Weekly Vulnerabilities Reports > August 10 to 16, 2015

Overview

3 new vulnerabilities reported during this period, including 1 critical vulnerabilities and 2 high severity vulnerabilities. This weekly summary report vulnerabilities in 10 products from 3 vendors including Apache, Oracle, and Microsoft. Vulnerabilities are notably categorized as "Permissions, Privileges, and Access Controls", "Out-of-bounds Write", and "Injection".

  • 2 reported vulnerabilities are remotely exploitables.
  • 3 reported vulnerabilities are exploitable by an anonymous user.
  • Apache has the most reported vulnerabilities, with 2 reported vulnerabilities.
  • Apache has the most reported critical vulnerabilities, with 1 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

1 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2015-08-13 CVE-2015-3253 Apache
Oracle 		Injection vulnerability in multiple products

The MethodClosure class in runtime/MethodClosure.java in Apache Groovy 1.7.0 through 2.4.3 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted serialized object.
9.8

2 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2015-08-15 CVE-2015-1642 Microsoft Out-of-bounds Write vulnerability in Microsoft Office 2007/2010/2013

Microsoft Office 2007 SP3, 2010 SP2, and 2013 SP1 allows remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability."
7.8
2015-08-14 CVE-2014-3576 Apache
Oracle 		Permissions, Privileges, and Access Controls vulnerability in multiple products

The processControlCommand function in broker/TransportConnection.java in Apache ActiveMQ before 5.11.0 allows remote attackers to cause a denial of service (shutdown) via a shutdown command.
7.5

0 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS

0 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS