Weekly Vulnerabilities Reports > August 31 to September 6, 2015

Overview

118 new vulnerabilities reported during this period, including 4 critical vulnerabilities and 39 high severity vulnerabilities. This weekly summary report vulnerabilities in 84 products from 55 vendors including Linux, Google, Cisco, Ffmpeg, and Mediawiki. Vulnerabilities are notably categorized as "Cross-site Scripting", "Permissions, Privileges, and Access Controls", "Resource Management Errors", "Improper Restriction of Operations within the Bounds of a Memory Buffer", and "Information Exposure".

  • 94 reported vulnerabilities are remotely exploitables.
  • 13 reported vulnerabilities have public exploit available.
  • 33 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 97 reported vulnerabilities are exploitable by an anonymous user.
  • Linux has the most reported vulnerabilities, with 17 reported vulnerabilities.
  • Cisco has the most reported critical vulnerabilities, with 1 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

4 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2015-08-31 CVE-2015-2135 HP Unspecified vulnerability in HP Intelligent Provisioning

Unspecified vulnerability in HP Intelligent Provisioning 1.00 through 1.62(a), 2.00, and 2.10 allows remote attackers to execute arbitrary code via unknown vectors.

10.0
2015-09-04 CVE-2014-9605 Netsweeper Improper Authentication vulnerability in Netsweeper

WebUpgrade in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to bypass authentication and create a system backup tarball, restart the server, or stop the filters on the server via a ' (single quote) character in the login and password parameters to webupgrade/webupgrade.php.

9.4
2015-09-04 CVE-2015-6259 Cisco Improper Input Validation vulnerability in Cisco products

The JavaServer Pages (JSP) component in Cisco Integrated Management Controller (IMC) Supervisor before 1.0.0.1 and UCS Director (formerly Cloupia Unified Infrastructure Controller) before 5.2.0.1 allows remote attackers to write to arbitrary files via crafted HTTP requests, aka Bug IDs CSCus36435 and CSCus62625.

9.4
2015-09-04 CVE-2015-4544 EMC Permissions, Privileges, and Access Controls vulnerability in EMC Documentum Content Server 7.1/7.2

EMC Documentum Content Server before 7.1P20 and 7.2.x before 7.2P04 does not properly verify authorization for dm_job object access, which allows remote authenticated users to obtain superuser privileges via crafted object operations.

9.0

39 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2015-09-03 CVE-2015-5190 Pacemaker Corosync Configuration System Project Command Injection vulnerability in Pacemaker/Corosync Configuration System Project Pacemaker/Corosync Configuration System

The pcsd web UI in PCS 0.9.139 and earlier allows remote authenticated users to execute arbitrary commands via "escape characters" in a URL.

8.5
2015-08-31 CVE-2014-2331 Check MK Project Code Injection vulnerability in Check MK Project Check MK

Check_MK 1.2.2p2, 1.2.2p3, and 1.2.3i5 allows remote authenticated users to execute arbitrary Python code via a crafted rules.mk file in a snapshot.

8.5
2015-09-05 CVE-2015-5722 ISC
Apple
Improper Input Validation vulnerability in multiple products

buffer.c in named in ISC BIND 9.x before 9.9.7-P3 and 9.10.x before 9.10.2-P4 allows remote attackers to cause a denial of service (assertion failure and daemon exit) by creating a zone containing a malformed DNSSEC key and issuing a query for a name in that zone.

7.8
2015-09-04 CVE-2015-6812 Invisionpower
Invisioncommunity
Resource Management Errors vulnerability in Invisioncommunity Invision Power Board

Invision Power Services IPS Community Suite (aka Invision Power Board, IPB, or Power Board) before 4.0.12.1 allows remote attackers to cause a denial of service (loop and memory consumption) via a crafted URL.

7.8
2015-08-31 CVE-2015-6272 Cisco Resource Management Errors vulnerability in Cisco IOS XE

Cisco IOS XE 2.1.0 through 2.2.3 and 2.3.0 on ASR 1000 devices, when NAT Application Layer Gateway is used, allows remote attackers to cause a denial of service (Embedded Services Processor crash) via a crafted H.323 packet, aka Bug ID CSCsx35393, CSCsx07094, and CSCsw93064.

7.8
2015-08-31 CVE-2015-6271 Cisco Resource Management Errors vulnerability in Cisco IOS XE

Cisco IOS XE 2.1.0 through 2.4.3 and 2.5.0 on ASR 1000 devices, when NAT Application Layer Gateway is used, allows remote attackers to cause a denial of service (Embedded Services Processor crash) via a crafted SIP packet, aka Bug IDs CSCta74749 and CSCta77008.

7.8
2015-08-31 CVE-2015-6270 Cisco Resource Management Errors vulnerability in Cisco IOS XE 2.2.1/2.2.2

Cisco IOS XE before 2.2.3 on ASR 1000 devices allows remote attackers to cause a denial of service (Embedded Services Processor crash) via a crafted IPv6 packet, aka Bug ID CSCsv98555.

7.8
2015-08-31 CVE-2015-6269 Cisco Resource Management Errors vulnerability in Cisco IOS XE 2.2.1/2.2.2

Cisco IOS XE before 2.2.3 on ASR 1000 devices allows remote attackers to cause a denial of service (Embedded Services Processor crash) via a crafted (1) IPv4 or (2) IPv6 packet, aka Bug ID CSCsw69990.

7.8
2015-08-31 CVE-2015-5364 Linux
Redhat
Resource Management Errors vulnerability in Linux Kernel

The (1) udp_recvmsg and (2) udpv6_recvmsg functions in the Linux kernel before 4.0.6 do not properly consider yielding a processor, which allows remote attackers to cause a denial of service (system hang) via incorrect checksums within a UDP packet flood.

7.8
2015-09-06 CVE-2015-6826 Canonical
Ffmpeg
Improper Input Validation vulnerability in multiple products

The ff_rv34_decode_init_thread_copy function in libavcodec/rv34.c in FFmpeg before 2.7.2 does not initialize certain structure members, which allows remote attackers to cause a denial of service (invalid pointer access) or possibly have unspecified other impact via crafted (1) RV30 or (2) RV40 RealVideo data.

7.5
2015-09-06 CVE-2015-6825 Ffmpeg Improper Input Validation vulnerability in Ffmpeg

The ff_frame_thread_init function in libavcodec/pthread_frame.c in FFmpeg before 2.7.2 mishandles certain memory-allocation failures, which allows remote attackers to cause a denial of service (invalid pointer access) or possibly have unspecified other impact via a crafted file, as demonstrated by an AVI file.

7.5
2015-09-06 CVE-2015-6824 Ffmpeg
Canonical
Improper Input Validation vulnerability in multiple products

The sws_init_context function in libswscale/utils.c in FFmpeg before 2.7.2 does not initialize certain pixbuf data structures, which allows remote attackers to cause a denial of service (segmentation violation) or possibly have unspecified other impact via crafted video data.

7.5
2015-09-06 CVE-2015-6823 Ffmpeg Code vulnerability in Ffmpeg

The allocate_buffers function in libavcodec/alac.c in FFmpeg before 2.7.2 does not initialize certain context data, which allows remote attackers to cause a denial of service (segmentation violation) or possibly have unspecified other impact via crafted Apple Lossless Audio Codec (ALAC) data.

7.5
2015-09-06 CVE-2015-6822 Ffmpeg Code vulnerability in Ffmpeg

The destroy_buffers function in libavcodec/sanm.c in FFmpeg before 2.7.2 does not properly maintain height and width values in the video context, which allows remote attackers to cause a denial of service (segmentation violation and application crash) or possibly have unspecified other impact via crafted LucasArts Smush video data.

7.5
2015-09-06 CVE-2015-6821 Ffmpeg Improper Input Validation vulnerability in Ffmpeg

The ff_mpv_common_init function in libavcodec/mpegvideo.c in FFmpeg before 2.7.2 does not properly maintain the encoding context, which allows remote attackers to cause a denial of service (invalid pointer access) or possibly have unspecified other impact via crafted MPEG data.

7.5
2015-09-06 CVE-2015-6820 Ffmpeg
Canonical
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

The ff_sbr_apply function in libavcodec/aacsbr.c in FFmpeg before 2.7.2 does not check for a matching AAC frame syntax element before proceeding with Spectral Band Replication calculations, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted AAC data.

7.5
2015-09-06 CVE-2015-6819 Ffmpeg Numeric Errors vulnerability in Ffmpeg

Multiple integer underflows in the ff_mjpeg_decode_frame function in libavcodec/mjpegdec.c in FFmpeg before 2.7.2 allow remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted MJPEG data.

7.5
2015-09-06 CVE-2015-6818 Ffmpeg
Canonical
Code vulnerability in multiple products

The decode_ihdr_chunk function in libavcodec/pngdec.c in FFmpeg before 2.7.2 does not enforce uniqueness of the IHDR (aka image header) chunk in a PNG image, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via a crafted image with two or more of these chunks.

7.5
2015-09-04 CVE-2015-6811 Cyberoam SQL Injection vulnerability in Cyberoam Cyberoamos 10.6.2

SQL injection vulnerability in the Sophos Cyberoam CR500iNG-XP firewall appliance with CyberoamOS 10.6.2 MR-1 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter to login.xml.

7.5
2015-09-04 CVE-2015-4538 EMC XML External Entity Injection vulnerability in EMC Atmos 2.2.3/2.3.0

The XML parser in EMC Atmos before 2.2.3.426 and 2.3.x before 2.3.1.0 allows remote authenticated users to read arbitrary files or cause a denial of service (CPU and memory consumption) via an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

7.5
2015-09-03 CVE-2015-6581 Google Heap Memory Corruption vulnerability in OpenJPEG

Double free vulnerability in the opj_j2k_copy_default_tcp_and_create_tcd function in j2k.c in OpenJPEG before r3002, as used in PDFium in Google Chrome before 45.0.2454.85, allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by triggering a memory-allocation failure.

7.5
2015-09-03 CVE-2015-6580 Google Unspecified vulnerability in Google Chrome and V8

Multiple unspecified vulnerabilities in Google V8 before 4.5.103.29, as used in Google Chrome before 45.0.2454.85, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

7.5
2015-09-03 CVE-2015-1301 Google Unspecified vulnerability in Google Chrome

Multiple unspecified vulnerabilities in Google Chrome before 45.0.2454.85 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

7.5
2015-09-03 CVE-2015-1299 Google Unspecified vulnerability in Google Chrome

Use-after-free vulnerability in the shared-timer implementation in Blink, as used in Google Chrome before 45.0.2454.85, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging erroneous timer firing, related to ThreadTimers.cpp and Timer.cpp.

7.5
2015-09-03 CVE-2015-1297 Google 7PK - Security Features vulnerability in Google Chrome

The WebRequest API implementation in extensions/browser/api/web_request/web_request_api.cc in Google Chrome before 45.0.2454.85 does not properly consider a request's source before accepting the request, which allows remote attackers to bypass intended access restrictions via a crafted (1) app or (2) extension.

7.5
2015-09-03 CVE-2015-1295 Google Unspecified vulnerability in Google Chrome

Multiple use-after-free vulnerabilities in the PrintWebViewHelper class in components/printing/renderer/print_web_view_helper.cc in Google Chrome before 45.0.2454.85 allow user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact by triggering nested IPC messages during preparation for printing, as demonstrated by messages associated with PDF documents in conjunction with messages about printer capabilities.

7.5
2015-09-03 CVE-2015-1294 Google Unspecified vulnerability in Google Chrome

Use-after-free vulnerability in the SkMatrix::invertNonIdentity function in core/SkMatrix.cpp in Skia, as used in Google Chrome before 45.0.2454.85, allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering the use of matrix elements that lead to an infinite result during an inversion calculation.

7.5
2015-09-03 CVE-2015-1293 Google Permissions, Privileges, and Access Controls vulnerability in Google Chrome

The DOM implementation in Blink, as used in Google Chrome before 45.0.2454.85, allows remote attackers to bypass the Same Origin Policy via unspecified vectors.

7.5
2015-09-02 CVE-2015-3308 GNU
Canonical
Denial of Service vulnerability in GnuTLS 'x509_ext.c' Use After Free

Double free vulnerability in lib/x509/x509_ext.c in GnuTLS before 3.3.14 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted CRL distribution point.

7.5
2015-09-01 CVE-2015-6728 Mediawiki Cross-Site Request Forgery (CSRF) vulnerability in Mediawiki

The ApiBase::getWatchlistUser function in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 does not perform token comparison in constant time, which allows remote attackers to guess the watchlist token and bypass CSRF protection via a timing attack.

7.5
2015-09-01 CVE-2015-6520 Ippusbxd Project Permissions, Privileges, and Access Controls vulnerability in Ippusbxd Project Ippusbxd 1.21.2

IPPUSBXD before 1.22 listens on all interfaces, which allows remote attackers to obtain access to USB connected printers via a direct request.

7.5
2015-08-31 CVE-2015-6750 Ricoh Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Ricoh Dl-1 Sr10

Buffer overflow in Ricoh DL FTP Server 1.1.0.6 and earlier allows remote attackers to execute arbitrary code via a long USER command.

7.5
2015-09-03 CVE-2015-5737 Fortinet Permissions, Privileges, and Access Controls vulnerability in Fortinet Forticlient

The (1) mdare64_48.sys, (2) mdare32_48.sys, (3) mdare32_52.sys, (4) mdare64_52.sys, and (5) Fortishield.sys drivers in Fortinet FortiClient before 5.2.4 do not properly restrict access to the API for management of processes and the Windows registry, which allows local users to obtain a privileged handle to a PID and possibly have unspecified other impact, as demonstrated by a 0x2220c8 ioctl call.

7.2
2015-09-03 CVE-2015-5736 Fortinet Permissions, Privileges, and Access Controls vulnerability in Fortinet Forticlient

The Fortishield.sys driver in Fortinet FortiClient before 5.2.4 allows local users to execute arbitrary code with kernel privileges by setting the callback function in a (1) 0x220024 or (2) 0x220028 ioctl call.

7.2
2015-09-03 CVE-2015-5735 Fortinet Permissions, Privileges, and Access Controls vulnerability in Fortinet Forticlient

The (1) mdare64_48.sys, (2) mdare32_48.sys, (3) mdare32_52.sys, and (4) mdare64_52.sys drivers in Fortinet FortiClient before 5.2.4 allow local users to write to arbitrary memory locations via a 0x226108 ioctl call.

7.2
2015-08-31 CVE-2015-4036 Linux Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Linux Kernel

Array index error in the tcm_vhost_make_tpg function in drivers/vhost/scsi.c in the Linux kernel before 4.0 might allow guest OS users to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted VHOST_SCSI_SET_ENDPOINT ioctl call.

7.2
2015-08-31 CVE-2015-5157 Redhat
Linux
Permissions, Privileges, and Access Controls vulnerability in multiple products

arch/x86/entry/entry_64.S in the Linux kernel before 4.1.6 on the x86_64 platform mishandles IRET faults in processing NMIs that occurred during userspace execution, which might allow local users to gain privileges by triggering an NMI.

7.2
2015-08-31 CVE-2015-3290 Linux Permissions, Privileges, and Access Controls vulnerability in Linux Kernel

arch/x86/entry/entry_64.S in the Linux kernel before 4.1.6 on the x86_64 platform improperly relies on espfix64 during nested NMI processing, which allows local users to gain privileges by triggering an NMI within a certain instruction window.

7.2
2015-09-05 CVE-2015-5986 ISC
Apple
Improper Input Validation vulnerability in multiple products

openpgpkey_61.c in named in ISC BIND 9.9.7 before 9.9.7-P3 and 9.10.x before 9.10.2-P4 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via a crafted DNS response.

7.1

58 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2015-09-02 CVE-2015-4330 Cisco OS Command Injection vulnerability in Cisco Telepresence Video Communication Server Software X8.5.2

A local file script in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 allows local users to gain privileges for OS command execution via invalid parameters, aka Bug ID CSCuv10556.

6.9
2015-08-31 CVE-2015-3214 Qemu
Linux
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

The pit_ioport_read in i8254.c in the Linux kernel before 2.6.33 and QEMU before 2.3.1 does not distinguish between read lengths and write lengths, which might allow guest OS users to execute arbitrary code on the host OS by triggering use of an invalid index.

6.9
2015-09-05 CVE-2015-2991 Nscripter Project Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Nscripter Project Nscripter

Buffer overflow in NScripter before 3.00 allows remote attackers to execute arbitrary code via crafted save data.

6.8
2015-09-03 CVE-2015-6582 Google 7PK - Security Features vulnerability in Google Chrome

The decompose function in platform/transforms/TransformationMatrix.cpp in Blink, as used in Google Chrome before 45.0.2454.85, does not verify that a matrix inversion succeeded, which allows remote attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted web site.

6.8
2015-09-03 CVE-2015-6545 Webgroupmedia Cross-Site Request Forgery (CSRF) vulnerability in Webgroupmedia Cerb

Cross-site request forgery (CSRF) vulnerability in ajax.php in Cerb before 7.0.4 allows remote attackers to hijack the authentication of administrators for requests that add an administrator account via a saveWorkerPeek action.

6.8
2015-08-31 CVE-2015-6655 Pligg Cross-Site Request Forgery (CSRF) vulnerability in Pligg CMS 2.0.2

Cross-site request forgery (CSRF) vulnerability in Pligg CMS 2.0.2 allows remote attackers to hijack the authentication of administrators for requests that add an administrator via a request to admin/admin_users.php.

6.8
2015-08-31 CVE-2014-2330 Check MK Project Cross-Site Request Forgery (CSRF) vulnerability in Check MK Project Check MK

Multiple cross-site request forgery (CSRF) vulnerabilities in the Multisite GUI in Check_MK before 1.2.5i2 allow remote attackers to hijack the authentication of users for requests that (1) upload arbitrary snapshots, (2) delete arbitrary files, or possibly have other unspecified impact via unknown vectors.

6.8
2015-08-31 CVE-2015-6743 Basware Credentials Management vulnerability in Basware Banking

Basware Banking (Maksuliikenne) 8.90.07.X uses a hardcoded password for an unspecified account, which allows remote authenticated users to bypass intended access restrictions by leveraging knowledge of this password.

6.5
2015-08-31 CVE-2015-6742 Basware Credentials Management vulnerability in Basware Banking

Basware Banking (Maksuliikenne) before 8.90.07.X uses a hardcoded password for the ANCO account, which allows remote authenticated users to bypass intended access restrictions by leveraging knowledge of this password.

6.5
2015-09-03 CVE-2015-1291 Google Permissions, Privileges, and Access Controls vulnerability in Google Chrome

The ContainerNode::parserRemoveChild function in core/dom/ContainerNode.cpp in Blink, as used in Google Chrome before 45.0.2454.85, does not check whether a node is expected, which allows remote attackers to bypass the Same Origin Policy or cause a denial of service (DOM tree corruption) via a web site with crafted JavaScript code and IFRAME elements.

6.4
2015-09-02 CVE-2015-6277 Cisco Resource Management Errors vulnerability in Cisco products

The ARP implementation in Cisco NX-OS on Nexus 1000V devices for VMware vSphere 5.2(1)SV3(1.4), Nexus 3000 devices 7.3(0)ZD(0.47), Nexus 4000 devices 4.1(2)E1, Nexus 9000 devices 7.3(0)ZD(0.61), and MDS 9000 devices 7.0(0)HSK(0.353) and SAN-OS NX-OS on MDS 9000 devices 7.0(0)HSK(0.353) allows remote attackers to cause a denial of service (ARP process restart) via crafted packet-header fields, aka Bug ID CSCut25292.

6.1
2015-08-31 CVE-2015-0943 Basware Information Exposure vulnerability in Basware Banking

Basware Banking (Maksuliikenne) before 9.10.0.0 does not encrypt communication between the client and the backend server, which allows man-in-the-middle attackers to obtain encryption keys, user credentials, and other sensitive information by sniffing the network or modify this traffic by inserting packets into the client-server data stream.

5.8
2015-08-31 CVE-2015-5717 Siemens Cryptographic Issues vulnerability in Siemens Compas 1.5

The Siemens COMPAS Mobile application before 1.6 for Android does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.8
2015-08-31 CVE-2014-2332 Check MK Project Improper Input Validation vulnerability in Check MK Project Check MK

Check_MK before 1.2.2p3 and 1.2.3x before 1.2.3i5 allows remote authenticated users to delete arbitrary files via a request to an unspecified link, related to "Insecure Direct Object References." NOTE: this can be exploited by remote attackers by leveraging CVE-2014-2330.

5.5
2015-09-05 CVE-2015-6276 Cisco Information Exposure vulnerability in Cisco Telepresence System Software IX 8.0.3

Cisco TelePresence IX5000 8.0.3 stores a private key associated with an X.509 certificate under the web root with insufficient access control, which allows remote attackers to obtain cleartext versions of HTTPS traffic or spoof devices via a direct request to the certificate directory, aka Bug ID CSCuu63501.

5.0
2015-09-04 CVE-2015-5688 Geddyjs Path Traversal vulnerability in Geddyjs Geddy 13.0.7

Directory traversal vulnerability in lib/app/index.js in Geddy before 13.0.8 for Node.js allows remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the PATH_INFO to the default URI.

5.0
2015-09-03 CVE-2015-1300 Google 7PK - Security Features vulnerability in Google Chrome

The FrameFetchContext::updateTimingInfoForIFrameNavigation function in core/loader/FrameFetchContext.cpp in Blink, as used in Google Chrome before 45.0.2454.85, does not properly restrict the availability of IFRAME Resource Timing API times, which allows remote attackers to obtain sensitive information via crafted JavaScript code that leverages a history.back call.

5.0
2015-09-03 CVE-2015-1296 Google 7PK - Security Features vulnerability in Google Chrome

The UnescapeURLWithAdjustmentsImpl implementation in net/base/escape.cc in Google Chrome before 45.0.2454.85 does not prevent display of Unicode LOCK characters in the omnibox, which makes it easier for remote attackers to spoof the SSL lock icon by placing one of these characters at the end of a URL, as demonstrated by the omnibox in localizations for right-to-left languages.

5.0
2015-09-03 CVE-2015-1292 Google Permissions, Privileges, and Access Controls vulnerability in Google Chrome

The NavigatorServiceWorker::serviceWorker function in modules/serviceworkers/NavigatorServiceWorker.cpp in Blink, as used in Google Chrome before 45.0.2454.85, allows remote attackers to bypass the Same Origin Policy by accessing a Service Worker.

5.0
2015-09-02 CVE-2015-6274 Cisco Buffer Errors vulnerability in Cisco ASR 1000 Series Software 15.5(3)S

The IPv4 implementation on Cisco ASR 1000 devices with software 15.5(3)S allows remote attackers to cause a denial of service (ESP QFP CPU consumption) by triggering packet fragmentation and reassembly, aka Bug ID CSCuv71273.

5.0
2015-09-01 CVE-2015-6736 Quiz Project Code vulnerability in Quiz Project Quiz

The Quiz extension for MediaWiki allows remote attackers to cause a denial of service via regex metacharacters in a regular expression.

5.0
2015-09-01 CVE-2015-6735 Timedmediahandler Project Code vulnerability in Timedmediahandler Project Timedmediahandler

The reset functionality in the TimedMediaHandler extension for MediaWiki does not create a new transcode, which allows remote attackers to cause a denial of service (transcode deletion) by resetting a transcode.

5.0
2015-09-01 CVE-2015-6733 Mediawiki Resource Management Errors vulnerability in Mediawiki

GeSHi, as used in the SyntaxHighlight_GeSHi extension and MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2, allows remote attackers to cause a denial of service (resource consumption) via unspecified vectors.

5.0
2015-09-01 CVE-2015-6727 Mediawiki
Canonical
Information Exposure vulnerability in multiple products

The Special:DeletedContributions page in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 allows remote attackers to determine if an IP is autoblocked via the "Change block" text.

5.0
2015-09-01 CVE-2013-7444 Mediawiki Information Exposure vulnerability in Mediawiki

The Special:Contributions page in MediaWiki before 1.22.0 allows remote attackers to determine if an IP is autoblocked via the "Change block" text.

5.0
2015-08-31 CVE-2015-6747 Basware Information Exposure vulnerability in Basware Banking

Basware Banking (Maksuliikenne) 8.90.07.X does not properly prevent access to private keys, which allows remote attackers to spoof communications with banks via unspecified vectors.

5.0
2015-08-31 CVE-2015-5366 Linux
Redhat
Resource Management Errors vulnerability in Linux Kernel

The (1) udp_recvmsg and (2) udpv6_recvmsg functions in the Linux kernel before 4.0.6 provide inappropriate -EAGAIN return values, which allows remote attackers to cause a denial of service (EPOLLET epoll application read outage) via an incorrect checksum in a UDP packet, a different vulnerability than CVE-2015-5364.

5.0
2015-09-03 CVE-2015-5189 Pacemaker Corosync Configuration System Project Race Condition vulnerability in Pacemaker/Corosync Configuration System Project Pacemaker/Corosync Configuration System

Race condition in pcsd in PCS 0.9.139 and earlier uses a global variable to validate usernames, which allows remote authenticated users to gain privileges by sending a command that is checked for security after another user is authenticated.

4.9
2015-08-31 CVE-2015-6526 Linux Resource Management Errors vulnerability in Linux Kernel

The perf_callchain_user_64 function in arch/powerpc/perf/callchain.c in the Linux kernel before 4.0.2 on ppc64 platforms allows local users to cause a denial of service (infinite loop) via a deep 64-bit userspace backtrace.

4.9
2015-08-31 CVE-2015-4700 Linux Code vulnerability in Linux Kernel

The bpf_int_jit_compile function in arch/x86/net/bpf_jit_comp.c in the Linux kernel before 4.0.6 allows local users to cause a denial of service (system crash) by creating a packet filter and then loading crafted BPF instructions that trigger late convergence by the JIT compiler.

4.9
2015-08-31 CVE-2015-3212 Linux Race Condition vulnerability in Linux Kernel

Race condition in net/sctp/socket.c in the Linux kernel before 4.1.2 allows local users to cause a denial of service (list corruption and panic) via a rapid series of system calls related to sockets, as demonstrated by setsockopt calls.

4.9
2015-08-31 CVE-2015-1333 Linux Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Linux Kernel

Memory leak in the __key_link_end function in security/keys/keyring.c in the Linux kernel before 4.1.4 allows local users to cause a denial of service (memory consumption) via many add_key system calls that refer to existing keys.

4.9
2015-08-31 CVE-2014-9730 Linux Local Denial of Service vulnerability in Linux Kernel UDF File System

The udf_pc_to_char function in fs/udf/symlink.c in the Linux kernel before 3.18.2 relies on component lengths that are unused, which allows local users to cause a denial of service (system crash) via a crafted UDF filesystem image.

4.9
2015-08-31 CVE-2014-9729 Linux Local Denial of Service vulnerability in Linux Kernel UDF File System

The udf_read_inode function in fs/udf/inode.c in the Linux kernel before 3.18.2 does not ensure a certain data-structure size consistency, which allows local users to cause a denial of service (system crash) via a crafted UDF filesystem image.

4.9
2015-08-31 CVE-2014-9728 Linux Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Linux Kernel

The UDF filesystem implementation in the Linux kernel before 3.18.2 does not validate certain lengths, which allows local users to cause a denial of service (buffer over-read and system crash) via a crafted filesystem image, related to fs/udf/inode.c and fs/udf/symlink.c.

4.9
2015-08-31 CVE-2015-6745 Basware Permissions, Privileges, and Access Controls vulnerability in Basware Banking

Basware Banking (Maksuliikenne) 8.90.07.X relies on the client to enforce account locking, which allows local users to bypass that security mechanism by deleting the entry from the locking table.

4.6
2015-08-31 CVE-2015-5706 Linux
Canonical
Debian
USE After Free vulnerability in multiple products

Use-after-free vulnerability in the path_openat function in fs/namei.c in the Linux kernel 3.x and 4.x before 4.0.4 allows local users to cause a denial of service or possibly have unspecified other impact via O_TMPFILE filesystem operations that leverage a duplicate cleanup operation.

4.6
2015-09-05 CVE-2015-2986 Rakuto Cross-Site Scripting vulnerability in Rakuto Rktsns2 0.2.2B

Cross-site scripting (XSS) vulnerability in rakuto.net hitSuji (rktSNS2) 0.2.2b allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2015-09-05 CVE-2015-2985 Guide Park Cross-Site Scripting vulnerability in Guide-Park BBS X102 1.03

Cross-site scripting (XSS) vulnerability in guide-park.com BBS X102 1.03 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2015-09-04 CVE-2015-6809 Bedita Cross-Site Scripting vulnerability in Bedita

Multiple cross-site scripting (XSS) vulnerabilities in BEdita before 3.6.0 allow remote attackers to inject arbitrary web script or HTML via the (1) cfg[projectName] parameter to index.php/admin/saveConfig, the (2) data[stats_provider_url] parameter to index.php/areas/saveArea, or the (3) data[description] parameter to index.php/areas/saveSection.

4.3
2015-09-04 CVE-2015-5612 Octobercms Cross-Site Scripting vulnerability in Octobercms October

Cross-site scripting (XSS) vulnerability in October CMS build 271 and earlier allows remote attackers to inject arbitrary web script or HTML via the caption tag of a profile image.

4.3
2015-09-03 CVE-2015-6583 Google 7PK - Security Features vulnerability in Google Chrome

Google Chrome before 45.0.2454.85 does not display a location bar for a hosted app's window after navigation away from the installation site, which might make it easier for remote attackers to spoof content via a crafted app, related to browser.cc and hosted_app_browser_controller.cc.

4.3
2015-09-03 CVE-2015-1298 Google 7PK - Security Features vulnerability in Google Chrome

The RuntimeEventRouter::OnExtensionUninstalled function in extensions/browser/api/runtime/runtime_api.cc in Google Chrome before 45.0.2454.85 does not ensure that the setUninstallURL preference corresponds to the URL of a web site, which allows user-assisted remote attackers to trigger access to an arbitrary URL via a crafted extension that is uninstalled.

4.3
2015-09-03 CVE-2015-4552 Mybb Cross-Site Scripting vulnerability in Mybb

Cross-site scripting (XSS) vulnerability in the quick edit function in xmlhttp.php in MyBB (aka MyBulletinBoard) before 1.8.5 allows remote attackers to inject arbitrary web script or HTML via the content of a post.

4.3
2015-09-03 CVE-2015-6506 Bestpractical Cross-Site Scripting vulnerability in Bestpractical Request Tracker

Cross-site scripting (XSS) vulnerability in the cryptography interface in Request Tracker (RT) before 4.2.12 allows remote attackers to inject arbitrary web script or HTML via a crafted public key.

4.3
2015-09-01 CVE-2015-6737 Widgets Project Cross-Site Scripting vulnerability in Widgets Project Widgets

Cross-site scripting (XSS) vulnerability in the Widgets extension for MediaWiki allows remote attackers to inject arbitrary web script or HTML via vectors involving base64 encoded content.

