Weekly Vulnerabilities Reports > September 14 to 20, 2015
Overview
191 new vulnerabilities reported during this period, including 18 critical vulnerabilities and 26 high severity vulnerabilities. This weekly summary report vulnerabilities in 116 products from 51 vendors including Apple, Cisco, Symantec, Newphoria Corporation, and IBM. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Information Exposure", "Permissions, Privileges, and Access Controls", "Improper Input Validation", and "Resource Management Errors".
- 161 reported vulnerabilities are remotely exploitables.
- 9 reported vulnerabilities have public exploit available.
- 31 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 166 reported vulnerabilities are exploitable by an anonymous user.
- Apple has the most reported vulnerabilities, with 98 reported vulnerabilities.
- Apple has the most reported critical vulnerabilities, with 8 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
18 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2015-09-18 | CVE-2015-6459 | GE | Path Traversal vulnerability in GE MDS Pulsenet Absolute path traversal vulnerability in the download feature in FileDownloadServlet in GE Digital Energy MDS PulseNET and MDS PulseNET Enterprise before 3.1.5 allows remote attackers to read or delete arbitrary files via a full pathname. | 10.0 |
2015-09-18 | CVE-2015-5911 | Apple | Security Bypass vulnerability in Apple mac OS X Server 5.0.2 Multiple unspecified vulnerabilities in Twisted in Wiki Server in Apple OS X Server before 5.0.3 allow attackers to have an unknown impact via an XML document. | 10.0 |
2015-09-18 | CVE-2015-5903 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, mac OS X and Watchos The kernel in Apple iOS before 9 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5868 and CVE-2015-5896. | 10.0 |
2015-09-18 | CVE-2015-5895 | Sqlite Apple | Multiple Security vulnerability in Apple iOS APPLE-SA-2015-09-16-1 Multiple unspecified vulnerabilities in SQLite before 3.8.10.2, as used in Apple iOS before 9, have unknown impact and attack vectors. | 10.0 |
2015-09-17 | CVE-2015-5538 | Citrix | Unspecified vulnerability in Citrix products Multiple unspecified vulnerabilities in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.1 Build 132.8, 10.5 before Build 57.7, and 10.5e before Build 56.1505.e allow remote attackers to gain privileges via unknown vectors, related to the (1) Command Line Interface (CLI) and the (2) Web User Interface (UI). | 10.0 |
2015-09-14 | CVE-2015-5998 | Impero | Improper Authentication vulnerability in Impero Education PRO Impero Education Pro before 5105 relies on the -1|AUTHENTICATE\x02PASSWORD string for authentication, which allows remote attackers to execute arbitrary programs via an encrypted command. | 10.0 |
2015-09-18 | CVE-2015-5876 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, mac OS X and Watchos dyld in Dev Tools in Apple iOS before 9 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | 9.3 |
2015-09-18 | CVE-2015-5867 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS and Watchos IOHIDFamily in Apple iOS before 9 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | 9.3 |
2015-09-18 | CVE-2015-5846 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS and Watchos IOKit in the kernel in Apple iOS before 9 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2015-5844 and CVE-2015-5845. | 9.3 |
2015-09-18 | CVE-2015-5845 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS and Watchos IOKit in the kernel in Apple iOS before 9 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2015-5844 and CVE-2015-5846. | 9.3 |
2015-09-18 | CVE-2015-5844 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS and Watchos IOKit in the kernel in Apple iOS before 9 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2015-5845 and CVE-2015-5846. | 9.3 |
2015-09-15 | CVE-2015-6949 | Asus | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Asus Tm-1900 Stack-based buffer overflow in the ASUS TM-AC1900 router allows remote attackers to execute arbitrary code via crafted HTTP header values. | 9.3 |
2015-09-15 | CVE-2015-6946 | Microfocus | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microfocus Accurev Multiple stack-based buffer overflows in the Reprise License Manager service in Borland AccuRev allow remote attackers to execute arbitrary code via the (1) akey or (2) actserver parameter to the activate_doit function or (3) licfile parameter to the service_startup_doit functionality. | 9.3 |
2015-09-20 | CVE-2015-4307 | Cisco | Permissions, Privileges, and Access Controls vulnerability in Cisco Prime Collaboration Provisioning The web framework in Cisco Prime Collaboration Provisioning before 11.0 allows remote authenticated users to bypass intended access restrictions and create administrative accounts via a crafted URL, aka Bug ID CSCut64111. | 9.0 |
2015-09-20 | CVE-2015-4304 | Cisco | Permissions, Privileges, and Access Controls vulnerability in Cisco Prime Collaboration Assurance The web framework in Cisco Prime Collaboration Assurance before 10.5.1.53684-1 allows remote authenticated users to bypass intended access restrictions, and create administrative accounts or read data from arbitrary tenant domains, via a crafted URL, aka Bug IDs CSCus62671 and CSCus62652. | 9.0 |
2015-09-18 | CVE-2015-6456 | GE | Unspecified vulnerability in GE MDS Pulsenet GE Digital Energy MDS PulseNET and MDS PulseNET Enterprise before 3.1.5 have hardcoded credentials for a support account, which allows remote attackers to obtain administrative access, and consequently execute arbitrary code, by leveraging knowledge of the password. | 9.0 |
2015-09-16 | CVE-2014-8778 | Checkmarx | Code Injection vulnerability in Checkmarx Cxsast Checkmarx CxSAST (formerly CxSuite) before 7.1.8 allows remote authenticated users to bypass the CxQL sandbox protection mechanism and execute arbitrary C# code by asserting the (1) System.Security.Permissions.PermissionState.Unrestricted or (2) System.Security.Permissions.SecurityPermissionFlag.AllFlags permission. | 9.0 |
2015-09-15 | CVE-2015-4947 | IBM | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in IBM Http Server Stack-based buffer overflow in the Administration Server in IBM HTTP Server 6.1.0.x through 6.1.0.47, 7.0.0.x before 7.0.0.39, 8.0.0.x before 8.0.0.12, and 8.5.x before 8.5.5.7, as used in WebSphere Application Server and other products, allows remote authenticated users to execute arbitrary code via unspecified vectors. | 9.0 |
26 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2015-09-20 | CVE-2015-5690 | Symantec | OS Command Injection vulnerability in Symantec web Gateway The management console on Symantec Web Gateway (SWG) appliances with software before 5.2.2 DB 5.0.0.1277 allows remote authenticated users to bypass intended access restrictions and execute arbitrary commands by leveraging a "redirect." | 8.5 |
2015-09-20 | CVE-2015-4306 | Cisco | Permissions, Privileges, and Access Controls vulnerability in Cisco Prime Collaboration Assurance The web framework in Cisco Prime Collaboration Assurance before 10.5.1.53684-1 allows remote authenticated users to bypass intended login-session read restrictions, and impersonate administrators of arbitrary tenant domains, by discovering a session identifier and constructing a crafted URL, aka Bug IDs CSCus88343 and CSCus88334. | 8.5 |
2015-09-20 | CVE-2015-6547 | Symantec | Command Injection vulnerability in Symantec web Gateway The management console on Symantec Web Gateway (SWG) appliances with software before 5.2.2 DB 5.0.0.1277 allows remote authenticated users to execute arbitrary commands at boot time via unspecified vectors. | 8.3 |
2015-09-20 | CVE-2015-5693 | Symantec | Code Injection vulnerability in Symantec web Gateway The management console on Symantec Web Gateway (SWG) appliances with software before 5.2.2 DB 5.0.0.1277 allows remote authenticated users to execute arbitrary commands via vectors related to "traffic capture." | 7.9 |
2015-09-20 | CVE-2015-5692 | Symantec | Permissions, Privileges, and Access Controls vulnerability in Symantec web Gateway admin_messages.php in the management console on Symantec Web Gateway (SWG) appliances with software before 5.2.2 DB 5.0.0.1277 allows remote authenticated users to execute arbitrary code by uploading a file with a safe extension and content type, and then leveraging an improper Sudo configuration to make this a setuid-root file. | 7.9 |
2015-09-20 | CVE-2015-6284 | Cisco | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco Telepresence Server Software Buffer overflow in the Conference Control Protocol API implementation in Cisco TelePresence Server software before 4.1(2.33) on 7010, MSE 8710, Multiparty Media 310 and 320, and Virtual Machine devices allows remote attackers to cause a denial of service (device crash) via a crafted URL, aka Bug ID CSCuu28277. | 7.8 |
2015-09-15 | CVE-2015-5472 | IBS Mappro Project | Path Traversal vulnerability in IBS Mappro Project IBS Mappro 0.6 Absolute path traversal vulnerability in lib/download.php in the IBS Mappro plugin before 1.0 for WordPress allows remote attackers to read arbitrary files via a full pathname in the file parameter. | 7.8 |
2015-09-14 | CVE-2015-1943 | IBM | Resource Management Errors vulnerability in IBM Websphere Portal IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.0.x through 7.0.0.2 CF29, 8.0.x before 8.0.0.1 CF17, and 8.5.0 before CF06 allows remote attackers to cause a denial of service (CPU and memory consumption) via a crafted request. | 7.8 |
2015-09-14 | CVE-2015-5997 | Impero | Unspecified vulnerability in Impero Education PRO Impero Education Pro before 5105 uses a hardcoded CBC key and initialization vector derived from a hash of the Imp3ro string, which makes it easier for remote attackers to obtain plaintext data by sniffing the network for ciphertext data. | 7.8 |
2015-09-18 | CVE-2015-7243 | Boxoft | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Boxoft WAV TO MP3 Converter Buffer overflow in Boxoft WAV to MP3 Converter allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted WAV file. | 7.5 |
2015-09-18 | CVE-2015-7239 | SAP | SQL Injection vulnerability in SAP Netweaver J2Ee Engine 7.40 SQL injection vulnerability in the BP_FIND_JOBS_WITH_PROGRAM function module in SAP NetWeaver J2EE Engine 7.40 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
2015-09-18 | CVE-2015-5874 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products CoreText in Apple iOS before 9 and iTunes before 12.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file. | 7.5 |
2015-09-17 | CVE-2015-7235 | CP Reservation Calender Project | SQL Injection vulnerability in CP Reservation Calender Project CP Reservation Calender Multiple SQL injection vulnerabilities in dex_reservations.php in the CP Reservation Calendar plugin before 1.1.7 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in a dex_reservations_calendar_load2 action or (2) dex_item parameter in a dex_reservations_check_posted_data action in a request to the default URI. | 7.5 |
2015-09-17 | CVE-2015-6962 | Teiko | SQL Injection vulnerability in Teiko Farol SQL injection vulnerability in the web application in Farol allows remote attackers to execute arbitrary SQL commands via the email parameter to tkmonitor/estrutura/login/Login.actions.php. | 7.5 |
2015-09-16 | CVE-2015-1173 | Unit4 | Improper Access Control vulnerability in Unit4 Teta web Unit4 Polska TETA Web (formerly TETA Galactica) 22.62.3.4 does not properly restrict access to the (1) Design Mode and (2) Debug Logger mode modules, which allows remote attackers to gain privileges via crafted "received parameters." | 7.5 |
2015-09-16 | CVE-2015-6829 | Ciphercoin | SQL Injection vulnerability in Ciphercoin WP Limit Login Attempts 1.0/2.0 Multiple SQL injection vulnerabilities in the getip function in wp-limit-login-attempts.php in the WP Limit Login Attempts plugin before 2.0.1 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) X-Forwarded-For or (2) Client-IP HTTP header. | 7.5 |
2015-09-14 | CVE-2015-4499 | Mozilla | Improper Input Validation vulnerability in Mozilla Bugzilla Util.pm in Bugzilla 2.x, 3.x, and 4.x before 4.2.15, 4.3.x and 4.4.x before 4.4.10, and 5.x before 5.0.1 mishandles long e-mail addresses during account registration, which allows remote attackers to obtain the default privileges for an arbitrary domain name by placing that name in a substring of an address, as demonstrated by truncation of an @mozilla.com.example.com address to an @mozilla.com address. | 7.5 |
2015-09-18 | CVE-2015-6296 | Cisco | Permissions, Privileges, and Access Controls vulnerability in Cisco Prime Network Registrar 8.1.3.3/8.2.3/8.3.2 Cisco Prime Network Registrar (CPNR) 8.1(3.3), 8.2(3), and 8.3(2) has a default account, which allows local users to obtain root access by leveraging knowledge of the credentials, aka Bug ID CSCuw21825. | 7.2 |
2015-09-18 | CVE-2015-5899 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, mac OS X and Watchos libpthread in the kernel in Apple iOS before 9 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors. | 7.2 |
2015-09-18 | CVE-2015-5896 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, mac OS X and Watchos The kernel in Apple iOS before 9 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5868 and CVE-2015-5903. | 7.2 |
2015-09-18 | CVE-2015-5882 | Apple | Improper Access Control vulnerability in Apple Iphone OS, mac OS X and Watchos The processor_set_tasks API implementation in Apple iOS before 9 allows local users to bypass an entitlement protection mechanism and obtain access to the task ports of arbitrary processes by leveraging root privileges. | 7.2 |
2015-09-18 | CVE-2015-5868 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, mac OS X and Watchos The kernel in Apple iOS before 9 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5896 and CVE-2015-5903. | 7.2 |
2015-09-18 | CVE-2015-5848 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS and Watchos IOAcceleratorFamily in Apple iOS before 9 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors. | 7.2 |
2015-09-18 | CVE-2015-5847 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, mac OS X and Watchos The Disk Images component in Apple iOS before 9 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors. | 7.2 |
2015-09-18 | CVE-2015-5843 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS and Watchos IOMobileFrameBuffer in Apple iOS before 9 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors. | 7.2 |
2015-09-16 | CVE-2015-5465 | SIS | Memory Corruption vulnerability in SIS Windows VGA Display Manager 6.14.10.3930 Silicon Integrated Systems WindowsXP Display Manager (aka VGA Driver Manager and VGA Display Manager) 6.14.10.3930 allows local users to gain privileges via a crafted (1) 0x96002400 or (2) 0x96002404 IOCTL call. | 7.2 |
129 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2015-09-18 | CVE-2014-8611 | Apple Freebsd | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The __sflush function in fflush.c in stdio in libc in FreeBSD 10.1 and the kernel in Apple iOS before 9 mishandles failures of the write system call, which allows context-dependent attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow) via a crafted application. | 6.9 |
2015-09-20 | CVE-2015-5689 | Symantec | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Symantec Deployment Solution and Ghost Solutions Suite ghostexp.exe in Ghost Explorer Utility in Symantec Ghost Solutions Suite (GSS) before 3.0 HF2 12.0.0.8010 and Symantec Deployment Solution (DS) before 7.6 HF4 12.0.0.7045 performs improper sign-extend operations before array-element accesses, which allows remote attackers to execute arbitrary code, cause a denial of service (application crash), or possibly obtain sensitive information via a crafted Ghost image. | 6.8 |
2015-09-20 | CVE-2015-5637 | Newphoria Corporation | Permissions, Privileges, and Access Controls vulnerability in Newphoria Corporation 1.1 The Newphoria Photon application before 1.2 for Android allows attackers to bypass a URL whitelist protection mechanism and obtain API access via unspecified vectors. | 6.8 |
2015-09-20 | CVE-2015-5636 | Newphoria Corporation | Permissions, Privileges, and Access Controls vulnerability in Newphoria Corporation Reversi The Newphoria Reversi application before 1.0.3 for Android and before 1.2 for iOS allows attackers to bypass a URL whitelist protection mechanism and obtain API access via unspecified vectors. | 6.8 |
2015-09-20 | CVE-2015-5635 | Newphoria Corporation | Permissions, Privileges, and Access Controls vulnerability in Newphoria Corporation Koritore The Newphoria Koritore application before 1.1 for Android and before 1.1 for iOS allows attackers to bypass a URL whitelist protection mechanism and obtain API access via unspecified vectors. | 6.8 |
2015-09-20 | CVE-2015-5634 | Newphoria Corporation | Permissions, Privileges, and Access Controls vulnerability in Newphoria Corporation Megaphone Music The Newphoria MEGAPHONE MUSIC application before 1.1 for Android and before 1.1 for iOS allows attackers to bypass a URL whitelist protection mechanism and obtain API access via unspecified vectors. | 6.8 |
2015-09-20 | CVE-2015-5633 | Newphoria Corporation | Permissions, Privileges, and Access Controls vulnerability in Newphoria Corporation Auction Camera The Newphoria Auction Camera application for iOS and before 1.2 for Android allows attackers to bypass a URL whitelist protection mechanism and obtain API access via unspecified vectors. | 6.8 |
2015-09-20 | CVE-2015-5632 | Newphoria Corporation | Permissions, Privileges, and Access Controls vulnerability in Newphoria Corporation Applican The runtime engine in the Newphoria applican framework before 1.12.3 for Android and before 1.12.2 for iOS allows attackers to bypass a whitelist.xml URL whitelist protection mechanism and obtain API access via unspecified vectors. | 6.8 |
2015-09-18 | CVE-2015-5829 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS and Watchos Data Detectors Engine in Apple iOS before 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted text file. | 6.8 |
2015-09-18 | CVE-2015-5823 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, Itunes and Safari WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. | 6.8 |
2015-09-18 | CVE-2015-5822 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, Itunes and Safari WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. | 6.8 |
2015-09-18 | CVE-2015-5821 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, Itunes and Safari WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. | 6.8 |
2015-09-18 | CVE-2015-5819 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, Itunes and Safari WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. | 6.8 |
2015-09-18 | CVE-2015-5818 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, Itunes and Safari WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. | 6.8 |
2015-09-18 | CVE-2015-5817 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, Itunes and Safari WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. | 6.8 |
2015-09-18 | CVE-2015-5816 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, Itunes and Safari WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. | 6.8 |
2015-09-18 | CVE-2015-5815 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Itunes and Safari WebKit, as used in Apple iTunes before 12.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-3. | 6.8 |
2015-09-18 | CVE-2015-5814 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, Itunes and Safari WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. | 6.8 |
2015-09-18 | CVE-2015-5813 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, Itunes and Safari WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. | 6.8 |
2015-09-18 | CVE-2015-5812 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, Itunes and Safari WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. | 6.8 |
2015-09-18 | CVE-2015-5811 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, Itunes and Safari WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. | 6.8 |
2015-09-18 | CVE-2015-5810 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, Itunes and Safari WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. | 6.8 |
2015-09-18 | CVE-2015-5809 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, Itunes and Safari WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. | 6.8 |
2015-09-18 | CVE-2015-5808 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Itunes and Safari WebKit, as used in Apple iTunes before 12.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-3. | 6.8 |
2015-09-18 | CVE-2015-5807 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, Itunes and Safari WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. | 6.8 |
2015-09-18 | CVE-2015-5806 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, Itunes and Safari WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. | 6.8 |
2015-09-18 | CVE-2015-5805 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, Itunes and Safari WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. | 6.8 |
2015-09-18 | CVE-2015-5804 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, Itunes and Safari WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. | 6.8 |
2015-09-18 | CVE-2015-5803 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, Itunes and Safari WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. | 6.8 |
2015-09-18 | CVE-2015-5802 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, Itunes and Safari WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. | 6.8 |
2015-09-18 | CVE-2015-5801 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, Itunes and Safari WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. | 6.8 |
2015-09-18 | CVE-2015-5800 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, Itunes and Safari WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. | 6.8 |
2015-09-18 | CVE-2015-5799 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, Itunes and Safari WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. | 6.8 |
2015-09-18 | CVE-2015-5798 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Itunes and Safari WebKit, as used in Apple iTunes before 12.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-3. | 6.8 |
2015-09-18 | CVE-2015-5797 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, Itunes and Safari WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. | 6.8 |
2015-09-18 | CVE-2015-5796 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, Itunes and Safari WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. | 6.8 |
2015-09-18 | CVE-2015-5795 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, Itunes and Safari WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. | 6.8 |
2015-09-18 | CVE-2015-5794 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, Itunes and Safari WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. | 6.8 |
2015-09-18 | CVE-2015-5793 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, Itunes and Safari WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. | 6.8 |
2015-09-18 | CVE-2015-5792 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, Itunes and Safari WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. | 6.8 |
2015-09-18 | CVE-2015-5791 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, Itunes and Safari WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. | 6.8 |
2015-09-18 | CVE-2015-5790 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, Itunes and Safari WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. | 6.8 |
2015-09-18 | CVE-2015-5789 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, Itunes and Safari WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. | 6.8 |
2015-09-16 | CVE-2015-6973 | Igniterealtime | Cross-Site Request Forgery (CSRF) vulnerability in Igniterealtime Openfire 3.10.2 Multiple cross-site request forgery (CSRF) vulnerabilities in Ignite Realtime Openfire 3.10.2 allow remote attackers to hijack the authentication of administrators for requests that (1) change a password via a crafted request to user-password.jsp, (2) add users via a crafted request to user-create.jsp, (3) edit server settings or (4) disable SSL on the server via a crafted request to server-props.jsp, or (5) add clients via a crafted request to plugins/clientcontrol/permitted-clients.jsp. | 6.8 |
2015-09-16 | CVE-2015-6966 | Nibbleblog | Cross-Site Request Forgery (CSRF) vulnerability in Nibbleblog 4.0.1 Multiple cross-site request forgery (CSRF) vulnerabilities in Nibbleblog before 4.0.5 allow remote attackers to hijack the authentication of administrators for requests that (1) create a post via a new_simple action to admin.php or (2) conduct cross-site scripting (XSS) attacks via the content parameter in a new_simple action to admin.php. | 6.8 |
2015-09-16 | CVE-2015-6965 | Creative Solutions | Cross-Site Request Forgery (CSRF) vulnerability in Creative-Solutions Contact Form Generator Multiple cross-site request forgery (CSRF) vulnerabilities in the Contact Form Generator plugin 2.0.1 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) create a field, (2) update a field, (3) delete a field, (4) create a form, (5) update a form, (6) delete a form, (7) create a template, (8) update a template, (9) delete a template, or (10) conduct cross-site scripting (XSS) attacks via a crafted request to the cfg_forms page in wp-admin/admin.php. | 6.8 |
2015-09-16 | CVE-2015-6828 | Securemoz | Improper Input Validation vulnerability in Securemoz Security Audit The tweet_info function in class/__functions.php in the SecureMoz Security Audit plugin 1.0.5 and earlier for WordPress does not use an HTTPS session for downloading serialized data, which allows man-in-the-middle attackers to conduct PHP object injection attacks and execute arbitrary PHP code by modifying the client-server data stream. | 6.8 |
2015-09-15 | CVE-2015-6948 | Corel | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Corel Wordperfect Heap-based buffer overflow in the Microsoft Word document conversion feature in Corel WordPerfect allows remote attackers to execute arbitrary code via a crafted document. | 6.8 |
2015-09-15 | CVE-2015-6944 | JSP Mysql Administrador WEB Project | Cross-Site Request Forgery (CSRF) vulnerability in Jsp/Mysql Administrador web Project Jsp/Mysql Administrador web 1.0 Cross-site request forgery (CSRF) vulnerability in JSP/MySQL Administrador Web 1 allows remote attackers to hijack the authentication of users for requests that execute arbitrary SQL commands via the cmd parameter to sys/sys/listaBD2.jsp. | 6.8 |
2015-09-20 | CVE-2014-9229 | Symantec | SQL Injection vulnerability in Symantec Endpoint Protection Multiple SQL injection vulnerabilities in interface PHP scripts in the Manager component in Symantec Endpoint Protection (SEP) before 12.1.6 allow remote authenticated users to execute arbitrary SQL commands by leveraging the Limited Administrator role. | 6.5 |
2015-09-20 | CVE-2015-6299 | Cisco | SQL Injection vulnerability in Cisco Unity Connection 9.1(1)/9.1(2) SQL injection vulnerability in the web interface in Cisco Unity Connection 9.1(1.2) and earlier allows remote authenticated users to execute arbitrary SQL commands via a crafted POST request, aka Bug ID CSCuv63824. | 6.5 |
2015-09-16 | CVE-2015-6968 | S9Y | Unspecified vulnerability in S9Y Serendipity Multiple incomplete blacklist vulnerabilities in the serendipity_isActiveFile function in include/functions_images.inc.php in Serendipity before 2.0.2 allow remote authenticated users to execute arbitrary PHP code by uploading a file with a (1) .pht or (2) .phtml extension. | 6.5 |
2015-09-16 | CVE-2015-6967 | Nibbleblog | Unspecified vulnerability in Nibbleblog 4.0.1 Unrestricted file upload vulnerability in the My Image plugin in Nibbleblog before 4.0.5 allows remote administrators to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in content/private/plugins/my_image/image.php. | 6.5 |
2015-09-16 | CVE-2015-3623 | Qlik | Unspecified vulnerability in Qlik Qlikview XML external entity (XXE) vulnerability in QlikTech Qlikview before 11.20 SR12 allows remote attackers to conduct server-side request forgery (SSRF) attacks and read arbitrary files via crafted XML data in a request to AccessPoint.aspx. | 6.4 |
2015-09-14 | CVE-2015-6285 | Cisco | Use of Externally-Controlled Format String vulnerability in Cisco Email Security Appliance 7.6.0/8.0.0 Format string vulnerability in Cisco Email Security Appliance (ESA) 7.6.0 and 8.0.0 allows remote attackers to cause a denial of service (memory overwrite or service outage) via format string specifiers in an HTTP request, aka Bug ID CSCug21497. | 6.4 |
2015-09-18 | CVE-2015-6294 | Cisco | Resource Management Errors vulnerability in Cisco IOS and IOS XE Cisco IOS 15.2(3)E and earlier and IOS XE 3.6(2)E and earlier allow remote attackers to cause a denial of service (functionality loss) via crafted Cisco Discovery Protocol (CDP) packets, aka Bug ID CSCuu25770. | 6.1 |
2015-09-15 | CVE-2015-6943 | S9Y | SQL Injection vulnerability in S9Y Serendipity SQL injection vulnerability in the serendipity_checkCommentToken function in include/functions_comments.inc.php in Serendipity before 2.0.2, when "Use Tokens for Comment Moderation" is enabled, allows remote administrators to execute arbitrary SQL commands via the serendipity[id] parameter to serendipity_admin.php. | 6.0 |
2015-09-20 | CVE-2015-6548 | Symantec | SQL Injection vulnerability in Symantec web Gateway Multiple SQL injection vulnerabilities in a PHP script in the management console on Symantec Web Gateway (SWG) appliances with software before 5.2.2 DB 5.0.0.1277 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | 5.8 |
2015-09-18 | CVE-2015-6932 | Vmware | Cryptographic Issues vulnerability in VMWare Vcenter Server 5.5/6.0 VMware vCenter Server 5.5 before u3 and 6.0 before u1 does not verify X.509 certificates from TLS LDAP servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.8 |
2015-09-14 | CVE-2015-6286 | Cisco | Resource Management Errors vulnerability in Cisco Application Visibility and Control 15.3(3)Ja Cisco Application Visibility and Control (AVC) 15.3(3)JA, when FlexConnect is enabled, allows remote attackers to cause a denial of service (access-point outage) via a crafted UDP packet, aka Bug ID CSCuu47016. | 5.7 |
2015-09-17 | CVE-2015-7233 | Structured Dynamics | Cross-Site Request Forgery (CSRF) vulnerability in Structured Dynamics Open Semantic Framework 7.X3.0/7.X3.X Cross-site request forgery (CSRF) vulnerability in the OSF module 7.x-3.x before 7.x-3.1 for Drupal, when the OSF Import module is enabled, allows remote attackers to hijack the authentication of administrators for requests that create new OSF datasets via unspecified vectors. | 5.1 |
2015-09-20 | CVE-2015-6301 | Cisco | Resource Management Errors vulnerability in Cisco products The DHCPv6 server in Cisco IOS on ASR 9000 devices with software 5.2.0 Base allows remote attackers to cause a denial of service (process reset) via crafted packets, aka Bug ID CSCun72171. | 5.0 |
2015-09-18 | CVE-2015-6297 | Cisco | Resource Management Errors vulnerability in Cisco IOS XR 5.2.0Base The DHCPv6 server in Cisco IOS on ASR 9000 devices with software 5.2.0 Base allows remote attackers to cause a denial of service (process reset) via crafted packets, aka Bug ID CSCun36525. | 5.0 |
2015-09-18 | CVE-2015-3962 | Schneider Electric | Insufficiently Protected Credentials vulnerability in Schneider-Electric Struxureware Building Expert Multi-Purpose Management Schneider Electric StruxureWare Building Expert MPM before 2.15 does not use encryption for the client-server data stream, which allows remote attackers to discover credentials by sniffing the network. | 5.0 |
2015-09-18 | CVE-2015-7237 | Mcafee | Path Traversal vulnerability in Mcafee Agent 5.0.0/5.0.1 Directory traversal vulnerability in the remote log viewing functionality in McAfee Agent (MA) 5.x before 5.0.2 allows remote attackers to obtain sensitive information via unspecified vectors. | 5.0 |
2015-09-18 | CVE-2015-4638 | F5 | Improper Input Validation vulnerability in F5 products The FastL4 virtual server in F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, GTM, Link Controller, and PEM 11.3.0 through 11.5.2 and 11.6.0 through 11.6.0 HF4, BIG-IP Edge Gateway, WebAccelerator, and WOM 11.2.1 through 11.3.0, and BIG-IP PSM 11.2.1 through 11.4.1 allows remote attackers to cause a denial of service (Traffic Management Microkernel restart) via a fragmented packet. | 5.0 |
2015-09-18 | CVE-2015-5912 | Apple | Code vulnerability in Apple Iphone OS and mac OS X The CFNetwork FTPProtocol component in Apple iOS before 9 allows remote FTP proxy servers to trigger TCP connection attempts to intranet hosts via crafted responses. | 5.0 |
2015-09-18 | CVE-2015-5909 | Apple | Information Exposure vulnerability in Apple Xcode IDE Xcode Server in Apple Xcode before 7.0 does not properly restrict access to repository e-mail lists, which allows remote attackers to obtain potentially sensitive build information in opportunistic circumstances by leveraging incorrect notification delivery. | 5.0 |
2015-09-18 | CVE-2015-5906 | Apple | Information Exposure vulnerability in Apple Iphone OS The HTML form implementation in WebKit in Apple iOS before 9 does not prevent QuickType access to the final character of a password, which might make it easier for remote attackers to discover a password by leveraging a later prediction containing that character. | 5.0 |
