Weekly Vulnerabilities Reports > August 24 to 30, 2015

Overview

93 new vulnerabilities reported during this period, including 3 critical vulnerabilities and 33 high severity vulnerabilities. This weekly summary report vulnerabilities in 124 products from 42 vendors including HP, Oracle, Wireshark, Cisco, and Drupal. Vulnerabilities are notably categorized as "Improper Input Validation", "Information Exposure", "Resource Management Errors", "Permissions, Privileges, and Access Controls", and "Improper Restriction of Operations within the Bounds of a Memory Buffer".

  • 85 reported vulnerabilities are remotely exploitables.
  • 2 reported vulnerabilities have public exploit available.
  • 8 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 76 reported vulnerabilities are exploitable by an anonymous user.
  • HP has the most reported vulnerabilities, with 30 reported vulnerabilities.
  • Microsoft has the most reported critical vulnerabilities, with 1 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

3 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2015-08-29 CVE-2015-4497 Mozilla Use After Free Denial of Service vulnerability in Mozilla Firefox and Firefox ESR

Use-after-free vulnerability in the CanvasRenderingContext2D implementation in Mozilla Firefox before 40.0.3 and Firefox ESR 38.x before 38.2.1 allows remote attackers to execute arbitrary code by leveraging improper interaction between resize events and changes to Cascading Style Sheets (CSS) token sequences for a CANVAS element.

10.0
2015-08-28 CVE-2015-1171 GSM Buffer Errors vulnerability in GSM SIM Card Editor 6.6

Stack-based buffer overflow in GSM SIM Utility (aka SIM Card Editor) 6.6 allows remote attackers to execute arbitrary code via a long entry in a .sms file.

10.0
2015-08-24 CVE-2015-5566 Adobe
Linux
Apple
Microsoft
Unspecified vulnerability in Adobe products

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-5127, CVE-2015-5130, CVE-2015-5134, CVE-2015-5539, CVE-2015-5540, CVE-2015-5550, CVE-2015-5551, CVE-2015-5556, CVE-2015-5557, CVE-2015-5559, CVE-2015-5561, CVE-2015-5563, CVE-2015-5564, and CVE-2015-5565.

10.0

33 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2015-08-24 CVE-2015-5222 Redhat Permissions, Privileges, and Access Controls vulnerability in Redhat Openshift 3.0.0.0

Red Hat OpenShift Enterprise 3.0.0.0 does not properly check permissions, which allows remote authenticated users with build permissions to execute arbitrary shell commands with root permissions on arbitrary build pods via unspecified vectors.

8.5
2015-08-29 CVE-2015-6273 Cisco Resource Management Errors vulnerability in Cisco IOS XE

Cisco IOS XE before 3.1.2S on ASR 1000 devices mishandles the automatic setup of Virtual Fragment Reassembly (VFR) by certain firewall and NAT components, which allows remote attackers to cause a denial of service (Embedded Services Processor crash) via crafted IP packets, aka Bug IDs CSCtf87624, CSCte93229, CSCtd19103, and CSCti63623.

7.8
2015-08-29 CVE-2015-6268 Cisco Resource Management Errors vulnerability in Cisco IOS XE 2.2.1/2.2.2

Cisco IOS XE before 2.2.3 on ASR 1000 devices allows remote attackers to cause a denial of service (Embedded Services Processor crash) via a crafted IPv4 UDP packet, aka Bug ID CSCsw95482.

7.8
2015-08-29 CVE-2015-6267 Cisco Resource Management Errors vulnerability in Cisco IOS XE 2.2.1/2.2.2

Cisco IOS XE before 2.2.3 on ASR 1000 devices allows remote attackers to cause a denial of service (Embedded Services Processor crash) via a crafted L2TP packet, aka Bug IDs CSCsw95722 and CSCsw95496.

7.8
2015-08-27 CVE-2015-5368 HP Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in HP products

The HP lt4112 LTE/HSPA+ Gobi 4G module with firmware before 12.500.00.15.1803 on EliteBook, ElitePad, Elite, ProBook, Spectre, ZBook, and mt41 Thin Client devices allows remote attackers to modify data or cause a denial of service, or execute arbitrary code, via unspecified vectors.

7.8
2015-08-24 CVE-2014-9744 Opensuse
Polarssl
Resource Management Errors vulnerability in multiple products

Memory leak in PolarSSL before 1.3.9 allows remote attackers to cause a denial of service (memory consumption) via a large number of ClientHello messages.

7.8
2015-08-24 CVE-2014-8628 Polarssl Resource Management Errors vulnerability in Polarssl

Memory leak in PolarSSL before 1.2.12 and 1.3.x before 1.3.9 allows remote attackers to cause a denial of service (memory consumption) via a large number of crafted X.509 certificates.

7.8
2015-08-24 CVE-2015-5058 F5 Resource Management Errors vulnerability in F5 products

Memory leak in the virtual server component in F5 Big-IP LTM, AAM, AFM, Analytics, APM, ASM, GTM, Link Controller, and PEM 11.5.x before 11.5.1 HF10, 11.5.3 before HF1, and 11.6.0 before HF5, BIG-IQ Cloud, Device, and Security 4.4.0 through 4.5.0, and BIG-IQ ADC 4.5.0 allows remote attackers to cause a denial of service (memory consumption) via a large number of crafted ICMP packets.

7.8
2015-08-30 CVE-2015-5698 Siemens Cross-Site Request Forgery (CSRF) vulnerability in Siemens Simatic S7 1200 CPU and Simatic S7 1200 CPU Firmware

Cross-site request forgery (CSRF) vulnerability in the web server on Siemens SIMATIC S7-1200 CPU devices with firmware before 4.1.3 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

7.5
2015-08-30 CVE-2015-4555 Tibco Buffer Overflow vulnerability in Multiple TIBCO Products

Buffer overflow in the HTTP administrative interface in TIBCO Rendezvous before 8.4.4, Rendezvous Network Server before 1.1.1, Substation ES before 2.9.0, and Messaging Appliance before 8.7.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via unspecified vectors, related to the Rendezvous Daemon (rvd), Routing Daemon (rvrd), Secure Daemon (rvsd), Secure Routing Daemon (rvsrd), Gateway Daemon (rvgd), Daemon Adapter (rvda), Cache (rvcache), Agent (rva), and Relay Agent (rvrad) components.

7.5
2015-08-29 CVE-2015-4498 Mozilla 7PK - Security Features vulnerability in Mozilla Firefox and Firefox ESR

The add-on installation feature in Mozilla Firefox before 40.0.3 and Firefox ESR 38.x before 38.2.1 allows remote attackers to bypass an intended user-confirmation requirement by constructing a crafted data: URL and triggering navigation to an arbitrary http: or https: URL at a certain early point in the installation process.

7.5
2015-08-28 CVE-2014-9651 Call CC Buffer Errors vulnerability in Call-Cc Chicken 4.10.0/4.9.0/4.9.0.1

Buffer overflow in CHICKEN 4.9.0.x before 4.9.0.2, 4.9.x before 4.9.1, and before 5.0 allows attackers to have unspecified impact via a positive START argument to the "substring-index[-ci] procedures."

7.5
2015-08-27 CVE-2015-5432 HP Unspecified vulnerability in HP Virtual Connect Enterprise Manager SDK 7.4.0

HP Virtual Connect Enterprise Manager (VCEM) SDK before 7.5.0, as used in HP Matrix Operating Environment before 7.5.0 and other products, allows remote attackers to obtain sensitive information or modify data via unspecified vectors.

7.5
2015-08-27 CVE-2015-5429 HP Unspecified vulnerability in HP Matrix Operating Environment 7.4

HP Matrix Operating Environment before 7.5.0 allows remote attackers to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2015-5427 and CVE-2015-5428.

7.5
2015-08-27 CVE-2015-5428 HP Unspecified vulnerability in HP Matrix Operating Environment 7.4

HP Matrix Operating Environment before 7.5.0 allows remote attackers to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2015-5427 and CVE-2015-5429.

7.5
2015-08-27 CVE-2015-5427 HP Unspecified vulnerability in HP Matrix Operating Environment 7.4

HP Matrix Operating Environment before 7.5.0 allows remote attackers to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2015-5428 and CVE-2015-5429.

7.5
2015-08-27 CVE-2015-5404 HP Unspecified vulnerability in HP Systems Insight Manager

HP Systems Insight Manager (SIM) before 7.5.0, as used in HP Matrix Operating Environment before 7.5.0 and other products, allows remote attackers to obtain sensitive information or modify data via unspecified vectors.

7.5
2015-08-26 CVE-2015-5409 HP Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in HP Version Control Repository Manager

Buffer overflow in HP Version Control Repository Manager (VCRM) before 7.5.0 allows remote authenticated users to modify data or cause a denial of service via unspecified vectors.

7.5
2015-08-24 CVE-2015-5424 HP Remote Code Execution vulnerability in HP Keyview 10.23.0.0/10.24.0.0

Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2885.

7.5
2015-08-24 CVE-2015-5423 HP Remote Code Execution vulnerability in HP Keyview 10.23.0.0/10.24.0.0

Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2884.

7.5
2015-08-24 CVE-2015-5422 HP Remote Code Execution vulnerability in HP Keyview 10.23.0.0/10.24.0.0

Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2883.

7.5
2015-08-24 CVE-2015-5421 HP Remote Code Execution vulnerability in HP Keyview 10.23.0.0/10.24.0.0

Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2881.

7.5
2015-08-24 CVE-2015-5420 HP Remote Code Execution vulnerability in HP Keyview 10.23.0.0/10.24.0.0

Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2880.

7.5
2015-08-24 CVE-2015-5419 HP Remote Code Execution vulnerability in HP Keyview 10.23.0.0/10.24.0.0

Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2879.

7.5
2015-08-24 CVE-2015-5418 HP Remote Code Execution vulnerability in HP Keyview 10.23.0.0/10.24.0.0

Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2877.

7.5
2015-08-24 CVE-2015-5417 HP Remote Code Execution vulnerability in HP Keyview 10.23.0.0/10.24.0.0

Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2876.

7.5
2015-08-24 CVE-2015-5416 HP Remote Code Execution vulnerability in HP Keyview 10.23.0.0/10.24.0.0

Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2875.

7.5
2015-08-24 CVE-2015-6659 Drupal SQL Injection vulnerability in Drupal

SQL injection vulnerability in the SQL comment filtering system in the Database API in Drupal 7.x before 7.39 allows remote attackers to execute arbitrary SQL commands via an SQL comment.

7.5
2015-08-24 CVE-2015-6525 Debian
Libevent Project
Numeric Errors vulnerability in multiple products

Multiple integer overflows in the evbuffer API in Libevent 2.0.x before 2.0.22 and 2.1.x before 2.1.5-beta allow context-dependent attackers to cause a denial of service or possibly have other unspecified impact via "insanely large inputs" to the (1) evbuffer_add, (2) evbuffer_prepend, (3) evbuffer_expand, (4) exbuffer_reserve_space, or (5) evbuffer_read function, which triggers a heap-based buffer overflow or an infinite loop.

7.5
2015-08-24 CVE-2014-6272 Debian
Libevent Project
Numeric Errors vulnerability in multiple products

Multiple integer overflows in the evbuffer API in Libevent 1.4.x before 1.4.15, 2.0.x before 2.0.22, and 2.1.x before 2.1.5-beta allow context-dependent attackers to cause a denial of service or possibly have other unspecified impact via "insanely large inputs" to the (1) evbuffer_add, (2) evbuffer_expand, or (3) bufferevent_write function, which triggers a heap-based buffer overflow or an infinite loop.

7.5
2015-08-24 CVE-2014-3612 Apache Improper Authentication vulnerability in Apache Activemq

The LDAPLoginModule implementation in the Java Authentication and Authorization Service (JAAS) in Apache ActiveMQ 5.x before 5.10.1 allows remote attackers to bypass authentication by logging in with an empty password and valid username, which triggers an unauthenticated bind.

7.5
2015-08-27 CVE-2015-5402 HP Permissions, Privileges, and Access Controls vulnerability in HP Systems Insight Manager

HP Systems Insight Manager (SIM) before 7.5.0, as used in HP Matrix Operating Environment before 7.5.0 and other products, allows local users to gain privileges, and consequently obtain sensitive information, modify data, or cause a denial of service, via unspecified vectors.

7.2
2015-08-24 CVE-2015-6565 Openbsd Permissions, Privileges, and Access Controls vulnerability in Openbsd Openssh 6.8/6.9

sshd in OpenSSH 6.8 and 6.9 uses world-writable permissions for TTY devices, which allows local users to cause a denial of service (terminal disruption) or possibly have unspecified other impact by writing to a device, as demonstrated by writing an escape sequence.

7.2

52 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2015-08-27 CVE-2015-5367 HP Permissions, Privileges, and Access Controls vulnerability in HP products

The HP lt4112 LTE/HSPA+ Gobi 4G module with firmware before 12.500.00.15.1803 on EliteBook, ElitePad, Elite, ProBook, Spectre, ZBook, and mt41 Thin Client devices allows local users to gain privileges via unspecified vectors.

6.9
2015-08-26 CVE-2015-4173 Sonicwall Unquoted Search Path OR Element vulnerability in Sonicwall Netextender

Unquoted Windows search path vulnerability in the autorun value in Dell SonicWall NetExtender before 7.5.227 and 8.0.x before 8.0.238, as used in the SRA firmware before 7.5.1.2-40sv and 8.x before 8.0.0.3-23sv, allows local users to gain privileges via a Trojan horse program in the %SYSTEMDRIVE% folder.

6.9
2015-08-24 CVE-2015-6564 Openbsd Permissions, Privileges, and Access Controls vulnerability in Openbsd Openssh

Use-after-free vulnerability in the mm_answer_pam_free_ctx function in monitor.c in sshd in OpenSSH before 7.0 on non-OpenBSD platforms might allow local users to gain privileges by leveraging control of the sshd uid to send an unexpectedly early MONITOR_REQ_PAM_FREE_CTX request.

6.9
2015-08-26 CVE-2015-5411 HP Information Exposure vulnerability in HP Version Control Repository Manager

HP Version Control Repository Manager (VCRM) before 7.5.0 allows remote authenticated users to obtain sensitive information via unspecified vectors.

6.8
2015-08-25 CVE-2015-5949 Videolan Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Videolan VLC Media Player

VideoLAN VLC media player 2.2.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted 3GP file, which triggers the freeing of arbitrary pointers.

6.8
2015-08-25 CVE-2015-5161 Zend XML External Entity Injection vulnerability in Multiple Zend Products

The Zend_Xml_Security::scan in ZendXml before 1.0.1 and Zend Framework before 1.12.14, 2.x before 2.4.6, and 2.5.x before 2.5.2, when running under PHP-FPM in a threaded environment, allows remote attackers to bypass security checks and conduct XML external entity (XXE) and XML entity expansion (XEE) attacks via multibyte encoded characters.

6.8
2015-08-25 CVE-2015-6262 Cisco Cross-Site Request Forgery (CSRF) vulnerability in Cisco Prime Infrastructure 1.2.0.103/2.0

Cross-site request forgery (CSRF) vulnerability in Cisco Prime Infrastructure 1.2(0.103) and 2.0(0.0) allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCum49054 and CSCum49059.

6.8
2015-08-25 CVE-2015-5786 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Quicktime

Apple QuickTime before 7.7.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file, a different vulnerability than CVE-2015-5785.

6.8
2015-08-25 CVE-2015-5785 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Quicktime

Apple QuickTime before 7.7.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file, a different vulnerability than CVE-2015-5786.

6.8
2015-08-24 CVE-2015-6664 SAP Unspecified vulnerability in SAP Mobile Platform 2.3

XML external entity (XXE) vulnerability in the application import functionality in SAP Mobile Platform 2.3 allows remote attackers to read arbitrary files and possibly have other unspecified impact via crafted XML data, aka SAP Security Note 2152227.

6.8
2015-08-24 CVE-2015-6662 SAP Unspecified vulnerability in SAP Netweaver 7.40

XML external entity (XXE) vulnerability in SAP NetWeaver Portal 7.4 allows remote attackers to read arbitrary files and possibly have other unspecified impact via crafted XML data, aka SAP Security Note 2168485.

6.8
2015-08-24 CVE-2015-6660 Drupal Cross-Site Request Forgery (CSRF) vulnerability in Drupal

The Form API in Drupal 6.x before 6.37 and 7.x before 7.39 does not properly validate the form token, which allows remote attackers to conduct CSRF attacks that upload files in a different user's account via vectors related to "file upload value callbacks."

6.8
2015-08-27 CVE-2015-5431 HP Unspecified vulnerability in HP Matrix Operating Environment 7.4

HP Matrix Operating Environment before 7.5.0 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors.

6.5
2015-08-27 CVE-2015-5405 HP Unspecified vulnerability in HP Systems Insight Manager

HP Systems Insight Manager (SIM) before 7.5.0, as used in HP Matrix Operating Environment before 7.5.0 and other products, allows remote authenticated users to obtain sensitive information, modify data, or cause a denial of service via unspecified vectors.

6.5
2015-08-27 CVE-2015-2140 HP Improper Input Validation vulnerability in HP Systems Insight Manager

HP Systems Insight Manager (SIM) before 7.5.0, as used in HP Matrix Operating Environment before 7.5.0 and other products, allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors.

6.5
2015-08-26 CVE-2015-5410 HP Arbitrary Code Execution vulnerability in HP Version Control Repository Manager

HP Version Control Repository Manager (VCRM) before 7.5.0 allows remote authenticated users to execute arbitrary code or cause a denial of service via unspecified vectors.

6.5
2015-08-26 CVE-2015-5412 HP Cross-Site Request Forgery (CSRF) vulnerability in HP Version Control Repository Manager

Cross-site request forgery (CSRF) vulnerability in HP Version Control Repository Manager (VCRM) before 7.5.0 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors.

6.0
2015-08-24 CVE-2015-3238 Linux PAM
Oracle
Information Exposure vulnerability in multiple products

The _unix_run_helper_binary function in the pam_unix module in Linux-PAM (aka pam) before 1.2.1, when unable to directly access passwords, allows local users to enumerate usernames or cause a denial of service (hang) via a large password.

5.8
2015-08-26 CVE-2013-7424 GNU Code vulnerability in GNU Glibc

The getaddrinfo function in glibc before 2.15, when compiled with libidn and the AI_IDN flag is used, allows context-dependent attackers to cause a denial of service (invalid free) and possibly execute arbitrary code via unspecified vectors, as demonstrated by an internationalized domain name to ping6.

5.1
2015-08-28 CVE-2015-6266 Cisco Improper Authentication vulnerability in Cisco Identity Services Engine Software 1.2(0.899)

The guest portal in Cisco Identity Services Engine (ISE) 3300 1.2(0.899) does not restrict access to uploaded HTML documents, which allows remote attackers to obtain sensitive information from customized documents via a direct request, aka Bug ID CSCuo78045.

5.0
2015-08-27 CVE-2015-5430 HP Information Exposure vulnerability in HP Matrix Operating Environment 7.4

HP Matrix Operating Environment before 7.5.0 allows remote attackers to obtain sensitive information via unspecified vectors.

5.0
2015-08-25 CVE-2012-2150 SGI Information Exposure vulnerability in SGI Xfsprogs 3.2.3

xfs_metadump in xfsprogs before 3.2.4 does not properly obfuscate file data, which allows remote attackers to obtain sensitive information by reading a generated image.

5.0
2015-08-25 CVE-2015-3269 HP
Adobe
Information Exposure vulnerability in multiple products

Apache Flex BlazeDS, as used in flex-messaging-core.jar in Adobe LiveCycle Data Services (LCDS) 3.0.x before 3.0.0.354170, 4.5 before 4.5.1.354169, 4.6.2 before 4.6.2.354169, and 4.7 before 4.7.0.354169 and other products, allows remote attackers to read arbitrary files via an AMF message containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

5.0
2015-08-24 CVE-2015-6661 Drupal Information Exposure vulnerability in Drupal

Drupal 6.x before 6.37 and 7.x before 7.39 allows remote attackers to obtain sensitive node titles by reading the menu.

5.0
2015-08-24 CVE-2015-6524 Fedoraproject
Apache
Credentials Management vulnerability in multiple products

The LDAPLoginModule implementation in the Java Authentication and Authorization Service (JAAS) in Apache ActiveMQ 5.x before 5.10.1 allows wildcard operators in usernames, which allows remote attackers to obtain credentials via a brute force attack.

5.0
2015-08-24 CVE-2015-6496 Netfilter
Debian
Code vulnerability in multiple products

conntrackd in conntrack-tools 1.4.2 and earlier does not ensure that the optional kernel modules are loaded before using them, which allows remote attackers to cause a denial of service (crash) via a (1) DCCP, (2) SCTP, or (3) ICMPv6 packet.

5.0
2015-08-24 CVE-2015-6251 GNU
Debian
Denial of Service vulnerability in GnuTLS 'common.c' Double Free

Double free vulnerability in GnuTLS before 3.3.17 and 3.4.x before 3.4.4 allows remote attackers to cause a denial of service via a long DistinguishedName (DN) entry in a certificate.

5.0
2015-08-24 CVE-2015-5964 Djangoproject
Canonical
Oracle
Resource Management Errors vulnerability in multiple products

The (1) contrib.sessions.backends.base.SessionBase.flush and (2) cache_db.SessionStore.flush functions in Django 1.7.x before 1.7.10, 1.4.x before 1.4.22, and possibly other versions create empty sessions in certain circumstances, which allows remote attackers to cause a denial of service (session store consumption) via unspecified vectors.

5.0
2015-08-24 CVE-2015-5963 Djangoproject
Oracle
Canonical
Resource Management Errors vulnerability in multiple products

contrib.sessions.middleware.SessionMiddleware in Django 1.8.x before 1.8.4, 1.7.x before 1.7.10, 1.4.x before 1.4.22, and possibly other versions allows remote attackers to cause a denial of service (session store consumption or session record removal) via a large number of requests to contrib.auth.views.logout, which triggers the creation of an empty session record.

5.0
2015-08-27 CVE-2015-6265 Cisco Permissions, Privileges, and Access Controls vulnerability in Cisco Application Control Engine 4700

The CLI in Cisco Application Control Engine (ACE) 4700 A5 3.0 and earlier allows local users to bypass intended access restrictions, and read or write to files, by entering an unspecified CLI command with a crafted file as this command's input, aka Bug ID CSCur23662.

4.3
2015-08-25 CVE-2015-4020 Oracle
Rubygems
Improper Input Validation vulnerability in multiple products

RubyGems 2.0.x before 2.0.17, 2.2.x before 2.2.5, and 2.4.x before 2.4.8 does not validate the hostname when fetching gems or making API requests, which allows remote attackers to redirect requests to arbitrary domains via a crafted DNS SRV record with a domain that is suffixed with the original domain name, aka a "DNS hijack attack." NOTE: this vulnerability exists because to an incomplete fix for CVE-2015-3900.

4.3
2015-08-24 CVE-2015-6249 Oracle
Wireshark
Improper Input Validation vulnerability in multiple products

The dissect_wccp2r1_address_table_info function in epan/dissectors/packet-wccp.c in the WCCP dissector in Wireshark 1.12.x before 1.12.7 does not prevent the conflicting use of a table for both IPv4 and IPv6 addresses, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.

4.3
2015-08-24 CVE-2015-6248 Oracle
Wireshark
Improper Input Validation vulnerability in multiple products

The ptvcursor_add function in the ptvcursor implementation in epan/proto.c in Wireshark 1.12.x before 1.12.7 does not check whether the expected amount of data is available, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.

4.3
2015-08-24 CVE-2015-6247 Oracle
Wireshark
Improper Input Validation vulnerability in multiple products

The dissect_openflow_tablemod_v5 function in epan/dissectors/packet-openflow_v5.c in the OpenFlow dissector in Wireshark 1.12.x before 1.12.7 does not validate a certain offset value, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.

4.3
2015-08-24 CVE-2015-6246 Oracle
Wireshark
Improper Input Validation vulnerability in multiple products

The dissect_wa_payload function in epan/dissectors/packet-waveagent.c in the WaveAgent dissector in Wireshark 1.12.x before 1.12.7 mishandles large tag values, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.

4.3
2015-08-24 CVE-2015-6245 Wireshark
Oracle
Improper Input Validation vulnerability in multiple products

epan/dissectors/packet-gsm_rlcmac.c in the GSM RLC/MAC dissector in Wireshark 1.12.x before 1.12.7 uses incorrect integer data types, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.

4.3
2015-08-24 CVE-2015-6244 Wireshark
Oracle
Improper Input Validation vulnerability in multiple products

The dissect_zbee_secure function in epan/dissectors/packet-zbee-security.c in the ZigBee dissector in Wireshark 1.12.x before 1.12.7 improperly relies on length fields contained in packet data, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.

4.3
2015-08-24 CVE-2015-6243 Oracle
Wireshark
Improper Input Validation vulnerability in multiple products

The dissector-table implementation in epan/packet.c in Wireshark 1.12.x before 1.12.7 mishandles table searches for empty strings, which allows remote attackers to cause a denial of service (application crash) via a crafted packet, related to the (1) dissector_get_string_handle and (2) dissector_get_default_string_handle functions.

4.3
2015-08-24 CVE-2015-6242 Oracle
Wireshark
Improper Input Validation vulnerability in multiple products

The wmem_block_split_free_chunk function in epan/wmem/wmem_allocator_block.c in the wmem block allocator in the memory manager in Wireshark 1.12.x before 1.12.7 does not properly consider a certain case of multiple realloc operations that restore a memory chunk to its original size, which allows remote attackers to cause a denial of service (incorrect free operation and application crash) via a crafted packet.

4.3
2015-08-24 CVE-2015-6241 Wireshark
Oracle
Improper Input Validation vulnerability in multiple products

The proto_tree_add_bytes_item function in epan/proto.c in the protocol-tree implementation in Wireshark 1.12.x before 1.12.7 does not properly terminate a data structure after a failure to locate a number within a string, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.

4.3
2015-08-24 CVE-2015-6665 Fedoraproject
Drupal
Chaos Tool Suite Project
Cross-Site Scripting vulnerability in multiple products

Cross-site scripting (XSS) vulnerability in the Ajax handler in Drupal 7.x before 7.39 and the Ctools module 6.x-1.x before 6.x-1.14 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors involving a whitelisted HTML element, possibly related to the "a" tag.

4.3
2015-08-24 CVE-2015-6663 SAP Cross-Site Scripting vulnerability in SAP Afaria 7.0

Cross-site scripting (XSS) vulnerability in the Client form in the Device Inspector page in SAP Afaria 7 allows remote attackers to inject arbitrary web script or HTML via crafted client name data, aka SAP Security Note 2152669.

4.3
2015-08-24 CVE-2015-6658 Drupal Cross-Site Scripting vulnerability in Drupal

Cross-site scripting (XSS) vulnerability in the Autocomplete system in Drupal 6.x before 6.37 and 7.x before 7.39 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, related to uploading files.

4.3
2015-08-24 CVE-2015-0298 Redhat Cross-Site Scripting vulnerability in Redhat MOD Cluster 1.3.1

Cross-site scripting (XSS) vulnerability in the manager web interface in mod_cluster before 1.3.2.Alpha1 allows remote attackers to inject arbitrary web script or HTML via a crafted MCMP message.

4.3
2015-08-30 CVE-2015-3966 Innominate Improper Input Validation vulnerability in Innominate Mguard Firmware

The IPsec SA establishment process on Innominate mGuard devices with firmware 8.x before 8.1.7 allows remote authenticated users to cause a denial of service (VPN service restart) by leveraging a peer relationship to send a crafted configuration with compression.

4.0
2015-08-27 CVE-2015-5433 HP Unspecified vulnerability in HP Virtual Connect Enterprise Manager SDK 7.4.0

HP Virtual Connect Enterprise Manager (VCEM) SDK before 7.5.0, as used in HP Matrix Operating Environment before 7.5.0 and other products, allows remote authenticated users to obtain sensitive information via unspecified vectors.

4.0
2015-08-27 CVE-2015-5403 HP Information Exposure vulnerability in HP Systems Insight Manager

HP Systems Insight Manager (SIM) before 7.5.0, as used in HP Matrix Operating Environment before 7.5.0 and other products, allows remote authenticated users to obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2015-2139.

4.0
2015-08-27 CVE-2015-2139 HP Information Exposure vulnerability in HP Systems Insight Manager

HP Systems Insight Manager (SIM) before 7.5.0, as used in HP Matrix Operating Environment before 7.5.0 and other products, allows remote authenticated users to obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2015-5403.

4.0
2015-08-26 CVE-2015-3221 Openstack Improper Input Validation vulnerability in Openstack Neutron

OpenStack Neutron before 2014.2.4 (juno) and 2015.1.x before 2015.1.1 (kilo), when using the IPTables firewall driver, allows remote authenticated users to cause a denial of service (L2 agent crash) by adding an address pair that is rejected by the ipset tool.

4.0
2015-08-26 CVE-2015-3158 Picketlink Permissions, Privileges, and Access Controls vulnerability in Picketlink 2.7.0

The invokeNextValve function in identity/federation/bindings/tomcat/idp/AbstractIDPValve.java in PicketLink before 2.8.0.Beta1 does not properly check role based authorization, which allows remote authenticated users to gain access to restricted application resources via a (1) direct request or (2) request through an SP initiated flow.

4.0
2015-08-26 CVE-2015-5413 HP Permissions, Privileges, and Access Controls vulnerability in HP Version Control Repository Manager

HP Version Control Repository Manager (VCRM) before 7.5.0 allows remote authenticated users to gain privileges and obtain sensitive information via unspecified vectors.

4.0
2015-08-26 CVE-2015-6261 Cisco Information Exposure vulnerability in Cisco Telepresence Video Communication Server Software X8.5.2

Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 allows remote authenticated users to bypass intended access restrictions and read configuration files by leveraging the Mobile and Remote Access (MRA) role and establishing a TFTP session, aka Bug ID CSCuv78531.

4.0

5 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2015-08-24 CVE-2014-8987 Mantisbt Cross-Site Scripting vulnerability in Mantisbt

Cross-site scripting (XSS) vulnerability in the "set configuration" box in the Configuration Report page (adm_config_report.php) in MantisBT 1.2.13 through 1.2.17 allows remote administrators to inject arbitrary web script or HTML via the config_option parameter, a different vulnerability than CVE-2014-8986.

3.5
2015-08-26 CVE-2015-3239 Libunwind Project Numeric Errors vulnerability in Libunwind Project Libunwind 1.1

Off-by-one error in the dwarf_to_unw_regnum function in include/dwarf_i.h in libunwind 1.1 allows local users to have unspecified impact via invalid dwarf opcodes.

3.3
2015-08-28 CVE-2015-2987 Type74 Code vulnerability in Type74 ED

Type74 ED before 4.0 misuses 128-bit ECB encryption for small files, which makes it easier for attackers to obtain plaintext data via differential cryptanalysis of a file with an original length smaller than 128 bits.

2.6
2015-08-26 CVE-2015-4037 Qemu Code vulnerability in Qemu

The slirp_smb function in net/slirp.c in QEMU 2.3.0 and earlier creates temporary files with predictable names, which allows local users to cause a denial of service (instantiation failure) by creating /tmp/qemu-smb.*-* files before the program.

1.9
2015-08-24 CVE-2015-6563 Openbsd
Apple
Improper Input Validation vulnerability in multiple products

The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD platforms accepts extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests, which allows local users to conduct impersonation attacks by leveraging any SSH login access in conjunction with control of the sshd uid to send a crafted MONITOR_REQ_PWNAM request, related to monitor.c and monitor_wrap.c.

1.9