SB15-306: Vulnerability Summary for the Week of October 26, 2015

"US-CERT" <US-CERT@xxxxxxxxxxxxxxxx> · Mon, 02 Nov 2015 06:49:07 -0600

Title:     SB15-306: Vulnerability Summary for the Week of October 26, 2015

  National Cyber Awareness System:

SB15-306: Vulnerability Summary for the Week of October 26, 2015
11/02/2015 06:56 AM EST

Original release date: November 02, 2015 

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.
The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

High Vulnerabilities

Primary
Vendor -- Product Description Published CVSS Score Source & Patch Info

adobe -- shockwave_player
Adobe Shockwave Player before 12.2.1.171 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
2015-10-28
10.0
CVE-2015-7649
CONFIRM

apple -- mac_os_x
The kernel in Apple OS X before 10.11.1 allows local users to gain privileges by leveraging an unspecified "type confusion" during Mach task processing.
2015-10-23
7.2
CVE-2015-5932
CONFIRM
APPLE

apple -- mac_os_x
The Sandbox subsystem in Apple OS X before 10.11.1 allows local users to gain privileges via vectors involving NVRAM parameters.
2015-10-23
7.2
CVE-2015-5945
CONFIRM
APPLE

apple -- iphone_os
IOHIDFamily in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
2015-10-23
9.3
CVE-2015-6974
CONFIRM
CONFIRM
CONFIRM
APPLE
APPLE
APPLE

apple -- iphone_os
Double free vulnerability in Apple iOS before 9.1 and OS X before 10.11.1 allows attackers to write to arbitrary files via a crafted app that accesses AtomicBufferedFile descriptors.
2015-10-23
8.8
CVE-2015-6983
CONFIRM
CONFIRM
APPLE
APPLE

apple -- mac_os_x
libarchive in Apple OS X before 10.11.1 allows attackers to write to arbitrary files via a crafted app that conducts an unspecified symlink attack.
2015-10-23
8.8
CVE-2015-6984
CONFIRM
APPLE

apple -- iphone_os
The kernel in Apple iOS before 9.1 and OS X before 10.11.1 does not initialize an unspecified data structure, which allows remote attackers to execute arbitrary code via vectors involving an unknown network-connectivity requirement.
2015-10-23
10.0
CVE-2015-6988
CONFIRM
CONFIRM
APPLE
APPLE

apple -- iphone_os
The kernel in Apple iOS before 9.1 and OS X before 10.11.1 mishandles reuse of virtual memory, which allows attackers to cause a denial of service via a crafted app.
2015-10-23
7.1
CVE-2015-6994
CONFIRM
CONFIRM
APPLE
APPLE

apple -- mac_os_x
Script Editor in Apple OS X before 10.11.1 allows remote attackers to bypass an intended user-confirmation requirement for AppleScript execution via unspecified vectors.
2015-10-23
7.5
CVE-2015-7007
CONFIRM
APPLE

apple -- mac_os_x
The MCX Application Restrictions component in Apple OS X before 10.11.1, when Managed Configuration is enabled, mishandles provisioning profiles, which allows attackers to bypass intended entitlement restrictions and gain privileges via a crafted developer-signed app.
2015-10-23
7.6
CVE-2015-7016
CONFIRM
APPLE

apple -- mac_os_x
The Graphics Drivers subsystem in Apple OS X before 10.11.1 allows local users to gain privileges or cause a denial of service (kernel memory corruption) via unspecified vectors.
2015-10-23
7.2
CVE-2015-7021
CONFIRM
APPLE

cisco -- adaptive_security_appliance_software
The DHCPv6 relay implementation in Cisco Adaptive Security Appliance (ASA) software 9.0 before 9.0(4.37), 9.1 before 9.1(6.6), 9.2 before 9.2(4), 9.3 before 9.3(3.5), and 9.4 before 9.4(2) allows remote attackers to cause a denial of service (device reload) via crafted DHCPv6 packets, aka Bug IDs CSCus56252 and CSCus57142.
2015-10-24
7.1
CVE-2015-6324
CISCO

cisco -- adaptive_security_appliance_software
Cisco Adaptive Security Appliance (ASA) software 7.2 and 8.2 before 8.2(5.58), 8.3 and 8.4 before 8.4(7.29), 8.5 through 8.7 before 8.7(1.17), 9.0 before 9.0(4.37), 9.1 before 9.1(6.4), 9.2 before 9.2(4), 9.3 before 9.3(3.1), and 9.4 before 9.4(1.1) allows remote attackers to cause a denial of service (device reload) via a crafted DNS response, aka Bug ID CSCut03495.
2015-10-24
7.1
CVE-2015-6325
CISCO

cisco -- adaptive_security_appliance_software
Cisco Adaptive Security Appliance (ASA) software 7.2 and 8.2 before 8.2(5.58), 8.3 and 8.4 before 8.4(7.29), 8.5 through 8.7 before 8.7(1.17), 9.0 before 9.0(4.37), 9.1 before 9.1(6.6), 9.2 before 9.2(4), 9.3 before 9.3(3.5), and 9.4 before 9.4(1.5) allows remote attackers to cause a denial of service (device reload) via a crafted DNS response, aka Bug ID CSCuu07799.
2015-10-24
7.8
CVE-2015-6326
CISCO

cisco -- adaptive_security_appliance_software
The IKEv1 implementation in Cisco Adaptive Security Appliance (ASA) software 7.2 and 8.2 before 8.2(5.58), 8.3 and 8.4 before 8.4(7.29), 8.5 through 8.7 before 8.7(1.17), 9.0 before 9.0(4.37), 9.1 before 9.1(6.8), 9.2 before 9.2(4), and 9.3 before 9.3(3) allows remote attackers to cause a denial of service (device reload) via crafted ISAKMP UDP packets, aka Bug ID CSCus94026.
2015-10-24
7.8
CVE-2015-6327
CISCO

cisco -- firesight_system_software
The policy implementation in Cisco FireSIGHT Management Center 5.3.1.7, 5.4.0.4, and 6.0.0 for VMware allows remote authenticated administrators to bypass intended policy restrictions and execute Linux commands as root via unspecified vectors, aka Bug ID CSCuw12839.
2015-10-24
9.0
CVE-2015-6335
CISCO

fedoraproject -- 389_directory_server
389 Directory Server (formerly Fedora Directory Server) before 1.3.3.12 does not enforce the nsSSL3Ciphers preference when creating an sslSocket, which allows remote attackers to have unspecified impact by requesting to use a disabled cipher.
2015-10-29
7.5
CVE-2015-3230
CONFIRM
CONFIRM
CONFIRM
FEDORA

ibm -- general_parallel_file_system
IBM General Parallel File System (GPFS) 3.5.x before 3.5.0.27 and 4.1.x before 4.1.1.2 and Spectrum Scale 4.1.1.x before 4.1.1.2 allow local users to obtain root privileges for command execution via unspecified vectors.
2015-10-25
7.2
CVE-2015-4974
CONFIRM

ibm -- domino
Buffer overflow in IBM Domino 8.5.1 through 8.5.3 before 8.5.3 FP6 IF10 and 9.x before 9.0.1 FP4 IF3 allows remote attackers to execute arbitrary code or cause a denial of service (SMTP daemon crash) via a crafted GIF image, aka SPRs KLYH9ZDKRE and KLYH9ZTLEZ, a different vulnerability than CVE-2015-5040.
2015-10-29
7.5
CVE-2015-4994
CONFIRM

ibm -- cognos_disclosure_management
IBM Cognos Disclosure Management (CDM) 10.1.x and 10.2.x before 10.2.4 IF10 allows man-in-the-middle attackers to obtain access by spoofing an executable file during a client upload operation.
2015-10-25
9.3
CVE-2015-5014
CONFIRM

ibm -- domino
Buffer overflow in IBM Domino 8.5.1 through 8.5.3 before 8.5.3 FP6 IF10 and 9.x before 9.0.1 FP4 IF3 allows remote attackers to execute arbitrary code or cause a denial of service (SMTP daemon crash) via a crafted GIF image, aka SPRs KLYH9ZDKRE and KLYH9ZTLEZ, a different vulnerability than CVE-2015-4994.
2015-10-29
7.5
CVE-2015-5040
CONFIRM

ininet_solutions -- scada_web_server
Multiple stack-based buffer overflows in IniNet embeddedWebServer (aka eWebServer) before 2.02 allow remote attackers to execute arbitrary code via a long field in an HTTP request.
2015-10-24
10.0
CVE-2015-1001
MISC

janitza -- umg_508
The FTP service on Janitza UMG 508, 509, 511, 604, and 605 devices has a default password, which makes it easier for remote attackers to read or write to files via a session on TCP port 21.
2015-10-28
7.5
CVE-2015-3968
MISC

janitza -- umg_508
The debug interface on Janitza UMG 508, 509, 511, 604, and 605 devices does not require authentication, which allows remote attackers to read or write to files, or execute arbitrary JASIC code, via a session on TCP port 1239.
2015-10-28
7.5
CVE-2015-3971
MISC

janitza -- umg_508
The web interface on Janitza UMG 508, 509, 511, 604, and 605 devices supports only short PIN values for authentication, which makes it easier for remote attackers to obtain access via a brute-force attack.
2015-10-28
10.0
CVE-2015-3972
MISC

joomla -- joomla!
SQL injection vulnerability in Joomla! 3.2 before 3.4.4 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2015-7858.
2015-10-29
7.5
CVE-2015-7297
MISC
SECTRACK
CONFIRM

joomla -- joomla!
SQL injection vulnerability in the getListQuery function in administrator/components/com_contenthistory/models/history.php in Joomla! 3.2 before 3.4.5 allows remote attackers to execute arbitrary SQL commands via the list[select] parameter to index.php.
2015-10-29
7.5
CVE-2015-7857
MISC
SECTRACK
CONFIRM

joomla -- joomla!
SQL injection vulnerability in Joomla! 3.2 before 3.4.4 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2015-7297.
2015-10-29
7.5
CVE-2015-7858
MISC
SECTRACK
CONFIRM

medicomp -- medcin_engine
The AddUserFinding implementation in Medicomp MEDCIN Engine 2.22.20153.x before 2.22.20153.226 might allow remote attackers to execute arbitrary code or cause a denial of service (integer truncation and heap-based buffer overflow) via a crafted packet on port 8190.
2015-10-29
7.5
CVE-2015-6006
CERT-VN
MISC

owncloud -- owncloud
Directory traversal vulnerability in ownCloud Server before 8.0.6 and 8.1.x before 8.1.1 allows remote authenticated users to list directory contents and possibly cause a denial of service (CPU consumption) via a .. (dot dot) in the dir parameter to index.php/apps/files/ajax/scan.php.
2015-10-26
7.5
CVE-2015-6500
MISC
CONFIRM

owncloud -- owncloud
The files_external app in ownCloud Server before 7.0.9, 8.0.x before 8.0.7, and 8.1.x before 8.1.2 allows remote authenticated users to instantiate arbitrary classes and possibly execute arbitrary code via a crafted mount point option, related to "objectstore."
2015-10-26
9.0
CVE-2015-7699
CONFIRM
CONFIRM
DEBIAN

rockwellautomation -- micrologix_1100_firmware
Stack-based buffer overflow on Allen-Bradley MicroLogix 1100 devices before B FRN 15.000 and 1400 devices through B FRN 15.003 allows remote attackers to execute arbitrary code via unspecified vectors.
2015-10-28
10.0
CVE-2015-6490
MISC

rockwellautomation -- micrologix_1100_firmware
Allen-Bradley MicroLogix 1100 devices before B FRN 15.000 and 1400 devices before B FRN 15.003 allow remote attackers to cause a denial of service (memory corruption and device crash) via a crafted HTTP request.
2015-10-28
7.8
CVE-2015-6492
MISC

sap -- hana
The index server (hdbindexserver) in SAP HANA 1.00.095 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via an HTTP request, aka SAP Security Note 2197428.
2015-10-27
7.5
CVE-2015-7986
MISC
MISC

techno_project_japan -- enisys_gw
SQL injection vulnerability in Techno Project Japan Enisys Gw before 1.4.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
2015-10-29
7.5
CVE-2015-5668
CONFIRM
JVNDB
JVN

Back to top

Medium Vulnerabilities

Primary
Vendor -- Product Description Published CVSS Score Source & Patch Info

3s-smart_software_solutions -- codesys_gateway_server
3S-Smart CODESYS Gateway Server before 2.3.9.48 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted (1) GET or (2) POST request.
2015-10-24
5.0
CVE-2015-6484
MISC

afnetworking_project -- afnetworking
The default AFSecurityPolicy.validatesDomainName configuration for AFSSLPinningModeNone in the AFNetworking framework before 2.5.3, as used in the ownCloud iOS Library, disables verification of a server hostname against the domain name in the subject's Common Name (CN) of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
2015-10-27
4.3
CVE-2015-3996
CONFIRM
CONFIRM
CONFIRM
BID

apache -- httpclient
http/conn/ssl/SSLConnectionSocketFactory.java in Apache HttpComponents HttpClient before 4.3.6 ignores the http.socket.timeout configuration setting during an SSL handshake, which allows remote attackers to cause a denial of service (HTTPS call hang) via unspecified vectors.
2015-10-27
4.3
CVE-2015-5262
CONFIRM
CONFIRM
UBUNTU
SECTRACK
CONFIRM
FEDORA
FEDORA
FEDORA

apple -- iphone_os
The OpenGL implementation in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
2015-10-23
6.8
CVE-2015-5924
CONFIRM
CONFIRM
APPLE
APPLE

apple -- iphone_os
The CoreGraphics component in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2015-5926.
2015-10-23
6.8
CVE-2015-5925
CONFIRM
CONFIRM
CONFIRM
APPLE
APPLE
APPLE

apple -- iphone_os
The CoreGraphics component in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2015-5925.
2015-10-23
6.8
CVE-2015-5926
CONFIRM
CONFIRM
CONFIRM
APPLE
APPLE
APPLE

apple -- iphone_os
FontParser in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-5942.
2015-10-23
6.8
CVE-2015-5927
CONFIRM
CONFIRM
CONFIRM
APPLE
APPLE
APPLE

apple -- itunes
WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-1, APPLE-SA-2015-10-21-3, and APPLE-SA-2015-10-21-5.
2015-10-23
6.8
CVE-2015-5928
CONFIRM
CONFIRM
CONFIRM
APPLE
APPLE
APPLE

apple -- itunes
WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-1, APPLE-SA-2015-10-21-3, and APPLE-SA-2015-10-21-5.
2015-10-23
6.8
CVE-2015-5929
APPLE
CONFIRM
CONFIRM
CONFIRM
APPLE
APPLE

apple -- itunes
WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-1, APPLE-SA-2015-10-21-3, and APPLE-SA-2015-10-21-5.
2015-10-23
6.8
CVE-2015-5930
APPLE
CONFIRM
CONFIRM
CONFIRM
APPLE
APPLE

apple -- itunes
WebKit, as used in Apple Safari before 9.0.1 and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-3 and APPLE-SA-2015-10-21-5.
2015-10-23
6.8
CVE-2015-5931
CONFIRM
CONFIRM
APPLE
APPLE

apple -- mac_os_x
Audio in Apple OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted audio file, a different vulnerability than CVE-2015-5934.
2015-10-23
6.8
CVE-2015-5933
CONFIRM
APPLE

apple -- mac_os_x
Audio in Apple OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted audio file, a different vulnerability than CVE-2015-5933.
2015-10-23
6.8
CVE-2015-5934
CONFIRM
APPLE

apple -- iphone_os
ImageIO in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted metadata in an image, a different vulnerability than CVE-2015-5936, CVE-2015-5937, and CVE-2015-5939.
2015-10-23
6.8
CVE-2015-5935
CONFIRM
CONFIRM
CONFIRM
APPLE
APPLE
APPLE

apple -- iphone_os
ImageIO in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted metadata in an image, a different vulnerability than CVE-2015-5935, CVE-2015-5937, and CVE-2015-5939.
2015-10-23
6.8
CVE-2015-5936
CONFIRM
CONFIRM
CONFIRM
APPLE
APPLE
APPLE

apple -- iphone_os
ImageIO in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted metadata in an image, a different vulnerability than CVE-2015-5935, CVE-2015-5936, and CVE-2015-5939.
2015-10-23
6.8
CVE-2015-5937
CONFIRM
CONFIRM
CONFIRM
APPLE
APPLE
APPLE

apple -- mac_os_x
ImageIO in Apple OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted metadata in an image.
2015-10-23
6.8
CVE-2015-5938
CONFIRM
APPLE

apple -- iphone_os
ImageIO in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted metadata in an image, a different vulnerability than CVE-2015-5935, CVE-2015-5936, and CVE-2015-5937.
2015-10-23
6.8
CVE-2015-5939
CONFIRM
CONFIRM
CONFIRM
APPLE
APPLE
APPLE

apple -- iphone_os
The Accelerate Framework component in Apple iOS before 9.1 and OS X before 10.11.1, when multi-threading is enabled, omits certain validation and locking steps, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
2015-10-23
6.8
CVE-2015-5940
CONFIRM
CONFIRM
APPLE
APPLE

apple -- iphone_os
FontParser in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-5927.
2015-10-23
6.8
CVE-2015-5942
CONFIRM
CONFIRM
CONFIRM
APPLE
APPLE
APPLE

apple -- mac_os_x
SecurityAgent in Apple OS X before 10.11.1 does not prevent synthetic clicks from reaching keychain windows, which allows attackers to bypass intended access restrictions via a crafted app.
2015-10-23
4.3
CVE-2015-5943
CONFIRM
APPLE

apple -- mac_os_x
CoreText in Apple OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file.
2015-10-23
6.8
CVE-2015-5944
CONFIRM
APPLE

apple -- iphone_os
FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6977, CVE-2015-6978, CVE-2015-6990, CVE-2015-6991, CVE-2015-6993, CVE-2015-7008, CVE-2015-7009, CVE-2015-7010, and CVE-2015-7018.
2015-10-23
6.8
CVE-2015-6976
CONFIRM
CONFIRM
APPLE
APPLE

apple -- iphone_os
FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6976, CVE-2015-6978, CVE-2015-6990, CVE-2015-6991, CVE-2015-6993, CVE-2015-7008, CVE-2015-7009, CVE-2015-7010, and CVE-2015-7018.
2015-10-23
6.8
CVE-2015-6977
CONFIRM
CONFIRM
APPLE
APPLE

apple -- iphone_os
FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6976, CVE-2015-6977, CVE-2015-6990, CVE-2015-6991, CVE-2015-6993, CVE-2015-7008, CVE-2015-7009, CVE-2015-7010, and CVE-2015-7018.
2015-10-23
6.8
CVE-2015-6978
CONFIRM
CONFIRM
APPLE
APPLE

apple -- mac_os_x
Apple Type Services (ATS) in Apple OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web page.
2015-10-23
6.8
CVE-2015-6985
CONFIRM
APPLE

apple -- iphone_os
Grand Central Dispatch in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted package that is mishandled during dispatch calls.
2015-10-23
6.8
CVE-2015-6989
CONFIRM
CONFIRM
CONFIRM
APPLE
APPLE
APPLE

apple -- iphone_os
FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6976, CVE-2015-6977, CVE-2015-6978, CVE-2015-6991, CVE-2015-6993, CVE-2015-7008, CVE-2015-7009, CVE-2015-7010, and CVE-2015-7018.
2015-10-23
6.8
CVE-2015-6990
CONFIRM
CONFIRM
APPLE
APPLE

apple -- iphone_os
FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6976, CVE-2015-6977, CVE-2015-6978, CVE-2015-6990, CVE-2015-6993, CVE-2015-7008, CVE-2015-7009, CVE-2015-7010, and CVE-2015-7018.
2015-10-23
6.8
CVE-2015-6991
CONFIRM
CONFIRM
APPLE
APPLE

apple -- iphone_os
FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6976, CVE-2015-6977, CVE-2015-6978, CVE-2015-6990, CVE-2015-6991, CVE-2015-7008, CVE-2015-7009, CVE-2015-7010, and CVE-2015-7018.
2015-10-23
6.8
CVE-2015-6993
CONFIRM
CONFIRM
APPLE
APPLE

apple -- iphone_os
The Disk Images component in Apple iOS before 9.1 and OS X before 10.11.1 misparses images, which allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted app.
2015-10-23
6.8
CVE-2015-6995
CONFIRM
CONFIRM
APPLE
APPLE

apple -- iphone_os
IOAcceleratorFamily in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted app.
2015-10-23
6.8
CVE-2015-6996
CONFIRM
CONFIRM
CONFIRM
APPLE
APPLE
APPLE

apple -- itunes
WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-1, APPLE-SA-2015-10-21-3, and APPLE-SA-2015-10-21-5.
2015-10-23
6.8
CVE-2015-7002
CONFIRM
CONFIRM
CONFIRM
APPLE
APPLE
APPLE

apple -- mac_os_x
coreaudiod in Audio in Apple OS X before 10.11.1 does not initialize an unspecified data structure, which allows attackers to execute arbitrary code via a crafted app.
2015-10-23
6.8
CVE-2015-7003
CONFIRM
APPLE

apple -- iphone_os
Directory traversal vulnerability in the BOM (aka Bill of Materials) component in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows remote attackers to execute arbitrary code via a crafted CPIO archive.
2015-10-23
6.8
CVE-2015-7006
CONFIRM
CONFIRM
CONFIRM
APPLE
APPLE
APPLE

apple -- iphone_os
FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6976, CVE-2015-6977, CVE-2015-6978, CVE-2015-6990, CVE-2015-6991, CVE-2015-6993, CVE-2015-7009, CVE-2015-7010, and CVE-2015-7018.
2015-10-23
6.8
CVE-2015-7008
CONFIRM
CONFIRM
APPLE
APPLE

apple -- iphone_os
FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6976, CVE-2015-6977, CVE-2015-6978, CVE-2015-6990, CVE-2015-6991, CVE-2015-6993, CVE-2015-7008, CVE-2015-7010, and CVE-2015-7018.
2015-10-23
6.8
CVE-2015-7009
CONFIRM
CONFIRM
APPLE
APPLE

apple -- iphone_os
FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6976, CVE-2015-6977, CVE-2015-6978, CVE-2015-6990, CVE-2015-6991, CVE-2015-6993, CVE-2015-7008, CVE-2015-7009, and CVE-2015-7018.
2015-10-23
6.8
CVE-2015-7010
CONFIRM
CONFIRM
APPLE
APPLE

apple -- itunes
WebKit, as used in Apple Safari before 9.0.1 and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-3 and APPLE-SA-2015-10-21-5.
2015-10-23
6.8
CVE-2015-7011
CONFIRM
CONFIRM
APPLE
APPLE

apple -- itunes
WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-1, APPLE-SA-2015-10-21-3, and APPLE-SA-2015-10-21-5.
2015-10-23
6.8
CVE-2015-7012
APPLE
CONFIRM
CONFIRM
CONFIRM
APPLE
APPLE

apple -- itunes
WebKit, as used in Apple Safari before 9.0.1 and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-3 and APPLE-SA-2015-10-21-5.
2015-10-23
6.8
CVE-2015-7013
CONFIRM
CONFIRM
APPLE
APPLE

apple -- itunes
WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-1, APPLE-SA-2015-10-21-3, and APPLE-SA-2015-10-21-5.
2015-10-23
6.8
CVE-2015-7014
APPLE
CONFIRM
CONFIRM
CONFIRM
APPLE
APPLE

apple -- iphone_os
Heap-based buffer overflow in the DNS client library in configd in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows attackers to execute arbitrary code via a crafted app that sends a spoofed configd response to a client.
2015-10-23
6.8
CVE-2015-7015
CONFIRM
CONFIRM
CONFIRM
APPLE
APPLE
APPLE

apple -- iphone_os
FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6976, CVE-2015-6977, CVE-2015-6978, CVE-2015-6990, CVE-2015-6991, CVE-2015-6993, CVE-2015-7008, CVE-2015-7009, and CVE-2015-7010.
2015-10-23
6.8
CVE-2015-7018
CONFIRM
CONFIRM
APPLE
APPLE

apple -- mac_os_x
The NVIDIA driver in the Graphics Drivers subsystem in Apple OS X before 10.11.1 allows local users to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read and system crash) via unspecified vectors, a different vulnerability than CVE-2015-7020.
2015-10-23
5.6
CVE-2015-7019
CONFIRM
APPLE

