Weekly Vulnerabilities Reports > August 31 to September 6, 2015
Overview
118 new vulnerabilities reported during this period, including 4 critical vulnerabilities and 39 high severity vulnerabilities. This weekly summary report vulnerabilities in 96 products from 57 vendors including Linux, Google, Cisco, Ffmpeg, and Mediawiki. Vulnerabilities are notably categorized as "Cross-site Scripting", "Permissions, Privileges, and Access Controls", "Resource Management Errors", "Improper Restriction of Operations within the Bounds of a Memory Buffer", and "Information Exposure".
- 94 reported vulnerabilities are remotely exploitables.
- 13 reported vulnerabilities have public exploit available.
- 33 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 97 reported vulnerabilities are exploitable by an anonymous user.
- Linux has the most reported vulnerabilities, with 17 reported vulnerabilities.
- Cisco has the most reported critical vulnerabilities, with 1 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
4 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2015-08-31 | CVE-2015-2135 | HP | Unspecified vulnerability in HP Intelligent Provisioning Unspecified vulnerability in HP Intelligent Provisioning 1.00 through 1.62(a), 2.00, and 2.10 allows remote attackers to execute arbitrary code via unknown vectors. | 10.0 |
2015-09-04 | CVE-2014-9605 | Netsweeper | Improper Authentication vulnerability in Netsweeper WebUpgrade in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to bypass authentication and create a system backup tarball, restart the server, or stop the filters on the server via a ' (single quote) character in the login and password parameters to webupgrade/webupgrade.php. | 9.4 |
2015-09-04 | CVE-2015-6259 | Cisco | Improper Input Validation vulnerability in Cisco products The JavaServer Pages (JSP) component in Cisco Integrated Management Controller (IMC) Supervisor before 1.0.0.1 and UCS Director (formerly Cloupia Unified Infrastructure Controller) before 5.2.0.1 allows remote attackers to write to arbitrary files via crafted HTTP requests, aka Bug IDs CSCus36435 and CSCus62625. | 9.4 |
2015-09-04 | CVE-2015-4544 | EMC | Permissions, Privileges, and Access Controls vulnerability in EMC Documentum Content Server 7.1/7.2 EMC Documentum Content Server before 7.1P20 and 7.2.x before 7.2P04 does not properly verify authorization for dm_job object access, which allows remote authenticated users to obtain superuser privileges via crafted object operations. | 9.0 |
39 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2015-09-03 | CVE-2015-5190 | Pacemaker Corosync Configuration System Project | Command Injection vulnerability in Pacemaker/Corosync Configuration System Project Pacemaker/Corosync Configuration System The pcsd web UI in PCS 0.9.139 and earlier allows remote authenticated users to execute arbitrary commands via "escape characters" in a URL. | 8.5 |
2015-08-31 | CVE-2014-2331 | Check MK Project | Code Injection vulnerability in Check MK Project Check MK Check_MK 1.2.2p2, 1.2.2p3, and 1.2.3i5 allows remote authenticated users to execute arbitrary Python code via a crafted rules.mk file in a snapshot. | 8.5 |
2015-09-05 | CVE-2015-5722 | ISC Apple | Improper Input Validation vulnerability in multiple products buffer.c in named in ISC BIND 9.x before 9.9.7-P3 and 9.10.x before 9.10.2-P4 allows remote attackers to cause a denial of service (assertion failure and daemon exit) by creating a zone containing a malformed DNSSEC key and issuing a query for a name in that zone. | 7.8 |
2015-09-04 | CVE-2015-6812 | Invisionpower Invisioncommunity | Resource Management Errors vulnerability in Invisioncommunity Invision Power Board Invision Power Services IPS Community Suite (aka Invision Power Board, IPB, or Power Board) before 4.0.12.1 allows remote attackers to cause a denial of service (loop and memory consumption) via a crafted URL. | 7.8 |
2015-08-31 | CVE-2015-6272 | Cisco | Resource Management Errors vulnerability in Cisco IOS XE Cisco IOS XE 2.1.0 through 2.2.3 and 2.3.0 on ASR 1000 devices, when NAT Application Layer Gateway is used, allows remote attackers to cause a denial of service (Embedded Services Processor crash) via a crafted H.323 packet, aka Bug ID CSCsx35393, CSCsx07094, and CSCsw93064. | 7.8 |
2015-08-31 | CVE-2015-6271 | Cisco | Resource Management Errors vulnerability in Cisco IOS XE Cisco IOS XE 2.1.0 through 2.4.3 and 2.5.0 on ASR 1000 devices, when NAT Application Layer Gateway is used, allows remote attackers to cause a denial of service (Embedded Services Processor crash) via a crafted SIP packet, aka Bug IDs CSCta74749 and CSCta77008. | 7.8 |
2015-08-31 | CVE-2015-6270 | Cisco | Resource Management Errors vulnerability in Cisco IOS XE 2.2.1/2.2.2 Cisco IOS XE before 2.2.3 on ASR 1000 devices allows remote attackers to cause a denial of service (Embedded Services Processor crash) via a crafted IPv6 packet, aka Bug ID CSCsv98555. | 7.8 |
2015-08-31 | CVE-2015-6269 | Cisco | Resource Management Errors vulnerability in Cisco IOS XE 2.2.1/2.2.2 Cisco IOS XE before 2.2.3 on ASR 1000 devices allows remote attackers to cause a denial of service (Embedded Services Processor crash) via a crafted (1) IPv4 or (2) IPv6 packet, aka Bug ID CSCsw69990. | 7.8 |
2015-08-31 | CVE-2015-5364 | Linux Redhat | Resource Management Errors vulnerability in Linux Kernel The (1) udp_recvmsg and (2) udpv6_recvmsg functions in the Linux kernel before 4.0.6 do not properly consider yielding a processor, which allows remote attackers to cause a denial of service (system hang) via incorrect checksums within a UDP packet flood. | 7.8 |
2015-09-06 | CVE-2015-6826 | Canonical Ffmpeg | Improper Input Validation vulnerability in multiple products The ff_rv34_decode_init_thread_copy function in libavcodec/rv34.c in FFmpeg before 2.7.2 does not initialize certain structure members, which allows remote attackers to cause a denial of service (invalid pointer access) or possibly have unspecified other impact via crafted (1) RV30 or (2) RV40 RealVideo data. | 7.5 |
2015-09-06 | CVE-2015-6825 | Ffmpeg | Improper Input Validation vulnerability in Ffmpeg The ff_frame_thread_init function in libavcodec/pthread_frame.c in FFmpeg before 2.7.2 mishandles certain memory-allocation failures, which allows remote attackers to cause a denial of service (invalid pointer access) or possibly have unspecified other impact via a crafted file, as demonstrated by an AVI file. | 7.5 |
2015-09-06 | CVE-2015-6824 | Ffmpeg Canonical | Improper Input Validation vulnerability in multiple products The sws_init_context function in libswscale/utils.c in FFmpeg before 2.7.2 does not initialize certain pixbuf data structures, which allows remote attackers to cause a denial of service (segmentation violation) or possibly have unspecified other impact via crafted video data. | 7.5 |
2015-09-06 | CVE-2015-6823 | Ffmpeg | Code vulnerability in Ffmpeg The allocate_buffers function in libavcodec/alac.c in FFmpeg before 2.7.2 does not initialize certain context data, which allows remote attackers to cause a denial of service (segmentation violation) or possibly have unspecified other impact via crafted Apple Lossless Audio Codec (ALAC) data. | 7.5 |
2015-09-06 | CVE-2015-6822 | Ffmpeg | Code vulnerability in Ffmpeg The destroy_buffers function in libavcodec/sanm.c in FFmpeg before 2.7.2 does not properly maintain height and width values in the video context, which allows remote attackers to cause a denial of service (segmentation violation and application crash) or possibly have unspecified other impact via crafted LucasArts Smush video data. | 7.5 |
2015-09-06 | CVE-2015-6821 | Ffmpeg | Improper Input Validation vulnerability in Ffmpeg The ff_mpv_common_init function in libavcodec/mpegvideo.c in FFmpeg before 2.7.2 does not properly maintain the encoding context, which allows remote attackers to cause a denial of service (invalid pointer access) or possibly have unspecified other impact via crafted MPEG data. | 7.5 |
2015-09-06 | CVE-2015-6820 | Ffmpeg Canonical | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The ff_sbr_apply function in libavcodec/aacsbr.c in FFmpeg before 2.7.2 does not check for a matching AAC frame syntax element before proceeding with Spectral Band Replication calculations, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted AAC data. | 7.5 |
2015-09-06 | CVE-2015-6819 | Ffmpeg | Numeric Errors vulnerability in Ffmpeg Multiple integer underflows in the ff_mjpeg_decode_frame function in libavcodec/mjpegdec.c in FFmpeg before 2.7.2 allow remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted MJPEG data. | 7.5 |
2015-09-06 | CVE-2015-6818 | Ffmpeg Canonical | Code vulnerability in multiple products The decode_ihdr_chunk function in libavcodec/pngdec.c in FFmpeg before 2.7.2 does not enforce uniqueness of the IHDR (aka image header) chunk in a PNG image, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via a crafted image with two or more of these chunks. | 7.5 |
2015-09-04 | CVE-2015-6811 | Cyberoam | SQL Injection vulnerability in Cyberoam Cyberoamos 10.6.2 SQL injection vulnerability in the Sophos Cyberoam CR500iNG-XP firewall appliance with CyberoamOS 10.6.2 MR-1 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter to login.xml. | 7.5 |
2015-09-04 | CVE-2015-4538 | EMC | XML External Entity Injection vulnerability in EMC Atmos 2.2.3/2.3.0 The XML parser in EMC Atmos before 2.2.3.426 and 2.3.x before 2.3.1.0 allows remote authenticated users to read arbitrary files or cause a denial of service (CPU and memory consumption) via an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | 7.5 |
2015-09-03 | CVE-2015-6581 | Heap Memory Corruption vulnerability in OpenJPEG Double free vulnerability in the opj_j2k_copy_default_tcp_and_create_tcd function in j2k.c in OpenJPEG before r3002, as used in PDFium in Google Chrome before 45.0.2454.85, allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by triggering a memory-allocation failure. | 7.5 | |
2015-09-03 | CVE-2015-6580 | Unspecified vulnerability in Google Chrome and V8 Multiple unspecified vulnerabilities in Google V8 before 4.5.103.29, as used in Google Chrome before 45.0.2454.85, allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | 7.5 | |
2015-09-03 | CVE-2015-1301 | Unspecified vulnerability in Google Chrome Multiple unspecified vulnerabilities in Google Chrome before 45.0.2454.85 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | 7.5 | |
2015-09-03 | CVE-2015-1299 | Unspecified vulnerability in Google Chrome Use-after-free vulnerability in the shared-timer implementation in Blink, as used in Google Chrome before 45.0.2454.85, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging erroneous timer firing, related to ThreadTimers.cpp and Timer.cpp. | 7.5 | |
2015-09-03 | CVE-2015-1297 | 7PK - Security Features vulnerability in Google Chrome The WebRequest API implementation in extensions/browser/api/web_request/web_request_api.cc in Google Chrome before 45.0.2454.85 does not properly consider a request's source before accepting the request, which allows remote attackers to bypass intended access restrictions via a crafted (1) app or (2) extension. | 7.5 | |
2015-09-03 | CVE-2015-1295 | Unspecified vulnerability in Google Chrome Multiple use-after-free vulnerabilities in the PrintWebViewHelper class in components/printing/renderer/print_web_view_helper.cc in Google Chrome before 45.0.2454.85 allow user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact by triggering nested IPC messages during preparation for printing, as demonstrated by messages associated with PDF documents in conjunction with messages about printer capabilities. | 7.5 | |
2015-09-03 | CVE-2015-1294 | Unspecified vulnerability in Google Chrome Use-after-free vulnerability in the SkMatrix::invertNonIdentity function in core/SkMatrix.cpp in Skia, as used in Google Chrome before 45.0.2454.85, allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering the use of matrix elements that lead to an infinite result during an inversion calculation. | 7.5 | |
2015-09-03 | CVE-2015-1293 | Permissions, Privileges, and Access Controls vulnerability in Google Chrome The DOM implementation in Blink, as used in Google Chrome before 45.0.2454.85, allows remote attackers to bypass the Same Origin Policy via unspecified vectors. | 7.5 | |
2015-09-02 | CVE-2015-3308 | GNU Canonical | Denial of Service vulnerability in GnuTLS 'x509_ext.c' Use After Free Double free vulnerability in lib/x509/x509_ext.c in GnuTLS before 3.3.14 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted CRL distribution point. | 7.5 |
2015-09-01 | CVE-2015-6728 | Mediawiki | Cross-Site Request Forgery (CSRF) vulnerability in Mediawiki The ApiBase::getWatchlistUser function in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 does not perform token comparison in constant time, which allows remote attackers to guess the watchlist token and bypass CSRF protection via a timing attack. | 7.5 |
2015-09-01 | CVE-2015-6520 | Ippusbxd Project | Permissions, Privileges, and Access Controls vulnerability in Ippusbxd Project Ippusbxd 1.21.2 IPPUSBXD before 1.22 listens on all interfaces, which allows remote attackers to obtain access to USB connected printers via a direct request. | 7.5 |
2015-08-31 | CVE-2015-6750 | Ricoh | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Ricoh Dl-1 Sr10 Buffer overflow in Ricoh DL FTP Server 1.1.0.6 and earlier allows remote attackers to execute arbitrary code via a long USER command. | 7.5 |
2015-09-03 | CVE-2015-5737 | Fortinet | Permissions, Privileges, and Access Controls vulnerability in Fortinet Forticlient The (1) mdare64_48.sys, (2) mdare32_48.sys, (3) mdare32_52.sys, (4) mdare64_52.sys, and (5) Fortishield.sys drivers in Fortinet FortiClient before 5.2.4 do not properly restrict access to the API for management of processes and the Windows registry, which allows local users to obtain a privileged handle to a PID and possibly have unspecified other impact, as demonstrated by a 0x2220c8 ioctl call. | 7.2 |
2015-09-03 | CVE-2015-5736 | Fortinet | Permissions, Privileges, and Access Controls vulnerability in Fortinet Forticlient The Fortishield.sys driver in Fortinet FortiClient before 5.2.4 allows local users to execute arbitrary code with kernel privileges by setting the callback function in a (1) 0x220024 or (2) 0x220028 ioctl call. | 7.2 |
2015-09-03 | CVE-2015-5735 | Fortinet | Permissions, Privileges, and Access Controls vulnerability in Fortinet Forticlient The (1) mdare64_48.sys, (2) mdare32_48.sys, (3) mdare32_52.sys, and (4) mdare64_52.sys drivers in Fortinet FortiClient before 5.2.4 allow local users to write to arbitrary memory locations via a 0x226108 ioctl call. | 7.2 |
2015-08-31 | CVE-2015-4036 | Linux | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Linux Kernel Array index error in the tcm_vhost_make_tpg function in drivers/vhost/scsi.c in the Linux kernel before 4.0 might allow guest OS users to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted VHOST_SCSI_SET_ENDPOINT ioctl call. | 7.2 |
2015-08-31 | CVE-2015-5157 | Redhat Linux | Permissions, Privileges, and Access Controls vulnerability in multiple products arch/x86/entry/entry_64.S in the Linux kernel before 4.1.6 on the x86_64 platform mishandles IRET faults in processing NMIs that occurred during userspace execution, which might allow local users to gain privileges by triggering an NMI. | 7.2 |
2015-08-31 | CVE-2015-3290 | Linux | Permissions, Privileges, and Access Controls vulnerability in Linux Kernel arch/x86/entry/entry_64.S in the Linux kernel before 4.1.6 on the x86_64 platform improperly relies on espfix64 during nested NMI processing, which allows local users to gain privileges by triggering an NMI within a certain instruction window. | 7.2 |
2015-09-05 | CVE-2015-5986 | ISC Apple | Improper Input Validation vulnerability in multiple products openpgpkey_61.c in named in ISC BIND 9.9.7 before 9.9.7-P3 and 9.10.x before 9.10.2-P4 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via a crafted DNS response. | 7.1 |
58 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2015-09-02 | CVE-2015-4330 | Cisco | OS Command Injection vulnerability in Cisco Telepresence Video Communication Server Software X8.5.2 A local file script in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 allows local users to gain privileges for OS command execution via invalid parameters, aka Bug ID CSCuv10556. | 6.9 |
2015-08-31 | CVE-2015-3214 | Qemu Linux Arista Debian Lenovo Redhat | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The pit_ioport_read in i8254.c in the Linux kernel before 2.6.33 and QEMU before 2.3.1 does not distinguish between read lengths and write lengths, which might allow guest OS users to execute arbitrary code on the host OS by triggering use of an invalid index. | 6.9 |
2015-09-05 | CVE-2015-2991 | Nscripter Project | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Nscripter Project Nscripter Buffer overflow in NScripter before 3.00 allows remote attackers to execute arbitrary code via crafted save data. | 6.8 |
2015-09-03 | CVE-2015-6582 | 7PK - Security Features vulnerability in Google Chrome The decompose function in platform/transforms/TransformationMatrix.cpp in Blink, as used in Google Chrome before 45.0.2454.85, does not verify that a matrix inversion succeeded, which allows remote attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted web site. | 6.8 | |
2015-09-03 | CVE-2015-6545 | Webgroupmedia | Cross-Site Request Forgery (CSRF) vulnerability in Webgroupmedia Cerb Cross-site request forgery (CSRF) vulnerability in ajax.php in Cerb before 7.0.4 allows remote attackers to hijack the authentication of administrators for requests that add an administrator account via a saveWorkerPeek action. | 6.8 |
2015-08-31 | CVE-2015-6655 | Pligg | Cross-Site Request Forgery (CSRF) vulnerability in Pligg CMS 2.0.2 Cross-site request forgery (CSRF) vulnerability in Pligg CMS 2.0.2 allows remote attackers to hijack the authentication of administrators for requests that add an administrator via a request to admin/admin_users.php. | 6.8 |
2015-08-31 | CVE-2014-2330 | Check MK Project | Cross-Site Request Forgery (CSRF) vulnerability in Check MK Project Check MK Multiple cross-site request forgery (CSRF) vulnerabilities in the Multisite GUI in Check_MK before 1.2.5i2 allow remote attackers to hijack the authentication of users for requests that (1) upload arbitrary snapshots, (2) delete arbitrary files, or possibly have other unspecified impact via unknown vectors. | 6.8 |
2015-08-31 | CVE-2015-6743 | Basware | Credentials Management vulnerability in Basware Banking Basware Banking (Maksuliikenne) 8.90.07.X uses a hardcoded password for an unspecified account, which allows remote authenticated users to bypass intended access restrictions by leveraging knowledge of this password. | 6.5 |
2015-08-31 | CVE-2015-6742 | Basware | Credentials Management vulnerability in Basware Banking Basware Banking (Maksuliikenne) before 8.90.07.X uses a hardcoded password for the ANCO account, which allows remote authenticated users to bypass intended access restrictions by leveraging knowledge of this password. | 6.5 |
2015-09-03 | CVE-2015-1291 | Permissions, Privileges, and Access Controls vulnerability in Google Chrome The ContainerNode::parserRemoveChild function in core/dom/ContainerNode.cpp in Blink, as used in Google Chrome before 45.0.2454.85, does not check whether a node is expected, which allows remote attackers to bypass the Same Origin Policy or cause a denial of service (DOM tree corruption) via a web site with crafted JavaScript code and IFRAME elements. | 6.4 | |
2015-09-02 | CVE-2015-6277 | Cisco | Resource Management Errors vulnerability in Cisco products The ARP implementation in Cisco NX-OS on Nexus 1000V devices for VMware vSphere 5.2(1)SV3(1.4), Nexus 3000 devices 7.3(0)ZD(0.47), Nexus 4000 devices 4.1(2)E1, Nexus 9000 devices 7.3(0)ZD(0.61), and MDS 9000 devices 7.0(0)HSK(0.353) and SAN-OS NX-OS on MDS 9000 devices 7.0(0)HSK(0.353) allows remote attackers to cause a denial of service (ARP process restart) via crafted packet-header fields, aka Bug ID CSCut25292. | 6.1 |
2015-08-31 | CVE-2015-0943 | Basware | Information Exposure vulnerability in Basware Banking Basware Banking (Maksuliikenne) before 9.10.0.0 does not encrypt communication between the client and the backend server, which allows man-in-the-middle attackers to obtain encryption keys, user credentials, and other sensitive information by sniffing the network or modify this traffic by inserting packets into the client-server data stream. | 5.8 |
2015-08-31 | CVE-2015-5717 | Siemens | Cryptographic Issues vulnerability in Siemens Compas 1.5 The Siemens COMPAS Mobile application before 1.6 for Android does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.8 |
2015-08-31 | CVE-2014-2332 | Check MK Project | Improper Input Validation vulnerability in Check MK Project Check MK Check_MK before 1.2.2p3 and 1.2.3x before 1.2.3i5 allows remote authenticated users to delete arbitrary files via a request to an unspecified link, related to "Insecure Direct Object References." NOTE: this can be exploited by remote attackers by leveraging CVE-2014-2330. | 5.5 |
2015-09-05 | CVE-2015-6276 | Cisco | Information Exposure vulnerability in Cisco Telepresence System Software IX 8.0.3 Cisco TelePresence IX5000 8.0.3 stores a private key associated with an X.509 certificate under the web root with insufficient access control, which allows remote attackers to obtain cleartext versions of HTTPS traffic or spoof devices via a direct request to the certificate directory, aka Bug ID CSCuu63501. | 5.0 |
2015-09-04 | CVE-2015-5688 | Geddyjs | Path Traversal vulnerability in Geddyjs Geddy 13.0.7 Directory traversal vulnerability in lib/app/index.js in Geddy before 13.0.8 for Node.js allows remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the PATH_INFO to the default URI. | 5.0 |
2015-09-03 | CVE-2015-1300 | 7PK - Security Features vulnerability in Google Chrome The FrameFetchContext::updateTimingInfoForIFrameNavigation function in core/loader/FrameFetchContext.cpp in Blink, as used in Google Chrome before 45.0.2454.85, does not properly restrict the availability of IFRAME Resource Timing API times, which allows remote attackers to obtain sensitive information via crafted JavaScript code that leverages a history.back call. | 5.0 | |
2015-09-03 | CVE-2015-1296 | 7PK - Security Features vulnerability in Google Chrome The UnescapeURLWithAdjustmentsImpl implementation in net/base/escape.cc in Google Chrome before 45.0.2454.85 does not prevent display of Unicode LOCK characters in the omnibox, which makes it easier for remote attackers to spoof the SSL lock icon by placing one of these characters at the end of a URL, as demonstrated by the omnibox in localizations for right-to-left languages. | 5.0 | |
2015-09-03 | CVE-2015-1292 | Permissions, Privileges, and Access Controls vulnerability in Google Chrome The NavigatorServiceWorker::serviceWorker function in modules/serviceworkers/NavigatorServiceWorker.cpp in Blink, as used in Google Chrome before 45.0.2454.85, allows remote attackers to bypass the Same Origin Policy by accessing a Service Worker. | 5.0 | |
2015-09-02 | CVE-2015-6274 | Cisco | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco ASR 1000 Series Software 15.5(3)S The IPv4 implementation on Cisco ASR 1000 devices with software 15.5(3)S allows remote attackers to cause a denial of service (ESP QFP CPU consumption) by triggering packet fragmentation and reassembly, aka Bug ID CSCuv71273. | 5.0 |
2015-09-01 | CVE-2015-6736 | Quiz Project | Code vulnerability in Quiz Project Quiz The Quiz extension for MediaWiki allows remote attackers to cause a denial of service via regex metacharacters in a regular expression. | 5.0 |
2015-09-01 | CVE-2015-6735 | Timedmediahandler Project | Code vulnerability in Timedmediahandler Project Timedmediahandler The reset functionality in the TimedMediaHandler extension for MediaWiki does not create a new transcode, which allows remote attackers to cause a denial of service (transcode deletion) by resetting a transcode. | 5.0 |
2015-09-01 | CVE-2015-6733 | Mediawiki | Resource Management Errors vulnerability in Mediawiki GeSHi, as used in the SyntaxHighlight_GeSHi extension and MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2, allows remote attackers to cause a denial of service (resource consumption) via unspecified vectors. | 5.0 |
2015-09-01 | CVE-2015-6727 | Mediawiki Canonical | Information Exposure vulnerability in multiple products The Special:DeletedContributions page in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 allows remote attackers to determine if an IP is autoblocked via the "Change block" text. | 5.0 |
2015-09-01 | CVE-2013-7444 | Mediawiki | Information Exposure vulnerability in Mediawiki The Special:Contributions page in MediaWiki before 1.22.0 allows remote attackers to determine if an IP is autoblocked via the "Change block" text. | 5.0 |
2015-08-31 | CVE-2015-6747 | Basware | Information Exposure vulnerability in Basware Banking Basware Banking (Maksuliikenne) 8.90.07.X does not properly prevent access to private keys, which allows remote attackers to spoof communications with banks via unspecified vectors. | 5.0 |
2015-08-31 | CVE-2015-5366 | Linux Redhat | Resource Management Errors vulnerability in Linux Kernel The (1) udp_recvmsg and (2) udpv6_recvmsg functions in the Linux kernel before 4.0.6 provide inappropriate -EAGAIN return values, which allows remote attackers to cause a denial of service (EPOLLET epoll application read outage) via an incorrect checksum in a UDP packet, a different vulnerability than CVE-2015-5364. | 5.0 |
2015-09-03 | CVE-2015-5189 | Pacemaker Corosync Configuration System Project | Race Condition vulnerability in Pacemaker/Corosync Configuration System Project Pacemaker/Corosync Configuration System Race condition in pcsd in PCS 0.9.139 and earlier uses a global variable to validate usernames, which allows remote authenticated users to gain privileges by sending a command that is checked for security after another user is authenticated. | 4.9 |
2015-08-31 | CVE-2015-6526 | Linux | Resource Management Errors vulnerability in Linux Kernel The perf_callchain_user_64 function in arch/powerpc/perf/callchain.c in the Linux kernel before 4.0.2 on ppc64 platforms allows local users to cause a denial of service (infinite loop) via a deep 64-bit userspace backtrace. | 4.9 |
2015-08-31 | CVE-2015-4700 | Linux | Code vulnerability in Linux Kernel The bpf_int_jit_compile function in arch/x86/net/bpf_jit_comp.c in the Linux kernel before 4.0.6 allows local users to cause a denial of service (system crash) by creating a packet filter and then loading crafted BPF instructions that trigger late convergence by the JIT compiler. | 4.9 |
2015-08-31 | CVE-2015-3212 | Linux | Race Condition vulnerability in Linux Kernel Race condition in net/sctp/socket.c in the Linux kernel before 4.1.2 allows local users to cause a denial of service (list corruption and panic) via a rapid series of system calls related to sockets, as demonstrated by setsockopt calls. | 4.9 |
2015-08-31 | CVE-2015-1333 | Linux | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Linux Kernel Memory leak in the __key_link_end function in security/keys/keyring.c in the Linux kernel before 4.1.4 allows local users to cause a denial of service (memory consumption) via many add_key system calls that refer to existing keys. | 4.9 |
2015-08-31 | CVE-2014-9730 | Linux | Local Denial of Service vulnerability in Linux Kernel UDF File System The udf_pc_to_char function in fs/udf/symlink.c in the Linux kernel before 3.18.2 relies on component lengths that are unused, which allows local users to cause a denial of service (system crash) via a crafted UDF filesystem image. | 4.9 |
2015-08-31 | CVE-2014-9729 | Linux | Local Denial of Service vulnerability in Linux Kernel UDF File System The udf_read_inode function in fs/udf/inode.c in the Linux kernel before 3.18.2 does not ensure a certain data-structure size consistency, which allows local users to cause a denial of service (system crash) via a crafted UDF filesystem image. | 4.9 |
2015-08-31 | CVE-2014-9728 | Linux | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Linux Kernel The UDF filesystem implementation in the Linux kernel before 3.18.2 does not validate certain lengths, which allows local users to cause a denial of service (buffer over-read and system crash) via a crafted filesystem image, related to fs/udf/inode.c and fs/udf/symlink.c. | 4.9 |
2015-08-31 | CVE-2015-6745 | Basware | Permissions, Privileges, and Access Controls vulnerability in Basware Banking Basware Banking (Maksuliikenne) 8.90.07.X relies on the client to enforce account locking, which allows local users to bypass that security mechanism by deleting the entry from the locking table. | 4.6 |
2015-08-31 | CVE-2015-5706 | Linux Canonical Debian | Use After Free vulnerability in multiple products Use-after-free vulnerability in the path_openat function in fs/namei.c in the Linux kernel 3.x and 4.x before 4.0.4 allows local users to cause a denial of service or possibly have unspecified other impact via O_TMPFILE filesystem operations that leverage a duplicate cleanup operation. | 4.6 |
2015-09-05 | CVE-2015-2986 | Rakuto | Cross-site Scripting vulnerability in Rakuto Rktsns2 0.2.2B Cross-site scripting (XSS) vulnerability in rakuto.net hitSuji (rktSNS2) 0.2.2b allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2015-09-05 | CVE-2015-2985 | Guide Park | Cross-site Scripting vulnerability in Guide-Park BBS X102 1.03 Cross-site scripting (XSS) vulnerability in guide-park.com BBS X102 1.03 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2015-09-04 | CVE-2015-6809 | Bedita | Cross-site Scripting vulnerability in Bedita Multiple cross-site scripting (XSS) vulnerabilities in BEdita before 3.6.0 allow remote attackers to inject arbitrary web script or HTML via the (1) cfg[projectName] parameter to index.php/admin/saveConfig, the (2) data[stats_provider_url] parameter to index.php/areas/saveArea, or the (3) data[description] parameter to index.php/areas/saveSection. | 4.3 |
2015-09-04 | CVE-2015-5612 | Octobercms | Cross-site Scripting vulnerability in Octobercms October Cross-site scripting (XSS) vulnerability in October CMS build 271 and earlier allows remote attackers to inject arbitrary web script or HTML via the caption tag of a profile image. | 4.3 |
2015-09-03 | CVE-2015-6583 | 7PK - Security Features vulnerability in Google Chrome Google Chrome before 45.0.2454.85 does not display a location bar for a hosted app's window after navigation away from the installation site, which might make it easier for remote attackers to spoof content via a crafted app, related to browser.cc and hosted_app_browser_controller.cc. | 4.3 | |
2015-09-03 | CVE-2015-1298 | 7PK - Security Features vulnerability in Google Chrome The RuntimeEventRouter::OnExtensionUninstalled function in extensions/browser/api/runtime/runtime_api.cc in Google Chrome before 45.0.2454.85 does not ensure that the setUninstallURL preference corresponds to the URL of a web site, which allows user-assisted remote attackers to trigger access to an arbitrary URL via a crafted extension that is uninstalled. | 4.3 | |
2015-09-03 | CVE-2015-4552 | Mybb | Cross-site Scripting vulnerability in Mybb Cross-site scripting (XSS) vulnerability in the quick edit function in xmlhttp.php in MyBB (aka MyBulletinBoard) before 1.8.5 allows remote attackers to inject arbitrary web script or HTML via the content of a post. | 4.3 |
2015-09-03 | CVE-2015-6506 | Bestpractical | Cross-site Scripting vulnerability in Bestpractical Request Tracker Cross-site scripting (XSS) vulnerability in the cryptography interface in Request Tracker (RT) before 4.2.12 allows remote attackers to inject arbitrary web script or HTML via a crafted public key. | 4.3 |
2015-09-01 | CVE-2015-6737 | Widgets Project | Cross-site Scripting vulnerability in Widgets Project Widgets Cross-site scripting (XSS) vulnerability in the Widgets extension for MediaWiki allows remote attackers to inject arbitrary web script or HTML via vectors involving base64 encoded content. | 4.3 |
2015-09-01 | CVE-2015-6734 | Mediawiki | Cross-site Scripting vulnerability in Mediawiki Cross-site scripting (XSS) vulnerability in contrib/cssgen.php in the GeSHi, as used in the SyntaxHighlight_GeSHi extension and MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2015-09-01 | CVE-2015-6732 | Semanticforms Project | Cross-site Scripting vulnerability in Semanticforms Project Semanticforms Multiple cross-site scripting (XSS) vulnerabilities in the SemanticForms extension for MediaWiki allow remote attackers to inject arbitrary web script or HTML via the (1) wpSummary parameter to Special:FormEdit, the (2) "Template label (optional)" field in a form, or a (3) Field name in a template. | 4.3 |
2015-09-01 | CVE-2015-6731 | Semanticforms Project | Cross-site Scripting vulnerability in Semanticforms Project Semanticforms Multiple cross-site scripting (XSS) vulnerabilities in the SemanticForms extension for MediaWiki allow remote attackers to inject arbitrary web script or HTML via a (1) section_*, (2) template_*, (3) label_*, or (4) new_template parameter to Special:CreateForm or (5) target or (6) alt_form parameter to Special:FormEdit. | 4.3 |
2015-09-01 | CVE-2015-6730 | Mediawiki | Cross-site Scripting vulnerability in Mediawiki Cross-site scripting (XSS) vulnerability in thumb.php in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 allows remote attackers to inject arbitrary web script or HTML via the f parameter, which is not properly handled in an error page, related to "ForeignAPI images." | 4.3 |
2015-09-01 | CVE-2015-6729 | Mediawiki | Cross-site Scripting vulnerability in Mediawiki Cross-site scripting (XSS) vulnerability in thumb.php in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 allows remote attackers to inject arbitrary web script or HTML via the rel404 parameter, which is not properly handled in an error page. | 4.3 |
2015-09-01 | CVE-2015-2807 | Documentcloud | Cross-site Scripting vulnerability in Documentcloud Navis Documentcloud Cross-site scripting (XSS) vulnerability in js/window.php in the Navis DocumentCloud plugin before 0.1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the wpbase parameter. | 4.3 |
2015-08-31 | CVE-2014-6616 | Softing | Cross-site Scripting vulnerability in Softing Fg-X00 Profibus Firmware 2.02.0.00 Cross-site scripting (XSS) vulnerability in Softing FG-100 PROFIBUS Single Channel (FG-100-PB) with firmware FG-x00-PB_V2.02.0.00 allows remote attackers to inject arbitrary web script or HTML via the DEVICE_NAME parameter to cgi-bin/CFGhttp/. | 4.3 |
2015-08-31 | CVE-2014-3148 | OK WEB Server Project | Cross-site Scripting vulnerability in OK web Server Project OK web Server Cross-site scripting (XSS) vulnerability in libahttp/err.c in OkCupid OKWS (OK Web Server) allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to a non-existent page, which is not properly handled in a 404 error page. | 4.3 |
2015-08-31 | CVE-2014-2570 | PHP Font LIB Project | Cross-site Scripting vulnerability in PHP Font LIB Project PHP Font LIB 0.3 Cross-site scripting (XSS) vulnerability in www/make_subset.php in PHP Font Lib before 0.3.1 allows remote attackers to inject arbitrary web script or HTML via the name parameter. | 4.3 |
2015-08-31 | CVE-2015-6744 | Basware | Unspecified vulnerability in Basware Banking Basware Banking (Maksuliikenne) before 8.90.07.X relies on the client to enforce (1) login verification, (2) audit trail creation, and (3) account locking, which allows remote attackers to "disrupt security-critical functions" by "dropping network traffic." NOTE: this identifier was SPLIT from CVE-2015-0942 per ADT2 and ADT3 due to different vulnerability type and different affected versions. | 4.3 |
2015-09-05 | CVE-2015-2990 | Neojapan | Path Traversal vulnerability in Neojapan Desknet NEO Directory traversal vulnerability in zhtml.cgi in NEOJAPAN desknet NEO 2.0R1.0 through 2.5R1.4 allows remote authenticated users to read arbitrary files via a crafted parameter. | 4.0 |
2015-09-02 | CVE-2015-6587 | Openafs Debian | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The vlserver in OpenAFS before 1.6.13 allows remote authenticated users to cause a denial of service (out-of-bounds read and crash) via a crafted regular expression in a VL_ListAttributesN2 RPC. | 4.0 |
17 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2015-09-04 | CVE-2015-6810 | Invisionpower | Cross-site Scripting vulnerability in Invisionpower Invision Power Board Cross-site scripting (XSS) vulnerability in Invision Power Services IPS Community Suite (aka Invision Power Board, IPB, or Power Board) 4.x before 4.0.12.1 allows remote authenticated users to inject arbitrary web script or HTML via the event_location[address] array parameter to calendar/submit/. | 3.5 |
2015-09-04 | CVE-2015-6808 | Getlevelten | Cross-site Scripting vulnerability in Getlevelten Spotlight Cross-site scripting (XSS) vulnerability in the Spotlight module 7.x-1.x before 7.x-1.5 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via a node title. | 3.5 |
2015-09-03 | CVE-2015-1516 | Polycom | Cross-site Scripting vulnerability in Polycom Realpresence Cloudaxis Suite Cross-site scripting (XSS) vulnerability in Polycom RealPresence CloudAXIS Suite before 1.7.0 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 3.5 |
2015-09-02 | CVE-2015-6805 | Medhabidotcom | Cross-site Scripting vulnerability in Medhabidotcom MDC Private Message 1.0.0 Cross-site scripting (XSS) vulnerability in the MDC Private Message plugin 1.0.0 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the message field in a private message. | 3.5 |
2015-08-31 | CVE-2015-6753 | Quick Edit Project | Cross-site Scripting vulnerability in Quick Edit Project Quick Edit 7.X1.0/7.X1.1 Multiple cross-site scripting (XSS) vulnerabilities in the Quick Edit module 7.x-1.x before 7.x-1.2 for Drupal allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via an (1) entity title, related to in-place editing, or a (2) node title. | 3.5 |
2015-08-31 | CVE-2015-6751 | Time Tracker Project | Cross-site Scripting vulnerability in Time Tracker Project Time Tracker Multiple cross-site scripting (XSS) vulnerabilities in the Time Tracker module 7.x-1.x before 7.x-1.4 for Drupal allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via a (1) note added to a time entry or an (2) activity used to categorize time tracker entries. | 3.5 |
2015-08-31 | CVE-2015-6535 | Youtube Embed Project | Cross-site Scripting vulnerability in Youtube Embed Project Youtube Embed 3.3.2 Cross-site scripting (XSS) vulnerability in includes/options-profiles.php in the YouTube Embed plugin before 3.3.3 for WordPress allows remote administrators to inject arbitrary web script or HTML via the Profile name field (youtube_embed_name parameter). | 3.5 |
2015-08-31 | CVE-2014-2329 | Check MK Project | Cross-site Scripting vulnerability in Check MK Project Check MK Multiple cross-site scripting (XSS) vulnerabilities in Check_MK before 1.2.2p3 and 1.2.3x before 1.2.3i5 allow remote authenticated users to inject arbitrary web script or HTML via the (1) agent string for a check_mk agent, a (2) crafted request to a monitored host, which is not properly handled by the logwatch module, or other unspecified vectors. | 3.5 |
2015-09-04 | CVE-2015-6807 | Mass Contact Project | Cross-site Scripting vulnerability in Mass Contact Project Mass Contact Cross-site scripting (XSS) vulnerability in the Mass Contact module 6.x-1.x before 6.x-1.6 and 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the "administer mass contact" permission to inject arbitrary web script or HTML via a category label. | 2.1 |
2015-09-03 | CVE-2015-6654 | XEN | Permissions, Privileges, and Access Controls vulnerability in XEN 4.4.0/4.5.0/4.5.1 The xenmem_add_to_physmap_one function in arch/arm/mm.c in Xen 4.5.x, 4.4.x, and earlier does not limit the number of printk console messages when reporting a failure to retrieve a reference on a foreign page, which allows remote domains to cause a denial of service by leveraging permissions to map the memory of a foreign guest. | 2.1 |
2015-09-03 | CVE-2015-4077 | Fortinet | Information Exposure vulnerability in Fortinet Forticlient The (1) mdare64_48.sys, (2) mdare32_48.sys, (3) mdare32_52.sys, and (4) mdare64_52.sys drivers in Fortinet FortiClient before 5.2.4 allow local users to read arbitrary kernel memory via a 0x22608C ioctl call. | 2.1 |
2015-08-31 | CVE-2015-6754 | Path Breadcrumbs Project | Cross-site Scripting vulnerability in Path Breadcrumbs Project Path Breadcrumbs 7.X3.0/7.X3.1/7.X3.2 Cross-site scripting (XSS) vulnerability in the administration interface in the Path Breadcrumbs module 7.x-3.x before 7.x-3.3 for Drupal allows remote authenticated users with the "Administer Path Breadcrumbs" permission to inject arbitrary web script or HTML via unspecified vectors. | 2.1 |
2015-08-31 | CVE-2015-6752 | Search API Autocomplete Project | Cross-site Scripting vulnerability in Search API Autocomplete Project Search API Autocomplete 7.X1.0/7.X1.1/7.X1.2 Cross-site scripting (XSS) vulnerability in the Search API Autocomplete module 7.x-1.x before 7.x-1.3 for Drupal, when the search index is configured to use the HTML filter processor, allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors, which are not properly handled in the returned suggestions. | 2.1 |
2015-08-31 | CVE-2015-6746 | Basware | Information Exposure vulnerability in Basware Banking Basware Banking (Maksuliikenne) before 8.90.07.X stores private keys in plaintext in the SQL database, which allows remote attackers to spoof communications with banks via unspecified vectors. | 2.1 |
2015-08-31 | CVE-2015-5697 | Linux | Information Exposure vulnerability in Linux Kernel The get_bitmap_file function in drivers/md/md.c in the Linux kernel before 4.1.6 does not initialize a certain bitmap data structure, which allows local users to obtain sensitive information from kernel memory via a GET_BITMAP_FILE ioctl call. | 2.1 |
2015-08-31 | CVE-2015-3291 | Linux | Code vulnerability in Linux Kernel arch/x86/entry/entry_64.S in the Linux kernel before 4.1.6 on the x86_64 platform does not properly determine when nested NMI processing is occurring, which allows local users to cause a denial of service (skipped NMI) by modifying the rsp register, issuing a syscall instruction, and triggering an NMI. | 2.1 |
2015-08-31 | CVE-2014-9731 | Linux | Code vulnerability in Linux Kernel The UDF filesystem implementation in the Linux kernel before 3.18.2 does not ensure that space is available for storing a symlink target's name along with a trailing \0 character, which allows local users to obtain sensitive information via a crafted filesystem image, related to fs/udf/symlink.c and fs/udf/unicode.c. | 2.1 |