Weekly Vulnerabilities Reports > July 6 to 12, 2015

Overview

2 new vulnerabilities reported during this period, including 1 critical vulnerabilities and 0 high severity vulnerabilities. This weekly summary report vulnerabilities in 15 products from 6 vendors including Adobe, Oracle, Opensuse, Redhat, and Suse. Vulnerabilities are notably categorized as "Use After Free", and "7PK - Security Features".

  • 2 reported vulnerabilities are remotely exploitables.
  • 2 reported vulnerabilities have public exploit available.
  • 2 reported vulnerabilities are exploitable by an anonymous user.
  • Adobe has the most reported vulnerabilities, with 1 reported vulnerabilities.
  • Adobe has the most reported critical vulnerabilities, with 1 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

1 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2015-07-08 CVE-2015-5119 Adobe
Redhat
Suse
Opensuse 		Use After Free vulnerability in multiple products

Use-after-free vulnerability in the ByteArray class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.296 and 14.x through 18.0.0.194 on Windows and OS X and 11.x through 11.2.202.468 on Linux allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content that overrides a valueOf function, as exploited in the wild in July 2015.
9.8

0 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS

1 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2015-07-09 CVE-2015-1793 Oracle
Openssl 		7PK - Security Features vulnerability in multiple products

The X509_verify_cert function in crypto/x509/x509_vfy.c in OpenSSL 1.0.1n, 1.0.1o, 1.0.2b, and 1.0.2c does not properly process X.509 Basic Constraints cA values during identification of alternative certificate chains, which allows remote attackers to spoof a Certification Authority role and trigger unintended certificate verifications via a valid leaf certificate.
6.5

0 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS