Weekly Vulnerabilities Reports > April 13 to 19, 2015

Overview

216 new vulnerabilities reported during this period, including 46 critical vulnerabilities and 34 high severity vulnerabilities. This weekly summary report vulnerabilities in 147 products from 44 vendors including Oracle, Microsoft, Opensuse, Debian, and Suse. Vulnerabilities are notably categorized as "Cross-site Scripting", "Permissions, Privileges, and Access Controls", "Resource Management Errors", "Information Exposure", and "Improper Restriction of Operations within the Bounds of a Memory Buffer".

  • 191 reported vulnerabilities are remotely exploitables.
  • 7 reported vulnerabilities have public exploit available.
  • 29 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 169 reported vulnerabilities are exploitable by an anonymous user.
  • Oracle has the most reported vulnerabilities, with 81 reported vulnerabilities.
  • Microsoft has the most reported critical vulnerabilities, with 34 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

46 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2015-04-16 CVE-2015-0491 Oracle
Suse
Opensuse
Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40, and Java FX 2.2.76, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2015-0459.
10.0
2015-04-16 CVE-2015-0469 Oracle Unspecified vulnerability in Oracle JDK and JRE

Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.

10.0
2015-04-16 CVE-2015-0459 Oracle
Novell
Opensuse
Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40, and JavaFX 2.2.76, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2015-0491.
10.0
2015-04-14 CVE-2015-3043 Adobe
Linux
Apple
Microsoft
Novell
Opensuse
Redhat
Memory Corruption vulnerability in Adobe Flash Player

Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, as exploited in the wild in April 2015, a different vulnerability than CVE-2015-0347, CVE-2015-0350, CVE-2015-0352, CVE-2015-0353, CVE-2015-0354, CVE-2015-0355, CVE-2015-0360, CVE-2015-3038, CVE-2015-3041, and CVE-2015-3042.

10.0
2015-04-14 CVE-2015-3042 Adobe
Linux
Apple
Microsoft
Opensuse
Suse
Redhat
Memory Corruption vulnerability in Adobe Flash Player

Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0347, CVE-2015-0350, CVE-2015-0352, CVE-2015-0353, CVE-2015-0354, CVE-2015-0355, CVE-2015-0360, CVE-2015-3038, CVE-2015-3041, and CVE-2015-3043.

10.0
2015-04-14 CVE-2015-3041 Adobe
Linux
Redhat
Apple
Microsoft
Opensuse
Suse
Memory Corruption vulnerability in Adobe Flash Player

Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0347, CVE-2015-0350, CVE-2015-0352, CVE-2015-0353, CVE-2015-0354, CVE-2015-0355, CVE-2015-0360, CVE-2015-3038, CVE-2015-3042, and CVE-2015-3043.

10.0
2015-04-14 CVE-2015-3039 Redhat
Adobe
Linux
Opensuse
Suse
Apple
Microsoft
Remote Code Execution vulnerability in Adobe Flash Player APSB15-06

Use-after-free vulnerability in Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0349, CVE-2015-0351, and CVE-2015-0358.

10.0
2015-04-14 CVE-2015-3038 Adobe
Linux
Apple
Microsoft
Redhat
Opensuse
Suse
Memory Corruption vulnerability in Adobe Flash Player

Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0347, CVE-2015-0350, CVE-2015-0352, CVE-2015-0353, CVE-2015-0354, CVE-2015-0355, CVE-2015-0360, CVE-2015-3041, CVE-2015-3042, and CVE-2015-3043.

10.0
2015-04-14 CVE-2015-2113 HP Remote Code Execution vulnerability in HP Easy Tools 3.0.1

Unspecified vulnerability in HP Easy Deploy, as distributed standalone and in HP Easy Tools before 3.0.1.1650, on HP Thin Client t5540, t5740, and t5740e devices and HP Flexible Thin Client t510, t520, t610, t620, and t820 devices allows remote attackers to execute arbitrary code via unknown vectors.

10.0
2015-04-14 CVE-2015-0360 Adobe
Linux
Redhat
Apple
Microsoft
Opensuse
Suse
Memory Corruption vulnerability in Adobe Flash Player

Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0347, CVE-2015-0350, CVE-2015-0352, CVE-2015-0353, CVE-2015-0354, CVE-2015-0355, CVE-2015-3038, CVE-2015-3041, CVE-2015-3042, and CVE-2015-3043.

10.0
2015-04-14 CVE-2015-0359 Adobe
Apple
Microsoft
Linux
Remote Code Execution vulnerability in Adobe Flash Player APSB15-06

Double free vulnerability in Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0346.

10.0
2015-04-14 CVE-2015-0358 Opensuse
Suse
Adobe
Linux
Redhat
Apple
Microsoft
Remote Code Execution vulnerability in Adobe Flash Player APSB15-06

Use-after-free vulnerability in Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0349, CVE-2015-0351, and CVE-2015-3039.

10.0
2015-04-14 CVE-2015-0356 Adobe
Linux
Apple
Microsoft
Remote Code Execution vulnerability in Adobe Flash Player

Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code by leveraging an unspecified "type confusion." <a href="http://cwe.mitre.org/data/definitions/843.html">CWE-843: Access of Resource Using Incompatible Type ('Type Confusion')</a>

10.0
2015-04-14 CVE-2015-0355 Adobe
Linux
Opensuse
Suse
Apple
Microsoft
Redhat
Memory Corruption vulnerability in Adobe Flash Player

Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0347, CVE-2015-0350, CVE-2015-0352, CVE-2015-0353, CVE-2015-0354, CVE-2015-0360, CVE-2015-3038, CVE-2015-3041, CVE-2015-3042, and CVE-2015-3043.

10.0
2015-04-14 CVE-2015-0354 Adobe
Linux
Apple
Microsoft
Opensuse
Suse
Redhat
Memory Corruption vulnerability in Adobe Flash Player

Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0347, CVE-2015-0350, CVE-2015-0352, CVE-2015-0353, CVE-2015-0355, CVE-2015-0360, CVE-2015-3038, CVE-2015-3041, CVE-2015-3042, and CVE-2015-3043.

10.0
2015-04-14 CVE-2015-0353 Adobe
Linux
Opensuse
Suse
Apple
Microsoft
Redhat
Memory Corruption vulnerability in Adobe Flash Player

Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0347, CVE-2015-0350, CVE-2015-0352, CVE-2015-0354, CVE-2015-0355, CVE-2015-0360, CVE-2015-3038, CVE-2015-3041, CVE-2015-3042, and CVE-2015-3043.

10.0
2015-04-14 CVE-2015-0352 Adobe
Apple
Microsoft
Redhat
Linux
Opensuse
Suse
Memory Corruption vulnerability in Adobe Flash Player

Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0347, CVE-2015-0350, CVE-2015-0353, CVE-2015-0354, CVE-2015-0355, CVE-2015-0360, CVE-2015-3038, CVE-2015-3041, CVE-2015-3042, and CVE-2015-3043.

10.0
2015-04-14 CVE-2015-0351 Adobe
Apple
Microsoft
Opensuse
Suse
Linux
Redhat
Remote Code Execution vulnerability in Adobe Flash Player APSB15-06

Use-after-free vulnerability in Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0349, CVE-2015-0358, and CVE-2015-3039.

10.0
2015-04-14 CVE-2015-0350 Adobe
Linux
Apple
Microsoft
Opensuse
Suse
Redhat
Memory Corruption vulnerability in Adobe Flash Player

Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0347, CVE-2015-0352, CVE-2015-0353, CVE-2015-0354, CVE-2015-0355, CVE-2015-0360, CVE-2015-3038, CVE-2015-3041, CVE-2015-3042, and CVE-2015-3043.

10.0
2015-04-14 CVE-2015-0349 Adobe
Apple
Microsoft
Redhat
Opensuse
Suse
Linux
Remote Code Execution vulnerability in Adobe Flash Player APSB15-06

Use-after-free vulnerability in Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0351, CVE-2015-0358, and CVE-2015-3039.

10.0
2015-04-14 CVE-2015-0348 Redhat
Adobe
Apple
Microsoft
Linux
Opensuse
Suse
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

Buffer overflow in Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code via unspecified vectors.

10.0
2015-04-14 CVE-2015-0347 Adobe
Linux
Opensuse
Suse
Redhat
Apple
Microsoft
Memory Corruption vulnerability in Adobe Flash Player

Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0350, CVE-2015-0352, CVE-2015-0353, CVE-2015-0354, CVE-2015-0355, CVE-2015-0360, CVE-2015-3038, CVE-2015-3041, CVE-2015-3042, and CVE-2015-3043.

10.0
2015-04-14 CVE-2015-0346 Redhat
Opensuse
Suse
Adobe
Apple
Microsoft
Linux
Remote Code Execution vulnerability in Adobe Flash Player APSB15-06

Double free vulnerability in Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0359.

10.0
2015-04-14 CVE-2015-1635 Microsoft Code Injection vulnerability in Microsoft products

HTTP.sys in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote attackers to execute arbitrary code via crafted HTTP requests, aka "HTTP.sys Remote Code Execution Vulnerability."

10.0
2015-04-14 CVE-2015-2788 Debian Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Debian Dbd-Firebird and Debian Linux

Multiple stack-based buffer overflows in the ib_fill_isqlda function in dbdimp.c in DBD-Firebird before 1.19 allow remote attackers to have unspecified impact via unknown vectors that trigger an error condition, related to binding octets to columns.

10.0
2015-04-14 CVE-2014-9488 Opensuse
GNU
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

The is_utf8_well_formed function in GNU less before 475 allows remote attackers to have unspecified impact via malformed UTF-8 characters, which triggers an out-of-bounds read.

10.0
2015-04-17 CVE-2015-0691 Cisco Permissions, Privileges, and Access Controls vulnerability in Cisco Secure Desktop

A certain Cisco JAR file, as distributed in Cache Cleaner in Cisco Secure Desktop (CSD), allows remote attackers to execute arbitrary commands via a crafted web site, aka Bug ID CSCup83001.

9.3
2015-04-16 CVE-2015-0492 Opensuse
Suse
Oracle
Unspecified vulnerability in Oracle Java SE 7u76 and 8u40, and JavaFX 2.2.76, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2015-0484.
9.3
2015-04-16 CVE-2015-0460 Oracle Unspecified vulnerability in Oracle JDK and JRE

Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.

9.3
2015-04-14 CVE-2015-1668 Microsoft Resource Management Errors vulnerability in Microsoft Internet Explorer 10/11

Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."

9.3
2015-04-14 CVE-2015-1667 Microsoft Resource Management Errors vulnerability in Microsoft Internet Explorer

Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."

9.3
2015-04-14 CVE-2015-1666 Microsoft Resource Management Errors vulnerability in Microsoft Internet Explorer

Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1652.

9.3
2015-04-14 CVE-2015-1665 Microsoft Resource Management Errors vulnerability in Microsoft Internet Explorer 11

Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1659 and CVE-2015-1662.

9.3
2015-04-14 CVE-2015-1662 Microsoft Resource Management Errors vulnerability in Microsoft Internet Explorer 11

Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1659 and CVE-2015-1665.

9.3
2015-04-14 CVE-2015-1660 Microsoft Resource Management Errors vulnerability in Microsoft Internet Explorer 9

Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."

9.3
2015-04-14 CVE-2015-1659 Microsoft Remote Memory Corruption vulnerability in Microsoft Internet Explorer 11

Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1662 and CVE-2015-1665.

9.3
2015-04-14 CVE-2015-1657 Microsoft Resource Management Errors vulnerability in Microsoft Internet Explorer 10/11/9

Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."

9.3
2015-04-14 CVE-2015-1652 Microsoft Resource Management Errors vulnerability in Microsoft Internet Explorer

Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1666.

9.3
2015-04-14 CVE-2015-1651 Microsoft Use After Free Remote Code Execution vulnerability in Microsoft Office Compatibility Pack, Word and Word Viewer

Use-after-free vulnerability in Microsoft Word 2007 SP3, Word Viewer, and Office Compatibility Pack SP3 allows remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Component Use After Free Vulnerability." <a href="http://cwe.mitre.org/data/definitions/416.html">CWE-416: Use After Free</a>

9.3
2015-04-14 CVE-2015-1650 Microsoft Use After Free Remote Code Execution vulnerability in Microsoft Office

Use-after-free vulnerability in Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word Viewer, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2 and 2013 SP1, and Office Web Apps Server 2010 SP2 and 2013 SP1 allows remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Component Use After Free Vulnerability." <a href="http://cwe.mitre.org/data/definitions/416.html">CWE-416: Use After Free</a>

9.3
2015-04-14 CVE-2015-1649 Microsoft Use After Free Remote Code Execution vulnerability in Microsoft Office

Use-after-free vulnerability in Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word Viewer, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps Server 2010 SP2 allows remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Component Use After Free Vulnerability." <a href="http://cwe.mitre.org/data/definitions/416.html">CWE-416: Use After Free</a>

9.3
2015-04-14 CVE-2015-1645 Microsoft Code Injection vulnerability in Microsoft products

Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allow remote attackers to execute arbitrary code via a crafted Enhanced Metafile (EMF) image, aka "EMF Processing Remote Code Execution Vulnerability."

9.3
2015-04-14 CVE-2015-1641 Microsoft Resource Management Errors vulnerability in Microsoft products

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2 and 2013 SP1, and Office Web Apps Server 2010 SP2 and 2013 SP1 allow remote attackers to execute arbitrary code via a crafted RTF document, aka "Microsoft Office Memory Corruption Vulnerability."

9.3
2015-04-13 CVE-2015-2846 Bittorrent Command Injection vulnerability in Bittorrent Sync

BitTorrent Sync allows remote attackers to execute arbitrary commands via a crafted btsync: link.

9.3
2015-04-16 CVE-2015-0457 Oracle Remote Security vulnerability in Oracle Database Server

Unspecified vulnerability in the Java VM component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2015-2629.

9.0
2015-04-14 CVE-2015-2112 HP Privilege Escalation vulnerability in HP Easy Tools 3.0.1

Unspecified vulnerability in HP Easy Deploy, as distributed standalone and in HP Easy Tools before 3.0.1.1650, on HP Thin Client t5540, t5740, and t5740e devices and HP Flexible Thin Client t510, t520, t610, t620, and t820 devices allows remote authenticated users to execute arbitrary code via unknown vectors.

9.0

34 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2015-04-13 CVE-2015-0675 Cisco Improper Access Control vulnerability in Cisco Adaptive Security Appliance Software

The failover ipsec implementation in Cisco Adaptive Security Appliance (ASA) Software 9.1 before 9.1(6), 9.2 before 9.2(3.3), and 9.3 before 9.3(3) does not properly validate failover communication messages, which allows remote attackers to reconfigure an ASA device, and consequently obtain administrative control, by sending crafted UDP packets over the local network to the failover interface, aka Bug ID CSCur21069.

8.3
2015-04-17 CVE-2015-0695 Cisco Resource Management Errors vulnerability in Cisco IOS XR

Cisco IOS XR 4.3.4 through 5.3.0 on ASR 9000 devices, when uRPF, PBR, QoS, or an ACL is configured, does not properly handle bridge-group virtual interface (BVI) traffic, which allows remote attackers to cause a denial of service (chip and card hangs and reloads) by triggering use of a BVI interface for IPv4 packets, aka Bug ID CSCur62957.

7.8
2015-04-13 CVE-2015-0677 Cisco Improper Input Validation vulnerability in Cisco Adaptive Security Appliance Software

The XML parser in Cisco Adaptive Security Appliance (ASA) Software 8.4 before 8.4(7.28), 8.6 before 8.6(1.17), 9.0 before 9.0(4.33), 9.1 before 9.1(6), 9.2 before 9.2(3.4), and 9.3 before 9.3(3), when Clientless SSL VPN, AnyConnect SSL VPN, or AnyConnect IKEv2 VPN is used, allows remote attackers to cause a denial of service (VPN outage or device reload) via a crafted XML document, aka Bug ID CSCus95290.

7.8
2015-04-16 CVE-2015-0458 Oracle
Novell
Opensuse
Unspecified vulnerability in in Oracle Java SE 6u91, 7u76, and 8u40 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.
7.6
2015-04-13 CVE-2015-2775 Canonical
Debian
Redhat
GNU
Path Traversal vulnerability in multiple products

Directory traversal vulnerability in GNU Mailman before 2.1.20, when not using a static alias, allows remote attackers to execute arbitrary files via a ..

