Weekly Vulnerabilities Reports > June 8 to 14, 2015
Overview
3 new vulnerabilities reported during this period, including 0 critical vulnerabilities and 3 high severity vulnerabilities. This weekly summary report vulnerabilities in 6 products from 5 vendors including Oracle, Microsoft, HP, Openssl, and Lighttpd. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Injection", and "Access of Uninitialized Pointer".
- 3 reported vulnerabilities are remotely exploitables.
- 3 reported vulnerabilities are exploitable by an anonymous user.
- Oracle has the most reported vulnerabilities, with 2 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
0 Critical Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|
3 High Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2015-06-10 | CVE-2015-1770 | Microsoft | Access of Uninitialized Pointer vulnerability in Microsoft Office 2013 Microsoft Office 2013 SP1 and 2013 RT SP1 allows remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Uninitialized Memory Use Vulnerability." | 8.8 |
| 2015-06-12 | CVE-2015-1789 | Openssl Oracle | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The X509_cmp_time function in crypto/x509/x509_vfy.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted length field in ASN1_TIME data, as demonstrated by an attack against a server that supports client authentication with a custom verification callback. | 7.5 |
| 2015-06-09 | CVE-2015-3200 | Lighttpd HP Oracle | Injection vulnerability in multiple products mod_auth in lighttpd before 1.4.36 allows remote attackers to inject arbitrary log entries via a basic HTTP authentication string without a colon character, as demonstrated by a string containing a NULL and new line character. | 7.5 |
0 Medium Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|
0 Low Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|