_adapter

Cross-site scripting (XSS) vulnerability in the management interface on Cisco EPC3928 devices with EDVA 5.5.10, 5.5.11, and 5.7.1 allows remote attackers to inject arbitrary web script or HTML via an unspecified value, aka Bug ID CSCux24935. 2015-12-13 4.3 CVE-2015-6402
CISCO
cisco — hosted_collaboration_solution Cisco Hosted Collaboration Mediation Fulfillment 10.6(3) does not use RBAC, which allows remote authenticated users to obtain sensitive credential information by leveraging admin access and making SOAP API requests, aka Bug ID CSCuw84374. 2015-12-15 4.0 CVE-2015-6404
CISCO
cisco — emergency_responder Cross-site request forgery (CSRF) vulnerability in Cisco Emergency Responder 10.5(1) and 10.5(1a) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuv26501. 2015-12-12 6.8 CVE-2015-6405
CISCO
cisco — emergency_responder Directory traversal vulnerability in the Tools menu in Cisco Emergency Responder 10.5(1.10000.5) allows remote authenticated users to write to arbitrary files via a crafted filename, aka Bug ID CSCuv21781. 2015-12-12 4.0 CVE-2015-6406
CISCO
cisco — emergency_responder Cisco Emergency Responder 10.5(3.10000.9) allows remote attackers to upload files to arbitrary locations via a crafted parameter, aka Bug ID CSCuv25501. 2015-12-12 4.0 CVE-2015-6407
CISCO
cisco — unity_connection Cross-site request forgery (CSRF) vulnerability in Cisco Unity Connection 11.5(0.98) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCux24578. 2015-12-12 6.8 CVE-2015-6408
CISCO
cisco — telepresence_video_communication_server_software The Mobile and Remote Access (MRA) services implementation in Cisco Unified Communications Manager mishandles edge-device identity validation, which allows remote attackers to bypass intended call-reception and call-setup restrictions by spoofing a user, aka Bug ID CSCuu97283. 2015-12-13 4.0 CVE-2015-6410
CISCO
cisco — firepower_management_center Cisco FirePOWER Management Center 5.4.1.3, 6.0.0, and 6.0.1 provides verbose responses to requests for help files, which allows remote attackers to obtain potentially sensitive version information by reading an unspecified field, aka Bug ID CSCux37061. 2015-12-15 5.0 CVE-2015-6411
CISCO
cisco — telepresence_video_communication_server_software Cisco TelePresence Video Communication Server (VCS) Expressway X8.6 allows remote authenticated users to bypass intended read-only restrictions and upload Tandberg Linux Package (TLP) files by visiting an administrative page, aka Bug ID CSCuw55651. 2015-12-12 4.0 CVE-2015-6413
CISCO
cisco — unified_web_and_e-mail_interaction_manager Cross-site scripting (XSS) vulnerability in Cisco Unified Email Interaction Manager and Unified Web Interaction Manager 11.0(1) allows remote attackers to inject arbitrary web script or HTML a crafted URL, aka Bug ID CSCuw24479. 2015-12-13 4.3 CVE-2015-6416
CISCO
cisco — videoscape_distribution_suite_service_manager Cisco Videoscape Distribution Suite Service Manager (VDS-SM) 3.4.0 and earlier does not always use RBAC for backend database access, which allows remote authenticated users to read or write to database entries via (1) the GUI or (2) a crafted HTTP request, aka Bug ID CSCuv87025. 2015-12-12 6.5 CVE-2015-6417
CISCO
cisco — rv016_multi-wan_vpn_firmware The random-number generator on Cisco Small Business RV routers 4.x and SA500 security appliances 2.2.07 does not have sufficient entropy, which makes it easier for remote attackers to determine a TLS key pair via unspecified computations upon handshake key-exchange data, aka Bug ID CSCus15224. 2015-12-12 4.3 CVE-2015-6418
CISCO
cisco — firesight_system_software Cisco FireSIGHT Management Center with software 4.10.3, 5.2.0, 5.3.0, 5.3.1, and 5.4.0 allows remote authenticated users to read arbitrary files via a crafted GET request, aka Bug ID CSCur25410. 2015-12-12 6.8 CVE-2015-6419
CISCO
cisco — unified_communications_domain_manager The self-service application in Cisco Unified Communications Domain Manager (CUCDM) 10.6(1) allows remote authenticated users to cause a denial of service (subapplication outage) via malformed requests, aka Bug ID CSCuu10981. 2015-12-13 4.0 CVE-2015-6422
CISCO
cisco — unified_communications_manager The WebApplications Identity Management subsystem in Cisco Unified Communications Manager 10.5(0.98000.88) allows remote attackers to cause a denial of service (subsystem outage) via invalid session tokens, aka Bug ID CSCul83786. 2015-12-16 5.0 CVE-2015-6425
CISCO
cisco — firesight_system_software Cisco FireSIGHT Management Center allows remote attackers to bypass the HTTP attack detection feature and avoid triggering Snort IDS rules via an SSL session that is mishandled after decryption, aka Bug ID CSCux53437. 2015-12-18 5.0 CVE-2015-6427
CISCO

cisco — dpq3925_8x4_docsis_3.0_wireless_residential_

gateway_with_embedded_digital_voice_adapter

Cisco DPQ3925 devices with EDVA r1 Base allow remote attackers to obtain sensitive information via a crafted HTTP request, aka Bug ID CSCuv03958. 2015-12-18 5.0 CVE-2015-6428
CISCO
foxitsoftware — phantompdf Multiple use-after-free vulnerabilities in the (1) Print method and (2) App object handling in Foxit Reader before 7.2.2 and Foxit PhantomPDF before 7.2.2 allow remote attackers to execute arbitrary code via a crafted PDF document. 2015-12-16 6.8 CVE-2015-8580
CONFIRM
MISC
MISC
gnu — grub2 Multiple integer underflows in Grub2 1.98 through 2.02 allow physically proximate attackers to bypass authentication, obtain sensitive information, or cause a denial of service (disk corruption) via backspace characters in the (1) grub_username_get function in grub-core/normal/auth.c or the (2) grub_password_get function in lib/crypto.c, which trigger an “Off-by-two” or “Out of bounds overwrite” memory error. 2015-12-16 6.9 CVE-2015-8370
BUGTRAQ
MLIST
FEDORA
MISC
google — chrome The WebPageSerializerImpl::openTagToString function in WebKit/Source/web/WebPageSerializerImpl.cpp in the page serializer in Google Chrome before 47.0.2526.80 does not properly use HTML entities, which might allow remote attackers to inject arbitrary web script or HTML via a crafted document, as demonstrated by a double-quote character inside a single-quoted string. 2015-12-14 4.3 CVE-2015-6790
CONFIRM
CONFIRM
CONFIRM
ibm — websphere_application_server The Edge Component Caching Proxy in IBM WebSphere Application Server (WAS) 8.0 before 8.0.0.12 and 8.5 before 8.5.5.8 does not properly encrypt data, which allows remote authenticated users to obtain sensitive information via unspecified vectors. 2015-12-15 4.0 CVE-2015-5004
CONFIRM
AIXAPAR
isc — bind db.c in named in ISC BIND 9.x before 9.9.8-P2 and 9.10.x before 9.10.3-P2 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via a malformed class attribute. 2015-12-16 5.0 CVE-2015-8000
CONFIRM
joomla — joomla! Cross-site request forgery (CSRF) vulnerability in the com_templates component in Joomla! 3.2.0 through 3.3.x and 3.4.x before 3.4.6 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. 2015-12-16 6.8 CVE-2015-8563
CONFIRM
BID
kaspersky — total_security_2015 Kaspersky Total Security 2015 15.0.2.361 allocates memory with Read, Write, Execute (RWX) permissions at predictable addresses when protecting user-mode processes, which allows attackers to bypass the DEP and ASLR protection mechanisms via unspecified vectors. 2015-12-16 6.4 CVE-2015-8579
MISC
MISC
mozilla — firefox Mozilla Firefox before 43.0 does not properly store the properties of unboxed objects, which allows remote attackers to execute arbitrary code via crafted JavaScript variable assignments. 2015-12-16 6.8 CVE-2015-7204
CONFIRM
CONFIRM
mozilla — firefox Mozilla Firefox before 43.0 does not properly restrict the availability of IFRAME Resource Timing API times, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via crafted JavaScript code that leverages history.back and performance.getEntries calls, a related issue to CVE-2015-1300. 2015-12-16 5.0 CVE-2015-7207
MISC
CONFIRM
CONFIRM
mozilla — firefox Mozilla Firefox before 43.0 stores cookies containing vertical tab characters, which allows remote attackers to obtain sensitive information by reading HTTP Cookie headers. 2015-12-16 5.0 CVE-2015-7208
CONFIRM
CONFIRM
mozilla — firefox Mozilla Firefox before 43.0 mishandles the # (number sign) character in a data: URI, which allows remote attackers to spoof web sites via unspecified vectors. 2015-12-16 5.0 CVE-2015-7211
CONFIRM
CONFIRM
mozilla — firefox Integer overflow in the MPEG4Extractor::readMetaData function in MPEG4Extractor.cpp in libstagefright in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 on 64-bit platforms allows remote attackers to execute arbitrary code via a crafted MP4 video file that triggers a buffer overflow. 2015-12-16 6.8 CVE-2015-7213
CONFIRM
CONFIRM