apple -- mac_os_x
The NVIDIA driver in the Graphics Drivers subsystem in Apple OS X before 10.11.1 allows local users to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read and system crash) via unspecified vectors, a different vulnerability than CVE-2015-7019.
2015-10-23
5.6
CVE-2015-7020
CONFIRM
APPLE

apple -- iphone_os
CFNetwork in Apple iOS before 9.1 and OS X before 10.11.1 does not properly consider the uppercase-versus-lowercase distinction during cookie parsing, which allows remote web servers to overwrite cookies via unspecified vectors.
2015-10-23
5.8
CVE-2015-7023
CONFIRM
CONFIRM
APPLE
APPLE

cisco -- asr_5000_software
The Proxy Mobile IPv6 (PMIPv6) component in the CDMA implementation on Cisco ASR 5000 devices with software 19.0.M0.60737 allows remote attackers to cause a denial of service (hamgr process restart) via a crafted header in a PMIPv6 packet, aka Bug ID CSCuv63280.
2015-10-26
5.0
CVE-2015-6340
CISCO

cisco -- wireless_lan_controller_software
The Web Management GUI on Cisco Wireless LAN Controller (WLC) devices with software 7.4(140.0) and 8.0(120.0) allows remote attackers to cause a denial of service (client disconnection) via unspecified vectors, aka Bug ID CSCuw10610.
2015-10-24
5.0
CVE-2015-6341
CISCO

cisco -- asa_cx_context-aware_security_software
The web-based GUI in Cisco Adaptive Security Appliance (ASA) CX Context-Aware Security 9.3(4.1.11) allows remote authenticated users to bypass intended access restrictions and obtain sensitive user information via an unspecified HTTP request, aka Bug ID CSCuv74105.
2015-10-30
4.0
CVE-2015-6344
CISCO

cisco -- secure_access_control_server
SQL injection vulnerability in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCuw24700.
2015-10-30
6.5
CVE-2015-6345
CISCO

cisco -- secure_access_control_server
Cross-site scripting (XSS) vulnerability in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
2015-10-30
4.3
CVE-2015-6346
CISCO

cisco -- secure_access_control_server
The Solution Engine in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote authenticated users to bypass intended RBAC restrictions, and create a dashboard or portlet, by visiting an unspecified web page.
2015-10-30
4.0
CVE-2015-6347
CISCO

cisco -- secure_access_control_server
The report-generation web interface in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote authenticated users to bypass intended RBAC restrictions, and read report or status information, by visiting an unspecified web page.
2015-10-30
4.0
CVE-2015-6348
CISCO

cisco -- secure_access_control_server
Cross-site scripting (XSS) vulnerability in the web interface in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
2015-10-30
4.3
CVE-2015-6349
CISCO

cisco -- prime_service_catalog
SQL injection vulnerability in the web framework in Cisco Prime Service Catalog 11.0 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuw50843.
2015-10-30
6.5
CVE-2015-6350
CISCO

cisco -- asr_5000_software
Cisco ASR 5500 System Architecture Evolution (SAE) Gateway devices with software 19.1.0.61559 and 19.2.0 allow remote attackers to cause a denial of service (BGP process restart) via a crafted header in a BGP packet, aka Bug ID CSCuw65781.
2015-10-30
5.0
CVE-2015-6351
CISCO

cisco -- hosted_collaboration_solution
Cisco Unified Communications Domain Manager before 10.6(1) provides different error messages for pathname access attempts depending on whether the pathname exists, which allows remote attackers to map a filesystem via a series of requests, aka Bug ID CSCut67891.
2015-10-30
4.3
CVE-2015-6352
CISCO

digia -- qt
ownCloud Desktop Client before 2.0.1, when compiled with a Qt release after 5.3.x, does not call QNetworkReply::ignoreSslErrors with the list of errors to be ignored, which makes it easier for remote attackers to conduct man-in-the-middle (MITM) attacks by leveraging a server using a self-signed certificate. NOTE: this vulnerability exists because of a partial CVE-2015-4456 regression.
2015-10-26
5.1
CVE-2015-7298
CONFIRM

epson -- network_utility
EPSON Network Utility 4.10 uses weak permissions (Everyone: Full Control) for eEBSVC.exe, which allows local users to gain privileges via a Trojan horse file.
2015-10-28
6.9
CVE-2015-6034
CERT-VN
CONFIRM

fedoraproject -- sssd
Memory leak in the Privilege Attribute Certificate (PAC) responder plugin (sssd_pac_plugin.so) in System Security Services Daemon (SSSD) 1.10 before 1.13.1 allows remote authenticated users to cause a denial of service (memory consumption) via a large number of logins that trigger parsing of PAC blobs during Kerberos authentication.
2015-10-29
6.8
CVE-2015-5292
CONFIRM
CONFIRM
CONFIRM
MLIST
FEDORA

gnome -- gdk-pixbuf
io-tga.c in gdk-pixbuf before 2.32.0 uses heap memory after its allocation failed, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) and possibly execute arbitrary code via a crafted Truevision TGA (TARGA) file.
2015-10-26
6.8
CVE-2015-7673
UBUNTU
CONFIRM
CONFIRM
CONFIRM
MLIST
MLIST
CONFIRM

gnome -- gdk-pixbuf
Integer overflow in the pixops_scale_nearest function in pixops/pixops.c in gdk-pixbuf before 2.32.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted GIF image file, which triggers a heap-based buffer overflow.
2015-10-26
6.8
CVE-2015-7674
UBUNTU
CONFIRM
MLIST
MLIST
MLIST
MLIST
CONFIRM

ibm -- websphere_portal
IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 through 8.0.0.1 CF18, and 8.5.0 before CF08 improperly restricts resource access, which allows remote attackers to obtain sensitive information via unspecified vectors, as demonstrated by configuration information.
2015-10-28
5.0
CVE-2014-8912
CONFIRM
AIXAPAR

ibm -- websphere_portal
IBM WebSphere Portal 8.5.0 before CF08 allows remote attackers to bypass intended access restrictions via a crafted request.
2015-10-29
6.8
CVE-2015-4997
CONFIRM
AIXAPAR

infinite_automation_systems -- mango_automation
Cross-site request forgery (CSRF) vulnerability in Infinite Automation Mango Automation 2.5.x and 2.6.x through 2.6.0 build 430 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors.
2015-10-28
6.8
CVE-2015-6493
MISC