7.6
2015-04-19 CVE-2015-3335 Google
Opensuse
Permissions, Privileges, and Access Controls vulnerability in Google Chrome

The NaClSandbox::InitializeLayerTwoSandbox function in components/nacl/loader/sandbox_linux/nacl_sandbox_linux.cc in Google Chrome before 42.0.2311.90 does not have RLIMIT_AS and RLIMIT_DATA limits for Native Client (aka NaCl) processes, which might make it easier for remote attackers to conduct row-hammer attacks or have unspecified other impact by leveraging the ability to run a crafted program in the NaCl sandbox.

7.5
2015-04-19 CVE-2015-3333 Google
Debian
Canonical
Security vulnerability in Google V8

Multiple unspecified vulnerabilities in Google V8 before 4.2.77.14, as used in Google Chrome before 42.0.2311.90, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

7.5
2015-04-19 CVE-2015-1249 Debian
Canonical
Google
Multiple unspecified vulnerabilities in Google Chrome before 42.0.2311.90 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
7.5
2015-04-19 CVE-2015-1242 Canonical
Google
Debian
The ReduceTransitionElementsKind function in hydrogen-check-elimination.cc in Google V8 before 4.2.77.8, as used in Google Chrome before 42.0.2311.90, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that leverages "type confusion" in the check-elimination optimization.
7.5
2015-04-19 CVE-2015-1238 Google
Canonical
Debian
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Chrome

Skia, as used in Google Chrome before 42.0.2311.90, allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via unknown vectors.

7.5
2015-04-19 CVE-2015-1237 Canonical
Google
Debian
Use-after-free vulnerability in the RenderFrameImpl::OnMessageReceived function in content/renderer/render_frame_impl.cc in Google Chrome before 42.0.2311.90 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger renderer IPC messages during a detach operation.
7.5
2015-04-18 CVE-2015-0968 Searchblox Unspecified vulnerability in Searchblox

Unrestricted file upload vulnerability in admin/uploadImage.html in SearchBlox before 8.2 allows remote attackers to execute arbitrary code by uploading a file with an executable extension and the image/jpeg content type, a different vulnerability than CVE-2013-3590.

7.5
2015-04-17 CVE-2015-0845 Sixapart Code Injection vulnerability in Sixapart Movabletype

Format string vulnerability in Movable Type Pro, Open Source, and Advanced before 5.2.13 and Pro and Advanced 6.0.x before 6.0.8 allows remote attackers to execute arbitrary code via vectors related to localization of templates.

7.5
2015-04-16 CVE-2015-0495 Oracle Unspecified vulnerability in Oracle Commerce Guided Search and Experience Manager

Unspecified vulnerability in the Oracle Commerce Guided Search / Oracle Commerce Experience Manager component in Oracle Commerce Platform 3.x and 11.x allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Workbench.

7.5
2015-04-16 CVE-2013-7439 X ORG
Canonical
Debian
Numeric Errors vulnerability in multiple products

Multiple off-by-one errors in the (1) MakeBigReq and (2) SetReqLen macros in include/X11/Xlibint.h in X11R6.x and libX11 before 1.6.0 allow remote attackers to have unspecified impact via a crafted request, which triggers a buffer overflow.

7.5
2015-04-14 CVE-2014-8360 Glpi Project Path Traversal vulnerability in Glpi-Project Glpi

Directory traversal vulnerability in inc/autoload.function.php in GLPI before 0.84.8 allows remote attackers to include and execute arbitrary local files via a .._ (dot dot underscore) in an item type to the getItemForItemtype, as demonstrated by the itemtype parameter in ajax/common.tabs.php.

7.5
2015-04-14 CVE-2014-9145 Fiyo SQL Injection vulnerability in Fiyo CMS 2.0.1.8

Multiple SQL injection vulnerabilities in Fiyo CMS 2.0.1.8 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in an edit action to dapur/index.php; (2) cat, (3) user, or (4) level parameter to dapur/apps/app_article/controller/article_list.php; or (5) email parameter in an email action or (6) username parameter in a user action to dapur/apps/app_user/controller/check_user.php.

7.5
2015-04-17 CVE-2015-1318 Apport Project Permissions, Privileges, and Access Controls vulnerability in Apport Project Apport

The crash reporting feature in Apport 2.13 through 2.17.x before 2.17.1 allows local users to gain privileges via a crafted usr/share/apport/apport file in a namespace (container).

7.2
2015-04-17 CVE-2015-0530 EMC Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in EMC Networker

Buffer overflow in an unspecified function in nsr_render_log in EMC NetWorker before 8.0.4.3, 8.1.x before 8.1.2.6, and 8.2.x before 8.2.1.2 allows local users to gain privileges via unknown vectors.

7.2
2015-04-16 CVE-2015-2577 Oracle Local Security vulnerability in Oracle Solaris 10

Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Accounting commands.

7.2
2015-04-16 CVE-2015-0448 Oracle Local Security vulnerability in Oracle Solaris 11.2

Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect confidentiality, integrity, and availability via vectors related to ZFS File system.

7.2
2015-04-15 CVE-2015-1898 IBM Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in IBM Tivoli Storage Manager Fastback

Stack-based buffer overflow in the FastBackMount process in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.11.1 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-1897.

7.2
2015-04-15 CVE-2015-1897 IBM Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in IBM Tivoli Storage Manager Fastback

Stack-based buffer overflow in the FastBackMount process in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.11.1 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-1898.

7.2
2015-04-15 CVE-2015-0693 Cisco Improper Input Validation vulnerability in Cisco web Security Appliance 8.5Base

Cisco Web Security Appliance (WSA) devices with software 8.5.0-ise-147 do not properly restrict use of the pickle Python module during certain tunnel-status checks, which allows local users to execute arbitrary Python code and gain privileges via a crafted pickle file, aka Bug ID CSCut39259.

7.2
2015-04-14 CVE-2015-1644 Microsoft Permissions, Privileges, and Access Controls vulnerability in Microsoft products

Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 do not properly constrain impersonation levels, which allows local users to gain privileges via a crafted application, aka "Windows MS-DOS Device Name Vulnerability."

7.2
2015-04-14 CVE-2015-1643 Microsoft Permissions, Privileges, and Access Controls vulnerability in Microsoft products

Microsoft Windows Server 2003 R2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 do not properly constrain impersonation levels, which allows local users to gain privileges via a crafted application, aka "NtCreateTransactionManager Type Confusion Vulnerability."

7.2
2015-04-14 CVE-2015-0098 Microsoft Remote Privilege Escalation vulnerability in Microsoft Windows Task Scheduler

Task Scheduler in Microsoft Windows 7 SP1 and Windows Server 2008 R2 SP1 allows local users to gain privileges by triggering application execution by an invalid task, aka "Task Scheduler Elevation of Privilege Vulnerability." <a href="https://cwe.mitre.org/data/definitions/701.html">CWE-701: Weaknesses Introduced During Design</a>

7.2
2015-04-14 CVE-2015-2831 DAS Watchdog Project Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in DAS Watchdog Project DAS Watchdog 0.9.0

Buffer overflow in das_watchdog 0.9.0 allows local users to execute arbitrary code with root privileges via a large string in the XAUTHORITY environment variable.

7.2
2015-04-16 CVE-2015-2578 Oracle Remote Security vulnerability in Oracle Solaris 11.2

Unspecified vulnerability in Oracle Sun Solaris 11.2 allows remote attackers to affect availability via vectors related to Kernel IDMap.

7.1
2015-04-13 CVE-2015-2942 Mediawiki Resource Management Errors vulnerability in Mediawiki

MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2, when using HHVM, allows remote attackers to cause a denial of service (CPU and memory consumption) via a large number of nested entity references in an (1) SVG file or (2) XMP metadata in a PDF file, aka a "billion laughs attack," a different vulnerability than CVE-2015-2937.

7.1
2015-04-13 CVE-2015-2937 Mediawiki Resource Management Errors vulnerability in Mediawiki

MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2, when using HHVM or Zend PHP, allows remote attackers to cause a denial of service ("quadratic blowup" and memory consumption) via an XML file containing an entity declaration with long replacement text and many references to this entity, a different vulnerability than CVE-2015-2942.