mozilla — firefox Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allow remote attackers to bypass the Same Origin Policy via data: and view-source: URIs. 2015-12-16 5.0 CVE-2015-7214
CONFIRM
CONFIRM
mozilla — firefox The importScripts function in the Web Workers API implementation in Mozilla Firefox before 43.0 allows remote attackers to bypass the Same Origin Policy by triggering use of the no-cors mode in the fetch API to attempt resource access that throws an exception, leading to information disclosure after a rethrow. 2015-12-16 5.0 CVE-2015-7215
MISC
MISC
MISC
CONFIRM
CONFIRM
mozilla — firefox The gdk-pixbuf configuration in Mozilla Firefox before 43.0 on Linux GNOME platforms incorrectly enables the JasPer decoder, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted JPEG 2000 image. 2015-12-16 6.8 CVE-2015-7216
CONFIRM
CONFIRM
mozilla — firefox The gdk-pixbuf configuration in Mozilla Firefox before 43.0 on Linux GNOME platforms incorrectly enables the TGA decoder, which allows remote attackers to cause a denial of service (heap-based buffer overflow) via a crafted Truevision TGA image. 2015-12-16 4.3 CVE-2015-7217
CONFIRM
CONFIRM
mozilla — firefox The HTTP/2 implementation in Mozilla Firefox before 43.0 allows remote attackers to cause a denial of service (integer underflow, assertion failure, and application exit) via a single-byte header frame that triggers incorrect memory allocation. 2015-12-16 5.0 CVE-2015-7218
CONFIRM
CONFIRM
mozilla — firefox The HTTP/2 implementation in Mozilla Firefox before 43.0 allows remote attackers to cause a denial of service (integer underflow, assertion failure, and application exit) via a malformed PushPromise frame that triggers decompressed-buffer length miscalculation and incorrect memory allocation. 2015-12-16 5.0 CVE-2015-7219
CONFIRM
CONFIRM
mozilla — firefox Integer underflow in the Metadata::setData function in MetaData.cpp in libstagefright in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allows remote attackers to execute arbitrary code or cause a denial of service (incorrect memory allocation and application crash) via an MP4 video file with crafted covr metadata that triggers a buffer overflow. 2015-12-16 6.8 CVE-2015-7222
CONFIRM
CONFIRM
mozilla — firefox The WebExtension APIs in Mozilla Firefox before 43.0 allow remote attackers to gain privileges, and possibly obtain sensitive information or conduct cross-site scripting (XSS) attacks, via a crafted web site. 2015-12-16 4.0 CVE-2015-7223
CONFIRM
CONFIRM
ntop — ntopng ntopng (aka ntop) before 2.2 allows remote authenticated users to change the login context and gain privileges via the user cookie and username parameter to admin/password_reset.lua. 2015-12-17 6.0 CVE-2015-8368
EXPLOIT-DB
FULLDISC
MISC
php — php The phar_get_entry_data function in ext/phar/util.c in PHP before 5.5.30 and 5.6.x before 5.6.14 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a .phar file with a crafted TAR archive entry in which the Link indicator references a file that does not exist. 2015-12-11 6.8 CVE-2015-7803
CONFIRM
CONFIRM
CONFIRM
MLIST
APPLE
CONFIRM
php — php Off-by-one error in the phar_parse_zipfile function in ext/phar/zip.c in PHP before 5.5.30 and 5.6.x before 5.6.14 allows remote attackers to cause a denial of service (uninitialized pointer dereference and application crash) by including the / filename in a .zip PHAR archive. 2015-12-11 6.8 CVE-2015-7804
CONFIRM
CONFIRM
CONFIRM
MLIST
APPLE
CONFIRM
phpmailer_project — phpmailer Multiple CRLF injection vulnerabilities in PHPMailer before 5.2.14 allow attackers to inject arbitrary SMTP commands via CRLF sequences in an (1) email address to the validateAddress function in class.phpmailer.php or (2) SMTP command to the sendCommand function in class.smtp.php, a different vulnerability than CVE-2012-0796. 2015-12-16 5.0 CVE-2015-8476
CONFIRM
CONFIRM
BID
MLIST
MLIST
DEBIAN