4.3
2015-09-01 CVE-2015-6734 Mediawiki Cross-Site Scripting vulnerability in Mediawiki

Cross-site scripting (XSS) vulnerability in contrib/cssgen.php in the GeSHi, as used in the SyntaxHighlight_GeSHi extension and MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2015-09-01 CVE-2015-6732 Semanticforms Project Cross-Site Scripting vulnerability in Semanticforms Project Semanticforms

Multiple cross-site scripting (XSS) vulnerabilities in the SemanticForms extension for MediaWiki allow remote attackers to inject arbitrary web script or HTML via the (1) wpSummary parameter to Special:FormEdit, the (2) "Template label (optional)" field in a form, or a (3) Field name in a template.

4.3
2015-09-01 CVE-2015-6731 Semanticforms Project Cross-Site Scripting vulnerability in Semanticforms Project Semanticforms

Multiple cross-site scripting (XSS) vulnerabilities in the SemanticForms extension for MediaWiki allow remote attackers to inject arbitrary web script or HTML via a (1) section_*, (2) template_*, (3) label_*, or (4) new_template parameter to Special:CreateForm or (5) target or (6) alt_form parameter to Special:FormEdit.

4.3
2015-09-01 CVE-2015-6730 Mediawiki Cross-Site Scripting vulnerability in Mediawiki

Cross-site scripting (XSS) vulnerability in thumb.php in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 allows remote attackers to inject arbitrary web script or HTML via the f parameter, which is not properly handled in an error page, related to "ForeignAPI images."

4.3
2015-09-01 CVE-2015-6729 Mediawiki Cross-Site Scripting vulnerability in Mediawiki

Cross-site scripting (XSS) vulnerability in thumb.php in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 allows remote attackers to inject arbitrary web script or HTML via the rel404 parameter, which is not properly handled in an error page.

4.3
2015-09-01 CVE-2015-2807 Documentcloud Cross-Site Scripting vulnerability in Documentcloud Navis Documentcloud

Cross-site scripting (XSS) vulnerability in js/window.php in the Navis DocumentCloud plugin before 0.1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the wpbase parameter.

4.3
2015-08-31 CVE-2014-6616 Softing Cross-Site Scripting vulnerability in Softing Fg-X00 Profibus Firmware 2.02.0.00

Cross-site scripting (XSS) vulnerability in Softing FG-100 PROFIBUS Single Channel (FG-100-PB) with firmware FG-x00-PB_V2.02.0.00 allows remote attackers to inject arbitrary web script or HTML via the DEVICE_NAME parameter to cgi-bin/CFGhttp/.

4.3
2015-08-31 CVE-2014-3148 OK WEB Server Project Cross-Site Scripting vulnerability in OK web Server Project OK web Server

Cross-site scripting (XSS) vulnerability in libahttp/err.c in OkCupid OKWS (OK Web Server) allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to a non-existent page, which is not properly handled in a 404 error page.

4.3
2015-08-31 CVE-2014-2570 PHP Font LIB Project Cross-Site Scripting vulnerability in PHP Font LIB Project PHP Font LIB 0.3

Cross-site scripting (XSS) vulnerability in www/make_subset.php in PHP Font Lib before 0.3.1 allows remote attackers to inject arbitrary web script or HTML via the name parameter.

4.3
2015-08-31 CVE-2015-6744 Basware Unspecified vulnerability in Basware Banking

Basware Banking (Maksuliikenne) before 8.90.07.X relies on the client to enforce (1) login verification, (2) audit trail creation, and (3) account locking, which allows remote attackers to "disrupt security-critical functions" by "dropping network traffic." NOTE: this identifier was SPLIT from CVE-2015-0942 per ADT2 and ADT3 due to different vulnerability type and different affected versions.

4.3
2015-09-05 CVE-2015-2990 Neojapan Path Traversal vulnerability in Neojapan Desknet NEO

Directory traversal vulnerability in zhtml.cgi in NEOJAPAN desknet NEO 2.0R1.0 through 2.5R1.4 allows remote authenticated users to read arbitrary files via a crafted parameter.

4.0
2015-09-02 CVE-2015-6587 Openafs
Debian
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

The vlserver in OpenAFS before 1.6.13 allows remote authenticated users to cause a denial of service (out-of-bounds read and crash) via a crafted regular expression in a VL_ListAttributesN2 RPC.

4.0

17 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2015-09-04 CVE-2015-6810 Invisionpower Cross-Site Scripting vulnerability in Invisionpower Invision Power Board

Cross-site scripting (XSS) vulnerability in Invision Power Services IPS Community Suite (aka Invision Power Board, IPB, or Power Board) 4.x before 4.0.12.1 allows remote authenticated users to inject arbitrary web script or HTML via the event_location[address] array parameter to calendar/submit/.

3.5
2015-09-04 CVE-2015-6808 Getlevelten Cross-Site Scripting vulnerability in Getlevelten Spotlight

Cross-site scripting (XSS) vulnerability in the Spotlight module 7.x-1.x before 7.x-1.5 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via a node title.

3.5
2015-09-03 CVE-2015-1516 Polycom Cross-Site Scripting vulnerability in Polycom Realpresence Cloudaxis Suite

Cross-site scripting (XSS) vulnerability in Polycom RealPresence CloudAXIS Suite before 1.7.0 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

3.5
2015-09-02 CVE-2015-6805 Medhabidotcom Cross-Site Scripting vulnerability in Medhabidotcom MDC Private Message 1.0.0

Cross-site scripting (XSS) vulnerability in the MDC Private Message plugin 1.0.0 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the message field in a private message.

3.5
2015-08-31 CVE-2015-6753 Quick Edit Project Cross-Site Scripting vulnerability in Quick Edit Project Quick Edit 7.X1.0/7.X1.1

Multiple cross-site scripting (XSS) vulnerabilities in the Quick Edit module 7.x-1.x before 7.x-1.2 for Drupal allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via an (1) entity title, related to in-place editing, or a (2) node title.

3.5
2015-08-31 CVE-2015-6751 Time Tracker Project Cross-Site Scripting vulnerability in Time Tracker Project Time Tracker

Multiple cross-site scripting (XSS) vulnerabilities in the Time Tracker module 7.x-1.x before 7.x-1.4 for Drupal allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via a (1) note added to a time entry or an (2) activity used to categorize time tracker entries.

3.5
2015-08-31 CVE-2015-6535 Youtube Embed Project Cross-Site Scripting vulnerability in Youtube Embed Project Youtube Embed 3.3.2

Cross-site scripting (XSS) vulnerability in includes/options-profiles.php in the YouTube Embed plugin before 3.3.3 for WordPress allows remote administrators to inject arbitrary web script or HTML via the Profile name field (youtube_embed_name parameter).

3.5
2015-08-31 CVE-2014-2329 Check MK Project Cross-Site Scripting vulnerability in Check MK Project Check MK

Multiple cross-site scripting (XSS) vulnerabilities in Check_MK before 1.2.2p3 and 1.2.3x before 1.2.3i5 allow remote authenticated users to inject arbitrary web script or HTML via the (1) agent string for a check_mk agent, a (2) crafted request to a monitored host, which is not properly handled by the logwatch module, or other unspecified vectors.

3.5
2015-09-04 CVE-2015-6807 Mass Contact Project Cross-Site Scripting vulnerability in Mass Contact Project Mass Contact

Cross-site scripting (XSS) vulnerability in the Mass Contact module 6.x-1.x before 6.x-1.6 and 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the "administer mass contact" permission to inject arbitrary web script or HTML via a category label.

2.1
2015-09-03 CVE-2015-6654 XEN Permissions, Privileges, and Access Controls vulnerability in XEN 4.4.0/4.5.0/4.5.1

The xenmem_add_to_physmap_one function in arch/arm/mm.c in Xen 4.5.x, 4.4.x, and earlier does not limit the number of printk console messages when reporting a failure to retrieve a reference on a foreign page, which allows remote domains to cause a denial of service by leveraging permissions to map the memory of a foreign guest.

2.1
2015-09-03 CVE-2015-4077 Fortinet Information Exposure vulnerability in Fortinet Forticlient

The (1) mdare64_48.sys, (2) mdare32_48.sys, (3) mdare32_52.sys, and (4) mdare64_52.sys drivers in Fortinet FortiClient before 5.2.4 allow local users to read arbitrary kernel memory via a 0x22608C ioctl call.

2.1
2015-08-31 CVE-2015-6754 Path Breadcrumbs Project Cross-Site Scripting vulnerability in Path Breadcrumbs Project Path Breadcrumbs 7.X3.0/7.X3.1/7.X3.2

Cross-site scripting (XSS) vulnerability in the administration interface in the Path Breadcrumbs module 7.x-3.x before 7.x-3.3 for Drupal allows remote authenticated users with the "Administer Path Breadcrumbs" permission to inject arbitrary web script or HTML via unspecified vectors.

2.1
2015-08-31 CVE-2015-6752 Search API Autocomplete Project Cross-Site Scripting vulnerability in Search API Autocomplete Project Search API Autocomplete 7.X1.0/7.X1.1/7.X1.2

Cross-site scripting (XSS) vulnerability in the Search API Autocomplete module 7.x-1.x before 7.x-1.3 for Drupal, when the search index is configured to use the HTML filter processor, allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors, which are not properly handled in the returned suggestions.

2.1
2015-08-31 CVE-2015-6746 Basware Information Exposure vulnerability in Basware Banking

Basware Banking (Maksuliikenne) before 8.90.07.X stores private keys in plaintext in the SQL database, which allows remote attackers to spoof communications with banks via unspecified vectors.

2.1
2015-08-31 CVE-2015-5697 Linux Information Exposure vulnerability in Linux Kernel

The get_bitmap_file function in drivers/md/md.c in the Linux kernel before 4.1.6 does not initialize a certain bitmap data structure, which allows local users to obtain sensitive information from kernel memory via a GET_BITMAP_FILE ioctl call.

2.1
2015-08-31 CVE-2015-3291 Linux Code vulnerability in Linux Kernel

arch/x86/entry/entry_64.S in the Linux kernel before 4.1.6 on the x86_64 platform does not properly determine when nested NMI processing is occurring, which allows local users to cause a denial of service (skipped NMI) by modifying the rsp register, issuing a syscall instruction, and triggering an NMI.

2.1
2015-08-31 CVE-2014-9731 Linux Code vulnerability in Linux Kernel

The UDF filesystem implementation in the Linux kernel before 3.18.2 does not ensure that space is available for storing a symlink target's name along with a trailing \0 character, which allows local users to obtain sensitive information via a crafted filesystem image, related to fs/udf/symlink.c and fs/udf/unicode.c.

2.1