7.1
2015-04-13 CVE-2015-2936 Mediawiki Resource Management Errors vulnerability in Mediawiki 1.24.0/1.24.1

MediaWiki 1.24.x before 1.24.2, when using PBKDF2 for password hashing, allows remote attackers to cause a denial of service (CPU consumption) via a long password.

7.1
2015-04-13 CVE-2015-0676 Cisco Improper Input Validation vulnerability in Cisco Adaptive Security Appliance Software

The DNS implementation in Cisco Adaptive Security Appliance (ASA) Software 7.2 before 7.2(5.16), 8.2 before 8.2(5.57), 8.3 before 8.3(2.44), 8.4 before 8.4(7.28), 8.5 before 8.5(1.24), 8.6 before 8.6(1.17), 8.7 before 8.7(1.16), 9.0 before 9.0(4.33), 9.1 before 9.1(6.1), 9.2 before 9.2(3.4), and 9.3 before 9.3(3) allows man-in-the-middle attackers to cause a denial of service (memory consumption or device outage) by triggering outbound DNS queries and then sending crafted responses to these queries, aka Bug ID CSCuq77655.

7.1
2015-04-16 CVE-2015-0461 Oracle Remote Security vulnerability in Oracle Fusion Middleware 11.1.1.5/11.1.1.7

Unspecified vulnerability in the Oracle Access Manager component in Oracle Fusion Middleware 11.1.1.5 and 11.1.1.7 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Authentication Engine.

7.0

111 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2015-04-19 CVE-2015-1245 Google
Debian
Unspecified vulnerability in Google Chrome

Use-after-free vulnerability in the OpenPDFInReaderView::Update function in browser/ui/views/location_bar/open_pdf_in_reader_view.cc in Google Chrome before 41.0.2272.76 might allow user-assisted remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact by triggering interaction with a PDFium "Open PDF in Reader" button that has an invalid tab association.

6.8
2015-04-18 CVE-2015-0970 Searchblox Cross-Site Request Forgery (CSRF) vulnerability in Searchblox

Cross-site request forgery (CSRF) vulnerability in SearchBlox before 8.2 allows remote attackers to hijack the authentication of arbitrary users.

6.8
2015-04-17 CVE-2015-0700 Cisco Cross-Site Request Forgery (CSRF) vulnerability in Cisco Secure Access Control Server Solution Engine 5.4.0.46.6/5.5.0.36/5.5.0.46.4

Cross-site request forgery (CSRF) vulnerability in the Dashboard page in the monitoring-and-report section in Cisco Secure Access Control Server Solution Engine before 5.5(0.46.5) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuj62924.

6.8
2015-04-16 CVE-2015-0484 Oracle
Opensuse
Suse
Unspecified vulnerability in Oracle Java SE 7u76 and 8u40, and Java FX 2.2.76, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2015-0492.
6.8
2015-04-16 CVE-2015-0455 Oracle Remote Security vulnerability in Oracle Database Server

Unspecified vulnerability in the XDB - XML Database component in Oracle Database Server 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via unknown vectors.

6.8
2015-04-15 CVE-2015-0907 Lhaplus Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Lhaplus

Buffer overflow in Lhaplus before 1.70 allows remote attackers to execute arbitrary code via a crafted archive.

6.8
2015-04-14 CVE-2015-2114 HP
Microsoft
7PK - Security Features vulnerability in HP Support Solution Framework 11.51.0027

HP Support Solution Framework before 11.51.0049 allows remote attackers to download an arbitrary program onto a client machine and execute this program via unspecified vectors.

6.8
2015-04-13 CVE-2015-2940 Mediawiki Cross-Site Request Forgery (CSRF) vulnerability in Mediawiki Checkuser

Cross-site request forgery (CSRF) vulnerability in the CheckUser extension for MediaWiki allows remote attackers to hijack the authentication of certain users for requests that retrieve sensitive user information via unspecified vectors.

6.8
2015-04-16 CVE-2015-2570 Oracle Remote Security vulnerability in Oracle Demand Planning

Unspecified vulnerability in the Oracle Demand Planning component in Oracle Supply Chain Products Suite 11.5.10, 12.0, 12.1, and 12.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Security.

6.5
2015-04-16 CVE-2015-1822 Debian
Tuxfamily
Code vulnerability in multiple products

chrony before 1.31.1 does not initialize the last "next" pointer when saving unacknowledged replies to command requests, which allows remote authenticated users to cause a denial of service (uninitialized pointer dereference and daemon crash) or possibly execute arbitrary code via a large number of command requests.

6.5
2015-04-16 CVE-2015-1821 Tuxfamily
Debian
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

Heap-based buffer overflow in chrony before 1.31.1 allows remote authenticated users to cause a denial of service (chronyd crash) or possibly execute arbitrary code by configuring the (1) NTP or (2) cmdmon access with a subnet size that is indivisible by four and an address with a nonzero bit in the subnet remainder.

6.5
2015-04-16 CVE-2015-0482 Oracle Remote Security vulnerability in Oracle Fusion Middleware 12.1.2.0.0/12.1.3.0.0

Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 12.1.2.0 and 12.1.3.0 allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to WLS-WebServices.

6.0
2015-04-16 CVE-2015-0480 Oracle Unspecified vulnerability in Oracle JDK and JRE

Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40 allows remote attackers to affect integrity and availability via unknown vectors related to Tools.

5.8
2015-04-15 CVE-2015-0906 Lhaplus Path Traversal vulnerability in Lhaplus

Directory traversal vulnerability in Lhaplus before 1.70 allows remote attackers to write to arbitrary files via a crafted archive.

5.8
2015-04-15 CVE-2015-0697 Cisco Open Redirect vulnerability in Cisco Telepresence TC Software

Open redirect vulnerability in the login page in Cisco TC Software before 6.3-26 and 7.x before 7.3.0 on Cisco TelePresence Collaboration Desk and Room Endpoints devices allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka Bug ID CSCuq94980.

5.8
2015-04-14 CVE-2015-1638 Microsoft Permissions, Privileges, and Access Controls vulnerability in Microsoft Windows Server 2012 R2

Microsoft Active Directory Federation Services (AD FS) 3.0 on Windows Server 2012 R2 does not properly handle logoff actions, which allows remote attackers to bypass intended access restrictions by leveraging an unattended workstation, aka "Active Directory Federation Services Information Disclosure Vulnerability."

5.8
2015-04-16 CVE-2015-0501 Juniper
Oracle
Debian
Canonical
Remote Security vulnerability in Oracle MySQL Server

Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Compiling.

5.7
2015-04-17 CVE-2015-1856 Openstack
Canonical
Permissions, Privileges, and Access Controls vulnerability in multiple products

OpenStack Object Storage (Swift) before 2.3.0, when allow_version is configured, allows remote authenticated users to delete the latest version of an object by leveraging listing access to the x-versions-location container.

5.5
2015-04-16 CVE-2015-0476 Oracle Remote Security vulnerability in Oracle SQL Trace Analyzer 12.1.10

Unspecified vulnerability in the SQL Trace Analyzer component in Oracle Support Tools before 12.1.11 allows remote authenticated users to affect confidentiality and integrity via unknown vectors.

5.5
2015-04-19 CVE-2015-1247 Google
Debian
Information Exposure vulnerability in Google Chrome

The SearchEngineTabHelper::OnPageHasOSDD function in browser/ui/search_engines/search_engine_tab_helper.cc in Google Chrome before 42.0.2311.90 does not prevent use of a file: URL for an OpenSearch descriptor XML document, which might allow remote attackers to obtain sensitive information from local files via a crafted (1) http or (2) https web site.

5.0
2015-04-19 CVE-2015-1246 Debian
Google
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

Blink, as used in Google Chrome before 42.0.2311.90, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.

5.0
2015-04-19 CVE-2015-1244 Canonical
Debian
Google
Information Exposure vulnerability in multiple products

The URLRequest::GetHSTSRedirect function in url_request/url_request.cc in Google Chrome before 42.0.2311.90 does not replace the ws scheme with the wss scheme whenever an HSTS Policy is active, which makes it easier for remote attackers to obtain sensitive information by sniffing the network for WebSocket traffic.

5.0
2015-04-19 CVE-2015-1240 Debian
Google
Canonical
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

gpu/blink/webgraphicscontext3d_impl.cc in the WebGL implementation in Google Chrome before 42.0.2311.90 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WebGL program that triggers a state inconsistency.

5.0
2015-04-19 CVE-2015-1235 Canonical
Google
Debian
Permissions, Privileges, and Access Controls vulnerability in multiple products

The ContainerNode::parserRemoveChild function in core/dom/ContainerNode.cpp in the HTML parser in Blink, as used in Google Chrome before 42.0.2311.90, allows remote attackers to bypass the Same Origin Policy via a crafted HTML document with an IFRAME element.

5.0
2015-04-18 CVE-2015-0969 Searchblox Information Exposure vulnerability in Searchblox

SearchBlox before 8.2 allows remote attackers to obtain sensitive information via a pretty=true action to the _cluster/health URI.

5.0
2015-04-17 CVE-2015-0938 Blue Coat Information Exposure vulnerability in Blue Coat Malware Analysis Appliance

search.php on the Blue Coat Malware Analysis appliance with software before 4.2.4.20150312-RELEASE allows remote attackers to bypass intended access restrictions, and list or read arbitrary documents, by providing matching keywords in conjunction with a crafted parameter.

5.0
2015-04-16 CVE-2015-3323 Lenovo Improper Input Validation vulnerability in Lenovo Thinkserver System Manager Baseboard Management Controller Firmware

The ThinkServer System Manager (TSM) Baseboard Management Controller before firmware 1.27.73476 for ThinkServer RD350, RD450, RD550, RD650, and TD350 allows remote attackers to cause a denial of service (web interface crash) via a malformed HTTP request during authentication.

5.0
2015-04-16 CVE-2015-3322 Lenovo Cryptographic Issues vulnerability in Lenovo products

Lenovo ThinkServer RD350, RD450, RD550, RD650, and TD350 servers before 1.26.0 use weak encryption to store (1) user and (2) administrator BIOS passwords, which allows attackers to decrypt the passwords via unspecified vectors.

5.0
2015-04-16 CVE-2015-2568 Oracle
Novell
Debian
Canonical
Remote Security vulnerability in Oracle MySQL Server

Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote attackers to affect availability via unknown vectors related to Server : Security : Privileges.

5.0
2015-04-16 CVE-2015-0488 Oracle Unspecified vulnerability in Oracle Jdk, JRE and Jrockit

Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40, and JRockit R28.3.5, allows remote attackers to affect availability via vectors related to JSSE.

5.0
2015-04-16 CVE-2015-0486 Oracle
Opensuse
Unspecified vulnerability in Oracle Java SE 8u40 allows remote attackers to affect confidentiality via unknown vectors related to Deployment.
5.0
2015-04-16 CVE-2015-0464 Oracle Remote Security vulnerability in Oracle Transportation Management

Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 6.1, 6.2, 6.3.0, 6.3.1, 6.3.2, 6.3.3, 6.3.4, 6.3.5, and 6.3.6 allows remote attackers to affect confidentiality via unknown vectors related to Security.

5.0
2015-04-16 CVE-2015-0449 Oracle Remote Security vulnerability in Oracle Fusion Middleware 10.3.6/12.1.1/12.1.2.0.0

Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0, 12.1.1.0, and 12.1.2.0 allows remote attackers to affect integrity via unknown vectors related to Console.

5.0
2015-04-16 CVE-2015-0440 Oracle Remote Security vulnerability in Oracle Right NOW Service Cloud 8.2.3.10.1/8.4.7.2

Unspecified vulnerability in the Oracle Knowledge component in Oracle Right Now Service Cloud 8.2.3.10.1 and 8.4.7.2 allows remote attackers to affect integrity via unknown vectors related to Information Manager Console.

5.0
2015-04-16 CVE-2015-3319 Hotspotexpress Information Exposure vulnerability in Hotspotexpress Hotex Billing Manager 73.0

Hotspot Express hotEx Billing Manager 73 does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.

5.0
2015-04-15 CVE-2015-0699 Cisco SQL Injection vulnerability in Cisco Unified Communications Domain Manager 10.5(1.98991.13)

SQL injection vulnerability in the Interactive Voice Response (IVR) component in Cisco Unified Communications Manager (UCM) 10.5(1.98991.13) allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCut21563.

5.0
2015-04-14 CVE-2015-3044 Redhat
Novell
Opensuse
Adobe
Apple
Microsoft
Linux
Information Exposure vulnerability in multiple products

Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors.

5.0
2015-04-14 CVE-2015-3040 Redhat
Adobe
Linux
Opensuse
Suse
Apple
Microsoft
Information Exposure vulnerability in multiple products

Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux does not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism via unspecified vectors, a different vulnerability than CVE-2015-0357.

5.0
2015-04-14 CVE-2015-0357 Adobe
Linux
Apple
Microsoft
Information Exposure vulnerability in Adobe Flash Player

Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux does not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism via unspecified vectors, a different vulnerability than CVE-2015-3040.

5.0
2015-04-14 CVE-2015-0844 Wesnoth
Fedoraproject
Information Exposure vulnerability in multiple products

The WML/Lua API in Battle for Wesnoth 1.7.x through 1.11.x and 1.12.x before 1.12.2 allows remote attackers to read arbitrary files via a crafted (1) campaign or (2) map file.

5.0
2015-04-14 CVE-2014-5032 Glpi Project Permissions, Privileges, and Access Controls vulnerability in Glpi-Project Glpi

GLPI before 0.84.7 does not properly restrict access to cost information, which allows remote attackers to obtain sensitive information via the cost criteria in the search bar.

5.0
2015-04-13 CVE-2015-2935 Mediawiki Information Exposure vulnerability in Mediawiki

MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to bypass the SVG filtering and obtain sensitive user information via a mixed case @import in a style element in an SVG file, as demonstrated by "@imporT."

5.0
2015-04-16 CVE-2015-2575 Debian
Suse
Mysql
Remote Security vulnerability in Oracle MySQL Connectors

Unspecified vulnerability in the MySQL Connectors component in Oracle MySQL 5.1.34 and earlier allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Connector/J.

4.9
2015-04-16 CVE-2015-0490 Oracle Remote Security vulnerability in Oracle Supply Chain products Suite 6.1.3.0

Unspecified vulnerability in the Oracle Agile Engineering Data Management component in Oracle Supply Chain Products Suite 6.1.3.0 allows remote authenticated users to affect confidentiality and integrity via vectors related to BAS - Base Component.

4.9
2015-04-16 CVE-2015-2572 Oracle
Microsoft
Local Security vulnerability in Oracle Hyperion Smart View for Office

Unspecified vulnerability in the Oracle Hyperion Smart View for Office component in Oracle Hyperion 11.1.2.5.216 and earlier, when running on Windows, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Core.

4.6
2015-04-16 CVE-2015-0471 Oracle Local Security vulnerability in Oracle Solaris 10/11.2

Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to libelfsign.

4.4
2015-04-19 CVE-2015-3336 Google
Debian
Opensuse
Permissions, Privileges, and Access Controls vulnerability in Google Chrome

Google Chrome before 42.0.2311.90 does not always ask the user before proceeding with CONTENT_SETTINGS_TYPE_FULLSCREEN and CONTENT_SETTINGS_TYPE_MOUSELOCK changes, which allows user-assisted remote attackers to cause a denial of service (UI disruption) by constructing a crafted HTML document containing JavaScript code with requestFullScreen and requestPointerLock calls, and arranging for the user to access this document with a file: URL.

4.3
2015-04-19 CVE-2015-3334 Google
Debian
Opensuse
Code vulnerability in Google Chrome

browser/ui/website_settings/website_settings.cc in Google Chrome before 42.0.2311.90 does not always display "Media: Allowed by you" in a Permissions table after the user has granted camera permission to a web site, which might make it easier for user-assisted remote attackers to obtain sensitive video data from a device's physical environment via a crafted web site that turns on the camera at a time when the user believes that camera access is prohibited.

4.3
2015-04-19 CVE-2015-1248 Debian
Google
Permissions, Privileges, and Access Controls vulnerability in multiple products

The FileSystem API in Google Chrome before 40.0.2214.91 allows remote attackers to bypass the SafeBrowsing for Executable Files protection mechanism by creating a .exe file in a temporary filesystem and then referencing this file with a filesystem:http: URL.

4.3
2015-04-19 CVE-2015-1241 Google
Debian
Canonical
Improper Input Validation vulnerability in Google Chrome

Google Chrome before 42.0.2311.90 does not properly consider the interaction of page navigation with the handling of touch events and gesture events, which allows remote attackers to trigger unintended UI actions via a crafted web site that conducts a "tapjacking" attack.

4.3
2015-04-19 CVE-2015-1236 Google
Canonical
Debian
Permissions, Privileges, and Access Controls vulnerability in Google Chrome

The MediaElementAudioSourceNode::process function in modules/webaudio/MediaElementAudioSourceNode.cpp in the Web Audio API implementation in Blink, as used in Google Chrome before 42.0.2311.90, allows remote attackers to bypass the Same Origin Policy and obtain sensitive audio sample values via a crafted web site containing a media element.

4.3
2015-04-18 CVE-2015-0967 Searchblox Cross-site Scripting vulnerability in Searchblox

Multiple cross-site scripting (XSS) vulnerabilities in SearchBlox before 8.2 allow remote attackers to inject arbitrary web script or HTML via (1) the search field in plugin/index.html or (2) the title field in the Create Featured Result form in admin/main.jsp.

4.3
2015-04-17 CVE-2015-1852 Openstack
Canonical
Code vulnerability in multiple products

The s3_token middleware in OpenStack keystonemiddleware before 1.6.0 and python-keystoneclient before 1.4.0 disables certification verification when the "insecure" option is set in a paste configuration (paste.ini) file regardless of the value, which allows remote attackers to conduct man-in-the-middle attacks via a crafted certificate, a different vulnerability than CVE-2014-7144.

4.3
2015-04-17 CVE-2015-0937 Blue Coat Cross-site Scripting vulnerability in Blue Coat Malware Analysis Appliance

Cross-site scripting (XSS) vulnerability in search.php on the Blue Coat Malware Analysis appliance with software before 4.2.4.20150312-RELEASE allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2015-04-16 CVE-2015-3324 Lenovo Cryptographic Issues vulnerability in Lenovo Thinkserver System Manager Baseboard Management Controller Firmware 118.71532

The ThinkServer System Manager (TSM) Baseboard Management Controller before firmware 1.27.73476 for ThinkServer RD350, RD450, RD550, RD650, and TD350 does not validate server certificates during an "encrypted remote KVM session," which allows man-in-the-middle attackers to spoof servers.

4.3
2015-04-16 CVE-2015-2565 Oracle Remote Security vulnerability in Oracle E-Business Suite

Unspecified vulnerability in the Oracle Installed Base component in Oracle E-Business Suite 11.5.10.2, 12.0.4, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect integrity via unknown vectors related to Create Item Instance.

4.3
2015-04-16 CVE-2015-0510 Oracle Remote Security vulnerability in Oracle Commerce Platform 10.0/10.2/9.4

Unspecified vulnerability in the Oracle Commerce Platform component in Oracle Commerce Platform 9.4, 10.0, and 10.2 allows remote attackers to affect integrity via vectors related to Dynamo Application Framework - HTML Admin User Interface.

4.3
2015-04-16 CVE-2015-0509 Oracle Remote Security vulnerability in Oracle Hyperion 11.1.2.2/11.1.2.3

Unspecified vulnerability in the Oracle Hyperion BI+ component in Oracle Hyperion 11.1.2.2 and 11.1.2.3 allows remote attackers to affect integrity via unknown vectors related to Reporting and Analysis.

4.3
2015-04-16 CVE-2015-0502 Oracle Remote Security vulnerability in Oracle Siebel CRM 8.1.1/8.2.2

Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1 and 8.2 allows remote attackers to affect integrity via unknown vectors related to Portal Framework.

4.3
2015-04-16 CVE-2015-0497 Oracle Remote Security vulnerability in Oracle Peoplesoft products 9.1

Unspecified vulnerability in the PeopleSoft Enterprise Portal Interaction Hub component in Oracle PeopleSoft Products 9.1.00 allows remote attackers to affect integrity via unknown vectors related to Enterprise Portal.

4.3
2015-04-16 CVE-2015-0494 Oracle Remote Security vulnerability in Oracle Retail Central Office

Unspecified vulnerability in the Oracle Retail Central Office component in Oracle Retail Applications 13.1, 13.2, 13.3, 13.4, 14.0, and 14.1 allows remote attackers to affect integrity via unknown vectors.

4.3
2015-04-16 CVE-2015-0478 Oracle Unspecified vulnerability in Oracle Jdk, JRE and Jrockit

Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40, and JRockit R28.3.5, allows remote attackers to affect confidentiality via vectors related to JCE.

4.3
2015-04-16 CVE-2015-0477 Oracle Unspecified vulnerability in Oracle JDK and JRE

Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40 allows remote attackers to affect integrity via unknown vectors related to Beans.

4.3
2015-04-16 CVE-2015-0473 Oracle Remote Security vulnerability in Oracle Enterprise Manager Grid Control 12.1.0.5/12.1.0.6

Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control MOS 12.1.0.5 and 12.1.0.6 allows remote attackers to affect integrity via unknown vectors related to My Oracle Support Plugin.

4.3
2015-04-16 CVE-2015-0470 Oracle Unspecified vulnerability in Oracle JDK and JRE

Unspecified vulnerability in Oracle Java SE 8u40 allows remote attackers to affect integrity via unknown vectors related to Hotspot.

4.3
2015-04-16 CVE-2015-0466 Oracle Remote Security vulnerability in Oracle Retail Back Office

Unspecified vulnerability in the Oracle Retail Back Office component in Oracle Retail Applications 12.0, 12.0IN, 13.0, 13.1, 13.2, 13.3, 13.4, 14.0, and 14.1 allows remote attackers to affect integrity via unknown vectors.

4.3
2015-04-16 CVE-2015-0456 Oracle Remote Security vulnerability in Oracle Fusion Middleware 11.1.1.8.0

Unspecified vulnerability in the Oracle WebCenter Portal component in Oracle Fusion Middleware 11.1.1.8.0 allows remote attackers to affect integrity via unknown vectors related to Portlet Services.

4.3
2015-04-16 CVE-2015-0452 Oracle Remote Security vulnerability in Oracle VM Server 3.1/3.2

Unspecified vulnerability in the Oracle VM Server for SPARC component in Oracle Sun Systems Products Suite 3.1 and 3.2 allows remote attackers to affect confidentiality via unknown vectors related to Ldom Manager.

4.3
2015-04-16 CVE-2015-0450 Oracle Remote Security vulnerability in Oracle Fusion Middleware 11.1.1.8.0

Unspecified vulnerability in the Oracle WebCenter Portal component in Oracle Fusion Middleware 11.1.1.8.0 allows remote attackers to affect integrity via unknown vectors related to WebCenter Spaces Application.

4.3
2015-04-16 CVE-2015-0447 Oracle Remote Security vulnerability in Oracle E-Business Suite

Unspecified vulnerability in the Oracle Applications Technology Stack component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3, 12.2.3, and 12.2.4 allows remote attackers to affect confidentiality via vectors related to Configurator DMZ rules.

4.3
2015-04-15 CVE-2015-0698 Cisco Cross-site Scripting vulnerability in Cisco web Security Appliance

Multiple cross-site scripting (XSS) vulnerabilities in filter search forms in admin web pages on Cisco Web Security Appliance (WSA) devices with software 8.5.0-497 allow remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCut39213.

4.3
2015-04-15 CVE-2015-0696 Cisco Cross-site Scripting vulnerability in Cisco Telepresence TC Software

Cross-site scripting (XSS) vulnerability in the login page in Cisco TC Software before 7.1.0 on Cisco TelePresence Collaboration Desk and Room Endpoints devices allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCuq94977.

4.3
2015-04-15 CVE-2015-0345 Adobe Cross-site Scripting vulnerability in Adobe Coldfusion 10.0/11.0

Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 10 before Update 16 and 11 before Update 5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2015-04-14 CVE-2015-1661 Microsoft Permissions, Privileges, and Access Controls vulnerability in Microsoft Internet Explorer

Microsoft Internet Explorer 6 through 11 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Internet Explorer ASLR Bypass Vulnerability."

4.3
2015-04-14 CVE-2015-1653 Microsoft Cross-site Scripting vulnerability in Microsoft Sharepoint Foundation and Sharepoint Server

Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Foundation 2013 SP1 and SharePoint Server 2013 SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted request, aka "Microsoft SharePoint XSS Vulnerability."

4.3
2015-04-14 CVE-2015-1646 Microsoft Permissions, Privileges, and Access Controls vulnerability in Microsoft XML Core Services 3.0

Microsoft XML Core Services (aka MSXML) 3.0 allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted DTD, aka "MSXML3 Same Origin Policy SFB Vulnerability."

4.3
2015-04-14 CVE-2015-1640 Microsoft Cross-site Scripting vulnerability in Microsoft Project Server 2010/2013

Cross-site scripting (XSS) vulnerability in Microsoft Project Server 2010 SP2 and 2013 SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted request, aka "Microsoft SharePoint XSS Vulnerability."

4.3
2015-04-14 CVE-2015-1639 Microsoft Cross-site Scripting vulnerability in Microsoft Office 2011

Cross-site scripting (XSS) vulnerability in Microsoft Office for Mac 2011 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Microsoft Outlook App for Mac XSS Vulnerability."

4.3
2015-04-14 CVE-2015-2926 Zoneo Soft Cross-site Scripting vulnerability in Zoneo-Soft PHPtraffica 2.2.1/2.3

Cross-site scripting (XSS) vulnerability in Php/stats/statsRecent.inc.php in phpTrafficA 2.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the HTTP User-Agent header to index.php.

4.3
2015-04-14 CVE-2015-2781 Hotspot Express Cross-site Scripting vulnerability in Hotspot Express Hotex Billing Manager 73

Cross-site scripting (XSS) vulnerability in cgi-bin/hotspotlogin.cgi in Hotspot Express hotEx Billing Manager 73 allows remote attackers to inject arbitrary web script or HTML via the reply parameter.

4.3
2015-04-14 CVE-2015-2223 Palo Alto Networks Cross-site Scripting vulnerability in Palo Alto Networks Traps 3.1.2.1546

Multiple cross-site scripting (XSS) vulnerabilities in the web-based console management interface in Palo Alto Networks Traps (formerly Cyvera Endpoint Protection) 3.1.2.1546 allow remote attackers to inject arbitrary web script or HTML via the (1) Arguments, (2) FileName, or (3) URL parameter in a SOAP request.

4.3
2015-04-14 CVE-2014-9146 Fiyo Cross-site Scripting vulnerability in Fiyo CMS 2.0.1.8

Multiple cross-site scripting (XSS) vulnerabilities in Fiyo CMS 2.0.1.8 allow remote attackers to inject arbitrary web script or HTML via the (1) view, (2) id, (3) page, or (4) app parameter to the default URI or the (5) act parameter to dapur/index.php.

4.3
2015-04-13 CVE-2015-2941 Mediawiki Cross-site Scripting vulnerability in Mediawiki

Cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2, when using HHVM, allows remote attackers to inject arbitrary web script or HTML via an invalid parameter in a wddx format request to api.php, which is not properly handled in an error message, related to unsafe calls to wddx_serialize_value.

4.3
2015-04-13 CVE-2015-2939 Mediawiki Cross-site Scripting vulnerability in Mediawiki Scribunto

Cross-site scripting (XSS) vulnerability in the Scribunto extension for MediaWiki allows remote attackers to inject arbitrary web script or HTML via a function name, which is not properly handled in a Lua error backtrace.

4.3
2015-04-13 CVE-2015-2938 Mediawiki Cross-site Scripting vulnerability in Mediawiki

Cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via a custom JavaScript file, which is not properly handled when previewing the file.

4.3
2015-04-13 CVE-2015-2934 Mediawiki Cross-site Scripting vulnerability in Mediawiki

MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 does not properly handle when the Zend interpreter xml_parse function does not expand entities, which allows remote attackers to inject arbitrary web script or HTML via a crafted SVG file.

4.3
2015-04-13 CVE-2015-2933 Mediawiki Cross-site Scripting vulnerability in Mediawiki

Cross-site scripting (XSS) vulnerability in the Html class in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via a LanguageConverter substitution string when using a language variant.

4.3
2015-04-13 CVE-2015-2932 Mediawiki Cross-site Scripting vulnerability in Mediawiki

Incomplete blacklist vulnerability in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via an animated href XLink element.

4.3
2015-04-13 CVE-2015-2931 Mediawiki Cross-site Scripting vulnerability in Mediawiki

Incomplete blacklist vulnerability in includes/upload/UploadBase.php in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via an application/xml MIME type for a nested SVG with a data: URI.

4.3
2015-04-13 CVE-2015-0840 Debian
Canonical
Improper Access Control vulnerability in multiple products

The dpkg-source command in Debian dpkg before 1.16.16 and 1.17.x before 1.17.25 allows remote attackers to bypass signature verification via a crafted Debian source control file (.dsc).

4.3
2015-04-13 CVE-2014-9714 Facebook Cross-site Scripting vulnerability in Facebook Hiphop Virtual Machine

Cross-site scripting (XSS) vulnerability in the WddxPacket::recursiveAddVar function in HHVM (aka the HipHop Virtual Machine) before 3.5.0 allows remote attackers to inject arbitrary web script or HTML via a crafted string to the wddx_serialize_value function.

4.3
2015-04-16 CVE-2015-2573 Novell
Oracle
Remote Security vulnerability in Oracle MySQL Server

Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via vectors related to DDL.

4.0
2015-04-16 CVE-2015-2571 Oracle
Novell
Debian
Canonical
Remote Security vulnerability in Oracle MySQL Server

Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.

4.0
2015-04-16 CVE-2015-0508 Oracle Remote Security vulnerability in Oracle MySQL Server

Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB, a different vulnerability than CVE-2015-0506.

4.0
2015-04-16 CVE-2015-0503 Oracle Remote Security vulnerability in Oracle MySQL Server

Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition.

4.0
2015-04-16 CVE-2015-0500 Oracle
Suse
Remote Security vulnerability in Oracle MySQL Server

Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors.

4.0
2015-04-16 CVE-2015-0496 Oracle Remote Security vulnerability in Oracle Peoplesoft products 8.53/8.54

Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53 and 8.54 allows remote authenticated users to affect confidentiality via vectors related to PIA Search Functionality.

4.0
2015-04-16 CVE-2015-0487 Oracle Remote Security vulnerability in Oracle Peoplesoft products 8.53/8.54

Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53 and 8.54 allows remote authenticated users to affect integrity via vectors related to PIA Core Technology, a different vulnerability than CVE-2015-0472.

4.0
2015-04-16 CVE-2015-0483 Oracle Remote Security vulnerability in Oracle Database Server

Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect integrity via unknown vectors.

4.0
2015-04-16 CVE-2015-0479 Oracle Remote Security vulnerability in Oracle Database Server 11.2.0.3/11.2.0.4/12.1.0.1

Unspecified vulnerability in the XDK and XDB - XML Database component in Oracle Database Server 11.2.0.3, 11.2.0.4, and 12.1.0.1 allows remote authenticated users to affect availability via unknown vectors.

4.0
2015-04-16 CVE-2015-0475 Oracle Remote Security vulnerability in Oracle JD Edwards products 9.1

Unspecified vulnerability in the JD Edwards EnterpriseOne Technology component in Oracle JD Edwards Products 9.1 allows remote authenticated users to affect confidentiality via unknown vectors related to Web Runtime Security.

4.0
2015-04-16 CVE-2015-0465 Oracle Remote Security vulnerability in Oracle Transportation Management

Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 6.1, 6.2, 6.3.0, 6.3.1, 6.3.2, 6.3.3, 6.3.4, 6.3.5, and 6.3.6 allows remote authenticated users to affect confidentiality via unknown vectors related to UI Infrastructure.

4.0
2015-04-16 CVE-2015-0463 Oracle Remote Security vulnerability in Oracle Transportation Management

Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 6.2, 6.3.0, 6.3.1, 6.3.2, 6.3.3, 6.3.4, 6.3.5, and 6.3.6 allows remote authenticated users to affect confidentiality via unknown vectors related to Security.

4.0
2015-04-16 CVE-2015-0462 Oracle Remote Security vulnerability in Oracle Transportation Management

Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 6.1, 6.2, 6.3.0, 6.3.1, 6.3.2, 6.3.3, 6.3.4, 6.3.5, and 6.3.6 allows remote authenticated users to affect confidentiality via unknown vectors related to Security.

4.0
2015-04-16 CVE-2015-0441 Oracle
Debian
Canonical
Remote Security vulnerability in Oracle MySQL Server

Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Encryption.

4.0
2015-04-16 CVE-2015-0439 Suse
Novell
Oracle
Remote Security vulnerability in Oracle MySQL Server

Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB, a different vulnerability than CVE-2015-4756.

4.0
2015-04-16 CVE-2015-0438 Oracle
Novell
Remote Security vulnerability in Oracle MySQL Server

Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition.

4.0
2015-04-16 CVE-2015-0433 Novell
Oracle
Debian
Canonical
Remote Security vulnerability in Oracle MySQL Server

Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via vectors related to InnoDB : DML.

4.0
2015-04-16 CVE-2015-0423 Oracle
Novell
Remote Security vulnerability in Oracle Communications Policy Management and Mysql

Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.

4.0
2015-04-16 CVE-2015-0405 Oracle
Novell
Remote Security vulnerability in Oracle MySQL Server

Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to XA.

4.0
2015-04-14 CVE-2015-3293 Fortinet Information Exposure vulnerability in Fortinet Fortimail

FortiMail 5.0.3 through 5.2.3 allows remote administrators to obtain credentials via the "diag debug application httpd" command.

4.0

25 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2015-04-16 CVE-2015-2567 Oracle
Novell
Remote Security vulnerability in Oracle MySQL Server

Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Privileges.

3.5
2015-04-16 CVE-2015-0507 Oracle Remote Security vulnerability in Oracle MySQL Server

Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Memcached.

3.5
2015-04-16 CVE-2015-0506 Oracle Remote Security vulnerability in Oracle MySQL Server

Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB, a different vulnerability than CVE-2015-0508.

3.5
2015-04-16 CVE-2015-0505 Suse
Oracle
Remote Security vulnerability in Oracle MySQL Server

Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via vectors related to DDL.

3.5
2015-04-16 CVE-2015-0499 Oracle
Debian
Canonical
Remote Security vulnerability in Oracle MySQL Server

Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Federated.

3.5
2015-04-16 CVE-2015-0485 Oracle Remote Security vulnerability in Oracle Peoplesoft products 9.1/9.2

Unspecified vulnerability in the PeopleSoft Enterprise SCM Strategic Sourcing component in Oracle PeopleSoft Products 9.1 and 9.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Security.

3.5
2015-04-16 CVE-2015-0472 Oracle Remote Security vulnerability in Oracle Peoplesoft products 8.53/8.54

Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53 and 8.54 allows remote authenticated users to affect integrity via vectors related to PIA Core Technology, a different vulnerability than CVE-2015-0487.

3.5
2015-04-16 CVE-2015-0451 Oracle Remote Security vulnerability in Oracle Fusion Middleware 3.004

Unspecified vulnerability in the Oracle OpenSSO component in Oracle Fusion Middleware 3.0-04 allows remote authenticated users to affect confidentiality via vectors related to OpenSSO Web Agents.

3.5
2015-04-14 CVE-2014-9311 Shareaholic Cross-site Scripting vulnerability in Shareaholic

Cross-site scripting (XSS) vulnerability in admin.php in the Shareaholic plugin before 7.6.1.0 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the location[id] parameter in a shareaholic_add_location action to wp-admin/admin-ajax.php.

3.5
2015-04-16 CVE-2013-4866 Lixil Security vulnerability in My SATIS for Android

The LIXIL Corporation My SATIS Genius Toilet application for Android has a hardcoded Bluetooth PIN, which allows physically proximate attackers to trigger physical resource consumption (water or heat) or user discomfort.

3.3
2015-04-16 CVE-2015-0453 Oracle Remote Security vulnerability in Oracle Peoplesoft products 8.53/8.54

Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53 and 8.54 allows remote attackers to affect confidentiality via vectors related to PORTAL.

3.3
2015-04-16 CVE-2015-2566 Novell
Oracle
Remote Security vulnerability in Oracle MySQL Server

Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via vectors related to DML.

2.8
2015-04-16 CVE-2015-0511 Oracle Remote Security vulnerability in Oracle MySQL Server

Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : SP.

2.8
2015-04-16 CVE-2015-0504 Oracle Remote Security vulnerability in Oracle E-Business Suite 12.0.6/12.1.3

Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 12.0.6 and 12.1.3 allows remote attackers to affect integrity via unknown vectors related to Error Messages.

2.6
2015-04-14 CVE-2015-1648 Microsoft Data Processing Errors vulnerability in Microsoft .Net Framework

ASP.NET in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2, when the customErrors configuration is disabled, allows remote attackers to obtain sensitive configuration-file information via a crafted request, aka "ASP.NET Information Disclosure Vulnerability."

2.6
2015-04-16 CVE-2015-3320 Lenovo Information Exposure vulnerability in Lenovo USB Enhanced Performance Keyboard

Lenovo USB Enhanced Performance Keyboard software before 2.0.2.2 includes active debugging code in SKHOOKS.DLL, which allows local users to obtain keypress information by accessing debug output.

2.1
2015-04-16 CVE-2015-1314 Usaa Information Exposure vulnerability in Usaa Mobile Banking 7.10

The USAA Mobile Banking application before 7.10.1 for Android displays the most recently-used screen before prompting the user for login, which might allow physically proximate users to obtain banking account numbers and balances.

2.1
2015-04-16 CVE-2015-2579 Oracle Local Security vulnerability in Oracle Health Sciences Applications 8.0

Unspecified vulnerability in the Oracle Health Sciences Argus Safety component in Oracle Health Sciences Applications 8.0 allows local users to affect confidentiality via vectors related to BIP Installer.

2.1
2015-04-16 CVE-2015-2576 Suse
Oracle
Local Security vulnerability in Oracle MySQL Utilities

Unspecified vulnerability in the MySQL Utilities component in Oracle MySQL 1.5.1 and earlier, when running on Windows, allows local users to affect integrity via unknown vectors related to Installation.

2.1
2015-04-16 CVE-2015-2574 Oracle Local Security vulnerability in Oracle Solaris 10

Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect confidentiality via unknown vectors related to Text Utilities.

2.1
2015-04-14 CVE-2015-1647 Microsoft Improper Input Validation vulnerability in Microsoft Windows 8.1 and Windows Server 2012

Virtual Machine Manager (VMM) in Hyper-V in Microsoft Windows 8.1 and Windows Server 2012 R2 allows guest OS users to cause a denial of service (VMM functionality loss) via a crafted application, aka "Windows Hyper-V DoS Vulnerability."

2.1
2015-04-16 CVE-2015-0498 Oracle Remote Security vulnerability in Oracle MySQL Server

Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Replication.

1.7
2015-04-16 CVE-2015-0493 Oracle Local Heap Buffer Overflow vulnerability in Oracle Fusion Middleware 8.4.1/8.5.0/8.5.1

Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.4.1, 8.5.0, and 8.5.1 allows local users to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2015-0474.

1.5
2015-04-16 CVE-2015-0474 Oracle Local Security vulnerability in Oracle Fusion Middleware 8.4.1/8.5.0/8.5.1

Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.4.1, 8.5.0, and 8.5.1 allows local users to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2015-0493.

1.5
2015-04-16 CVE-2015-0489 Oracle Local Security vulnerability in Oracle E-Business Suite Application Management Pack 121020/121030

Unspecified vulnerability in the Application Management Pack for Oracle E-Business Suite component in Oracle E-Business Suite AMP 121030 and 121020 allows local users to affect confidentiality via vectors related to EBS Plugin.

1.2