schneider-electric — proclima Multiple buffer overflows in the F1BookView ActiveX control in F1 Bookview in Schneider Electric ProClima before 6.2 allow remote attackers to execute arbitrary code via the (1) Attach, (2) DefinedName, (3) DefinedNameLocal, (4) ODBCPrepareEx, (5) ObjCreatePolygon, (6) SetTabbedTextEx, or (7) SetValidationRule method, a different vulnerability than CVE-2015-8561. 2015-12-15 6.8 CVE-2015-7918
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
CONFIRM
schneider-electric — proclima The F1BookView ActiveX control in F1 Bookview in Schneider Electric ProClima before 6.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted integer value to the (1) AttachToSS, (2) CopyAll, (3) CopyRange, (4) CopyRangeEx, or (5) SwapTable method, a different vulnerability than CVE-2015-7918. 2015-12-15 6.8 CVE-2015-8561
MISC
MISC
MISC
MISC
MISC
CONFIRM
synnefoims — internet_management_software Cross-site scripting (XSS) vulnerability in synnefoclient in Synnefo Internet Management Software (IMS) 2015 allows remote attackers to inject arbitrary web script or HTML via the plan_name parameter to packagehistory/listusagesdata. 2015-12-15 4.3 CVE-2015-8247
BUGTRAQ
FULLDISC
theforeman — foreman Multiple cross-site scripting (XSS) vulnerabilities in information popups in Foreman before 1.10.0 allow remote attackers to inject arbitrary web script or HTML via (1) global parameters, (2) smart class parameters, or (3) smart variables in the (a) host or (b) hostgroup edit forms. 2015-12-17 4.3 CVE-2015-7518
MLIST
CONFIRM
CONFIRM
xen — xen The memory_exchange function in common/memory.c in Xen 3.2.x through 4.6.x does not properly hand back pages to a domain, which might allow guest OS administrators to cause a denial of service (host crash) via unspecified vectors related to domain teardown. 2015-12-17 4.7 CVE-2015-8339
CONFIRM
CONFIRM
xen — xen The memory_exchange function in common/memory.c in Xen 3.2.x through 4.6.x does not properly release locks, which might allow guest OS administrators to cause a denial of service (deadlock or host crash) via unspecified vectors, related to XENMEM_exchange error handling. 2015-12-17 4.7 CVE-2015-8340
CONFIRM
CONFIRM
xmlsoft — libxml2 Heap-based buffer overflow in the xmlDictComputeFastQKey function in dict.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors. 2015-12-15 5.0 CVE-2015-7497
CONFIRM
CONFIRM
CONFIRM
UBUNTU
REDHAT
REDHAT
xmlsoft — libxml2 Heap-based buffer overflow in the xmlParseXmlDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors related to extracting errors after an encoding conversion failure. 2015-12-15 5.0 CVE-2015-7498
CONFIRM
CONFIRM
CONFIRM
UBUNTU
REDHAT
REDHAT
xmlsoft — libxml2 Heap-based buffer overflow in the xmlGROW function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive process memory information via unspecified vectors. 2015-12-15 5.0 CVE-2015-7499
CONFIRM
CONFIRM
CONFIRM
CONFIRM
UBUNTU
REDHAT
REDHAT
xmlsoft — libxml2 The xmlParseMisc function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (out-of-bounds heap read) via unspecified vectors related to incorrect entities boundaries and start tags. 2015-12-15 5.0 CVE-2015-7500
CONFIRM
CONFIRM
CONFIRM
UBUNTU
REDHAT
REDHAT
xmlsoft — libxml2 The xmlNextChar function in libxml2 2.9.2 does not properly check the state, which allows context-dependent attackers to cause a denial of service (heap-based buffer over-read and application crash) or obtain sensitive information via crafted XML data. 2015-12-15 6.4 CVE-2015-8241
CONFIRM
CONFIRM
CONFIRM
UBUNTU
MLIST
MLIST
REDHAT
REDHAT
xmlsoft — libxml2 The xmlSAX2TextNode function in SAX2.c in the push interface in the HTML parser in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (stack-based buffer over-read and application crash) or obtain sensitive information via crafted XML data. 2015-12-15 5.8 CVE-2015-8242
CONFIRM
CONFIRM
CONFIRM
CONFIRM
UBUNTU
MLIST
MLIST
REDHAT
REDHAT
xmlsoft — libxml2 The xmlParseXMLDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive information via an (1) unterminated encoding value or (2) incomplete XML declaration in XML data, which triggers an out-of-bounds heap read. 2015-12-15 5.0 CVE-2015-8317
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
MISC
UBUNTU
MLIST
MLIST
REDHAT