infinite_automation_systems -- mango_automation
Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 build 430 allows remote attackers to obtain sensitive debugging information by entering a crafted URL to trigger an exception, and then visiting a certain status page.
2015-10-28
4.3
CVE-2015-7900
MISC

infinite_automation_systems -- mango_automation
Infinite Automation Mango Automation 2.5.x and 2.6.x through 2.6.0 build 430 allows remote authenticated users to execute arbitrary OS commands via unspecified vectors.
2015-10-28
6.5
CVE-2015-7901
MISC

infinite_automation_systems -- mango_automation
Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 build 430 provides different error messages for failed login attempts in unspecified circumstances, which allows remote attackers to obtain sensitive information via a series of requests.
2015-10-28
5.0
CVE-2015-7902
MISC

infinite_automation_systems -- mango_automation
SQL injection vulnerability in Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 build 430 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
2015-10-28
6.5
CVE-2015-7903
MISC

infinite_automation_systems -- mango_automation
Unrestricted file upload vulnerability in Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 build 430 allows remote authenticated users to execute arbitrary JSP code via vectors involving an upload of an image file.
2015-10-28
6.5
CVE-2015-7904
MISC

ininet_solutions -- scada_web_server
IniNet embeddedWebServer (aka eWebServer) before 2.02 mishandles URL encoding, which allows remote attackers to write to or delete files via a crafted string.
2015-10-24
6.4
CVE-2015-1002
MISC

ininet_solutions -- scada_web_server
Directory traversal vulnerability in IniNet embeddedWebServer (aka eWebServer) before 2.02 allows remote attackers to read arbitrary files via a crafted pathname.
2015-10-24
5.0
CVE-2015-1003
MISC

janitza -- umg_508
Cross-site request forgery (CSRF) vulnerability on Janitza UMG 508, 509, 511, 604, and 605 devices allows remote attackers to hijack the authentication of arbitrary users.
2015-10-28
6.8
CVE-2015-3967
MISC

janitza -- umg_508
Janitza UMG 508, 509, 511, 604, and 605 devices allow remote attackers to obtain sensitive network-connection information via a request to UDP port (1) 1234 or (2) 1235.
2015-10-28
5.0
CVE-2015-3969
MISC

janitza -- umg_508
Multiple cross-site scripting (XSS) vulnerabilities in the web interface on Janitza UMG 508, 509, 511, 604, and 605 devices allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
2015-10-28
4.3
CVE-2015-3970
MISC

janitza -- umg_508
Janitza UMG 508, 509, 511, 604, and 605 devices improperly generate session tokens, which makes it easier for remote attackers to determine a PIN value via unspecified computations on session-token values.
2015-10-28
5.0
CVE-2015-3973
MISC

joomla -- joomla!
The com_contenthistory component in Joomla! 3.2 before 3.4.5 does not properly check ACLs, which allows remote attackers to obtain sensitive information via unspecified vectors.
2015-10-29
5.0
CVE-2015-7859
SECTRACK
CONFIRM

joomla -- joomla!
The com_content component in Joomla! 3.x before 3.4.5 does not properly check ACLs, which allows remote attackers to obtain sensitive information via unspecified vectors.
2015-10-29
5.0
CVE-2015-7899
SECTRACK
CONFIRM

kallithea -- kallithea
CRLF injection vulnerability in Kallithea before 0.3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the came_from parameter to _admin/login.
2015-10-29
5.0
CVE-2015-5285
CONFIRM
EXPLOIT-DB
MISC
MISC

librsync_project -- librsync
librsync before 1.0.0 uses a truncated MD4 checksum to match blocks, which makes it easier for remote attackers to modify transmitted data via a birthday attack.
2015-10-26
5.8
CVE-2014-8242
CONFIRM
CONFIRM
MISC
CONFIRM
MLIST
MLIST
MLIST
SUSE
FEDORA
FEDORA
FEDORA

lockon -- ec-cube
Cross-site request forgery (CSRF) vulnerability in LOCKON EC-CUBE 2.11.0 through 2.13.3 allows remote attackers to hijack the authentication of arbitrary users for requests that write to PHP scripts, related to the doValidToken function.
2015-10-26
5.1
CVE-2015-5665
CONFIRM
CONFIRM
JVNDB
JVN

medicomp -- medcin_engine
Multiple stack-based buffer overflows in Medicomp MEDCIN Engine before 2.22.20153.226 might allow remote attackers to execute arbitrary code via a crafted packet on port 8190, related to (1) the SetGroupSequenceEx na_setgroupsequenceex function, (2) the FormatDate julptostr function, and (3) the UserFindingCodes addtocl function.
2015-10-29
6.8
CVE-2015-2898
CERT-VN
MISC

medicomp -- medcin_engine
Heap-based buffer overflow in the QualifierList retrieve_qualifier_list function in Medicomp MEDCIN Engine before 2.22.20153.226 might allow remote attackers to execute arbitrary code via a long list name in a packet on port 8190.
2015-10-29
6.8
CVE-2015-2899
CERT-VN
MISC

medicomp -- medcin_engine
The AddUserFinding add_userfinding2 function in Medicomp MEDCIN Engine before 2.22.20153.226 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted packet on port 8190.
2015-10-29
6.8
CVE-2015-2900
CERT-VN
MISC

medicomp -- medcin_engine
Multiple stack-based buffer overflows in Medicomp MEDCIN Engine 2.22.20142.166 might allow remote attackers to execute arbitrary code via a crafted packet on port 8190, related to (1) the GetProperty info_getproperty function and (2) the GetProperty UdfCodeList function.
2015-10-29
6.8
CVE-2015-2901
CERT-VN
MISC

openstack -- compute
OpenStack Compute (nova) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) does not properly delete instances from compute nodes, which allows remote authenticated users to cause a denial of service (disk consumption) by deleting instances while in the resize state.
2015-10-26
6.8
CVE-2015-3280
CONFIRM
CONFIRM
REDHAT

openstack -- swift
OpenStack Object Storage (Swift) before 2.4.0 allows attackers to obtain sensitive information via a PUT tempurl and a DLO object manifest that references an object in another container.
2015-10-26
5.0
CVE-2015-5223
CONFIRM
CONFIRM
CONFIRM
MLIST
REDHAT

openstack -- image_registry_and_delivery_service_(glance)
OpenStack Image Service (Glance) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) allow remote authenticated users to change the status of their images and bypass access restrictions via the HTTP x-image-meta-status header to images/*.
2015-10-26
5.5
CVE-2015-5251
CONFIRM
CONFIRM
REDHAT

openstack -- image_registry_and_delivery_service_(glance)
OpenStack Image Service (Glance) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) allows remote authenticated users to bypass the storage quota and cause a denial of service (disk consumption) by deleting images that are being uploaded using a token that expires during the process. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-9623.
2015-10-26
6.8
CVE-2015-5286
CONFIRM
CONFIRM
REDHAT

openstack -- compute
OpenStack Compute (Nova) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) do not properly apply security group changes, which allows remote attackers to bypass intended restriction by leveraging an instance that was running when the change was made.
2015-10-29
5.0
CVE-2015-7713
CONFIRM
CONFIRM
CONFIRM

owncloud -- owncloud
ownCloud iOS app before 3.4.4 does not properly switch state between multiple instances, which might allow remote instance administrators to obtain sensitive credential and cookie information by reading authentication headers.
2015-10-29
5.0
CVE-2015-5955
CONFIRM

owncloud -- owncloud
ownCloud Server before 7.0.8, 8.0.x before 8.0.6, and 8.1.x before 8.1.1 does not properly check ownership of calendars, which allows remote authenticated users to read arbitrary calendars via the calid parameter to apps/calendar/export.php.
2015-10-26
4.0
CVE-2015-6670
CONFIRM

phpmyadmin -- phpmyadmin
The redirection feature in url.php in phpMyAdmin 4.4.x before 4.4.15.1 and 4.5.x before 4.5.1 allows remote attackers to spoof content via the url parameter.
2015-10-28
5.0
CVE-2015-7873
CONFIRM
CONFIRM

polkit_project -- polkit
The polkit_backend_action_pool_init function in polkitbackend/polkitbackendactionpool.c in PolicyKit (aka polkit) before 0.113 might allow local users to gain privileges via duplicate action IDs in action descriptions.
2015-10-26
4.6
CVE-2015-3255
CONFIRM
CONFIRM
SUSE
MLIST

polkit_project -- polkit
PolicyKit (aka polkit) before 0.113 allows local users to cause a denial of service (memory corruption and polkitd daemon crash) and possibly gain privileges via unspecified vectors, related to "_javascript_ rule evaluation."
2015-10-26
4.6
CVE-2015-3256
CONFIRM
SUSE
MLIST

polkit_project -- polkit
Integer overflow in the authentication_agent_new_cookie function in PolicyKit (aka polkit) before 0.113 allows local users to gain privileges by creating a large number of connections, which triggers the issuance of a duplicate cookie value.
2015-10-26
4.6
CVE-2015-4625
BID
MLIST
MLIST
MLIST
SUSE
MLIST
MLIST
MLIST
FEDORA
FEDORA

postgresql -- postgresql
The crypt function in contrib/pgcrypto in PostgreSQL before 9.0.23, 9.1.x before 9.1.19, 9.2.x before 9.2.14, 9.3.x before 9.3.10, and 9.4.x before 9.4.5 allows attackers to cause a denial of service (server crash) or read arbitrary server memory via a "too-short" salt.
2015-10-26
6.4
CVE-2015-5288
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
FEDORA

postgresql -- postgresql
Multiple stack-based buffer overflows in json parsing in PostgreSQL before 9.3.x before 9.3.10 and 9.4.x before 9.4.5 allow attackers to cause a denial of service (server crash) via unspecified vectors, which are not properly handled in (1) json or (2) jsonb values.
2015-10-26
6.4
CVE-2015-5289
SECTRACK
CONFIRM
CONFIRM
CONFIRM
FEDORA
CONFIRM

redhat -- jboss_enterprise_application_platform
The Management Console in Red Hat Enterprise Application Platform before 6.4.4 and WildFly (formerly JBoss Application Server) does not send an X-Frame-Options HTTP header, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web page that contains a (1) FRAME or (2) IFRAME element.
2015-10-27
4.3
CVE-2015-5178
CONFIRM
SECTRACK
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT

redhat -- jboss_enterprise_application_platform
Cross-site request forgery (CSRF) vulnerability in the Web Console (web-console) in Red Hat Enterprise Application Platform before 6.4.4 and WildFly (formerly JBoss Application Server) before 2.0.0.CR9 allows remote attackers to hijack the authentication of administrators for requests that make arbitrary changes to an instance via vectors involving a file upload using a multipart/form-data submission.
2015-10-27
6.8
CVE-2015-5188
CONFIRM
CONFIRM
SECTRACK
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT

redhat -- jboss_enterprise_application_platform
The Web Console in Red Hat Enterprise Application Platform (EAP) before 6.4.4 and WildFly (formerly JBoss Application Server) allows remote attackers to cause a denial of service (memory consumption) via a large request header.
2015-10-27
5.0
CVE-2015-5220
CONFIRM
SECTRACK
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT

rockwellautomation -- micrologix_1100_firmware
SQL injection vulnerability on Allen-Bradley MicroLogix 1100 devices before B FRN 15.000 and 1400 devices before B FRN 15.003 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
2015-10-28
6.5
CVE-2015-6486
MISC

rockwellautomation -- micrologix_1100_firmware
Cross-site scripting (XSS) vulnerability in the web server on Allen-Bradley MicroLogix 1100 devices before B FRN 15.000 and 1400 devices before B FRN 15.003 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
2015-10-28
4.3
CVE-2015-6488
MISC

rockwellautomation -- micrologix_1100_firmware
Allen-Bradley MicroLogix 1100 devices before B FRN 15.000 and 1400 devices before B FRN 15.003 allow remote authenticated users to insert the content of an arbitrary file into a FRAME element via unspecified vectors.
2015-10-28
4.0
CVE-2015-6491
MISC

techno_project_japan -- enisys_gw
Techno Project Japan Enisys Gw before 1.4.1 allows remote authenticated users to write to arbitrary files and consequently execute arbitrary code via unspecified vectors.
2015-10-29
6.5
CVE-2015-5669
CONFIRM
JVNDB
JVN

techno_project_japan -- enisys_gw
Cross-site scripting (XSS) vulnerability in Techno Project Japan Enisys Gw before 1.4.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
2015-10-29
4.3
CVE-2015-5670
CONFIRM
JVNDB
JVN

techno_project_japan -- enisys_gw
Techno Project Japan Enisys Gw before 1.4.1 allows remote attackers to bypass intended access restrictions and read arbitrary uploaded files via unspecified vectors.
2015-10-29
5.0
CVE-2015-5671
CONFIRM
JVNDB
JVN

tibco -- spotfire_analytics_platform_for_aws
Spotfire Parsing Library and Spotfire Security Filter in TIBCO Spotfire Server 5.5.x before 5.5.4, 6.0.x before 6.0.5, 6.5.x before 6.5.4, and 7.0.x before 7.0.1 and Spotfire Analytics Platform before 7.0.2 for AWS Marketplace allow remote authenticated users to obtain sensitive system information by visiting an unspecified URL.
2015-10-28
4.0
CVE-2015-5712
CONFIRM
CONFIRM

tibco -- spotfire_analytics_platform_for_aws
Spotfire Parsing Library and Spotfire Security Filter in TIBCO Spotfire Server 5.5.x before 5.5.4, 6.0.x before 6.0.5, 6.5.x before 6.5.4, and 7.0.x before 7.0.1 and Spotfire Analytics Platform before 7.0.2 for AWS Marketplace allow remote attackers to obtain sensitive log information by visiting an unspecified URL.
2015-10-28
5.0
CVE-2015-5713
CONFIRM
CONFIRM

Back to top

Low Vulnerabilities

Primary
Vendor -- Product Description Published CVSS Score Source & Patch Info

apple -- mac_os_x
The File Bookmark component in Apple OS X before 10.11.1 allows local users to cause a denial of service (application crash) via crafted bookmark metadata in a folder.
2015-10-23
2.1
CVE-2015-6987
CONFIRM
APPLE

colorbox_project -- colorbox
The Colorbox module 7.x-2.x before 7.x-2.10 for Drupal allows remote authenticated users with certain permissions to bypass intended access restrictions and "add unexpected content to a Colorbox" via unspecified vectors, possibly related to a link in a comment.
2015-10-26
3.5
CVE-2015-7881
MISC
CONFIRM

ibm -- general_parallel_file_system
IBM General Parallel File System (GPFS) 3.5.x before 3.5.0.27 and 4.1.x before 4.1.1.2 and Spectrum Scale 4.1.1.x before 4.1.1.2 allow local users to obtain sensitive information from system memory via unspecified vectors.
2015-10-25
2.1
CVE-2015-4981
CONFIRM

ibm -- integration_bus
IBM WebSphere Message Broker 8 before 8.0.0.6 and Integration Bus 9 before 9.0.0.4 do not check authorization for MQSISTARTMSGFLOW and MQSISTOPMSGFLOW commands, which allows local users to bypass intended access restrictions, and start or stop a service, by issuing a command.
2015-10-25
3.2
CVE-2015-5011
AIXAPAR
CONFIRM

infinite_automation_systems -- mango_automation
Cross-site scripting (XSS) vulnerability in Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 build 430 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
2015-10-28
3.5
CVE-2015-6494
MISC

ininet_solutions -- scada_web_server
IniNet embeddedWebServer (aka eWebServer) before 2.02 for Windows CE uses cleartext for password storage, which allows context-dependent attackers to obtain sensitive information via unspecified vectors.
2015-10-24
2.1
CVE-2015-1005
MISC

numara -- asset_manager
HP Asset Manager 9.40 and 9.41 before 9.41.11103 P4-rev1 and 9.50 before 9.50.11925 P3 allows local users to obtain sensitive information via unspecified vectors.
2015-10-25
2.1
CVE-2015-5448
HP

openstack -- neutron
Race condition in OpenStack Neutron before 2014.2.4 and 2015.1 before 2015.1.2, when using the ML2 plugin or the security groups AMQP API, allows authenticated users to bypass IP anti-spoofing controls by changing the device owner of a port to start with network: before the security group rules are applied.
2015-10-27
3.5
CVE-2015-5240
CONFIRM
CONFIRM
CONFIRM
MLIST
REDHAT

owncloud -- owncloud_desktop_client
ownCloud Desktop Client before 1.8.2 does not call QNetworkReply::ignoreSslErrors with the list of errors to be ignored, allows man-in-the-middle attackers to bypass the user's certificate distrust decision and obtain sensitive information by leveraging a self-signed certificate and a connection to a server using its own self-signed certificate.
2015-10-26
2.6
CVE-2015-4456
CONFIRM
CONFIRM

polkit_project -- polkit
The authentication_agent_new function in polkitbackend/polkitbackendinteractiveauthority.c in PolicyKit (aka polkit) before 0.113 allows local users to cause a denial of service (NULL pointer dereference and polkitd daemon crash) by calling RegisterAuthenticationAgent with an invalid object path.
2015-10-26
2.1
CVE-2015-3218
BID
SUSE
MLIST
MLIST
MLIST
FEDORA
FEDORA

siemens -- ruggedcom_rugged_operating_system
Siemens RUGGEDCOM ROS before 4.2.1 allows remote attackers to obtain sensitive information by sniffing the network for VLAN data within the padding section of an Ethernet frame.
2015-10-28
3.3
CVE-2015-7836
MISC
CONFIRM

Back to top

This product is provided subject to this Notification and this Privacy & Use policy.

A copy of this publication is available at www.us-cert.gov. If you need help or have questions, please send an email to info@xxxxxxxxxxx. Do not reply to this message since this email was sent from a notification-only address that is not monitored. To ensure you receive future US-CERT products, please add US-CERT@xxxxxxxxxxxxxxxx to your address book.

OTHER RESOURCES:

Contact Us | Security Publications | Alerts and Tips | Related Resources

STAY CONNECTED:

SUBSCRIBER SERVICES:
Manage Preferences  |  Unsubscribe  |  Help

This email was sent to linux-security@xxxxxxxxxxx using GovDelivery, on behalf of: United States Computer Emergency Readiness Team (US-CERT) · 245 Murray Lane SW Bldg 410 · Washington, DC 20598 · (888) 282-0870