Back to top

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
apple — iphone_os CFNetwork HTTPProtocol in Apple iOS before 9.2 and OS X before 10.11.2 allows man-in-the-middle attackers to bypass the HSTS protection mechanism via a crafted URL. 2015-12-11 2.6 CVE-2015-7094
CONFIRM
CONFIRM
APPLE
APPLE
cisco — telepresence_video_communication_server_software Cisco TelePresence Video Communication Server (VCS) X8.6 uses the same encryption key across different customers’ installations, which makes it easier for local users to defeat cryptographic protection mechanisms by leveraging knowledge of a key from another installation, aka Bug ID CSCuw64516. 2015-12-12 2.1 CVE-2015-6414
CISCO
mcafee — virusscan_enterprise The Buffer Overflow Protection (BOP) feature in McAfee VirusScan Enterprise before 8.8 Patch 6 allocates memory with Read, Write, Execute (RWX) permissions at predictable addresses on 32-bit platforms when protecting another application, which allows attackers to bypass the DEP and ASLR protection mechanisms via unspecified vectors. 2015-12-16 2.6 CVE-2015-8577
CONFIRM
MISC
MISC
redhat — jboss_enterprise_application_platform Red Hat JBoss Enterprise Application Platform (EAP) before 6.4.5 does not properly authorize access to shut down the server, which allows remote authenticated users with the Monitor, Deployer, or Auditor role to cause a denial of service via unspecified vectors. 2015-12-16 3.5 CVE-2015-5304
CONFIRM
SECTRACK
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
symantec — endpoint_encryption EACommunicatorSrv.exe in the Framework Service in the client in Symantec Endpoint Encryption (SEE) before 11.1.0 allows remote authenticated users to discover credentials by triggering a memory dump. 2015-12-18 2.3 CVE-2015-6556
CONFIRM
BID
token_insert_entity_project — token_insert_entity The Token Insert Entity module 7.x-1.x before 7.x-1.1 for Drupal does not properly check permissions, which allows remote authenticated users with certain permissions to bypass intended access restrictions and possibly obtain sensitive information by inserting a token, which embeds a rendered entity in the main node. 2015-12-17 3.5 CVE-2015-8602
MISC
CONFIRM

Back to top


This product is provided subject to this Notification and this Privacy & Use policy.

Leave a Reply