2015-09-18 | CVE-2015-5905 | Apple | 7PK - Security Features vulnerability in Apple Iphone OS Safari in Apple iOS before 9 allows remote attackers to spoof the relationship between URLs and web content via a crafted window opener on a web site. | 5.0 |
2015-09-18 | CVE-2015-5885 | Apple | Information Exposure vulnerability in Apple Iphone OS, mac OS X and Watchos The CFNetwork Cookies component in Apple iOS before 9 allows remote attackers to track users via vectors involving a cookie for a top-level domain. | 5.0 |
2015-09-18 | CVE-2015-5879 | Apple | Improper Input Validation vulnerability in Apple Iphone OS and mac OS X XNU in the kernel in Apple iOS before 9 does not properly validate the headers of TCP packets, which allows remote attackers to bypass the sequence-number protection mechanism and cause a denial of service (TCP connection disruption) via a crafted header. | 5.0 |
2015-09-18 | CVE-2015-5860 | Apple | Information Exposure vulnerability in Apple Iphone OS and Watchos The CFNetwork HTTPProtocol component in Apple iOS before 9 mishandles HSTS state, which allows remote attackers to bypass the Safari private-browsing protection mechanism and track users via a crafted web site. | 5.0 |
2015-09-18 | CVE-2015-5858 | Apple | Information Exposure vulnerability in Apple Iphone OS and Watchos The CFNetwork HTTPProtocol component in Apple iOS before 9 allows remote attackers to bypass the HSTS protection mechanism, and consequently obtain sensitive information, via a crafted URL. | 5.0 |
2015-09-18 | CVE-2015-5857 | Apple | 7PK - Security Features vulnerability in Apple Iphone OS Mail in Apple iOS before 9 allows remote attackers to use an address-book contact as a spoofed e-mail sender address via unspecified vectors. | 5.0 |
2015-09-18 | CVE-2015-5841 | Apple | Injection vulnerability in Apple Iphone OS, mac OS X and Watchos The CFNetwork Proxies component in Apple iOS before 9 does not properly handle a Set-Cookie header within a response to an HTTP CONNECT request, which allows remote proxy servers to conduct cookie-injection attacks via a crafted response. | 5.0 |
2015-09-18 | CVE-2015-5840 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, mac OS X and Watchos The checkint division routines in removefile in Apple iOS before 9 allow attackers to cause a denial of service (overflow fault and app crash) via crafted data. | 5.0 |
2015-09-18 | CVE-2015-5839 | Apple | 7PK - Security Features vulnerability in Apple Iphone OS, mac OS X and Watchos dyld in Apple iOS before 9 allows attackers to bypass a code-signing protection mechanism via an app that places a crafted signature in an executable file. | 5.0 |
2015-09-18 | CVE-2015-5831 | Apple | Information Exposure vulnerability in Apple Iphone OS and mac OS X NetworkExtension in the kernel in Apple iOS before 9 does not properly initialize an unspecified data structure, which allows attackers to obtain sensitive memory-layout information via a crafted app. | 5.0 |
2015-09-18 | CVE-2015-5827 | Apple | Information Exposure vulnerability in Apple Iphone OS and Safari WebKit in Apple iOS before 9 allows remote attackers to bypass the Same Origin Policy and obtain an object reference via vectors involving a (1) custom event, (2) message event, or (3) pop state event. | 5.0 |
2015-09-18 | CVE-2015-3801 | Apple | Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS and Safari The document.cookie API implementation in the CFNetwork Cookies subsystem in WebKit in Apple iOS before 9 allows remote attackers to bypass an intended single-cookie restriction via unspecified vectors. | 5.0 |
2015-09-17 | CVE-2015-7231 | Drupalcommerce | Improper Input Validation vulnerability in Drupalcommerce Commerce Commonwealth The Commerce Commonwealth (CBA) module 7.x-1.x before 7.x-1.5 for Drupal does not properly validate payments, which allows remote attackers to make a failed payment appear valid via a crafted URL, related to a "response from commweb." | 5.0 |
2015-09-17 | CVE-2015-7228 | Restful Project | Access Bypass vulnerability in Restful Project Restful 7.X1.0/7.X1.1/7.X1.2 The RESTful module 7.x-1.x before 7.x-1.3 for Drupal does not properly cache pages of authenticated users when using non-cookie authentication providers, which allows remote attackers to obtain sensitive information via unspecified vectors. | 5.0 |
2015-09-17 | CVE-2015-7226 | Administration Views Project | Information Exposure vulnerability in Administration Views Project Administration Views The Administration Views module 7.x-1.x before 7.x-1.5 for Drupal checks access permissions based on the router path from the view instead of the display property, which allows remote attackers to obtain sensitive information via vectors related to the access handler. | 5.0 |
2015-09-14 | CVE-2014-9745 | Freetype Debian Canonical Opensuse | Resource Management Errors vulnerability in multiple products The parse_encoding function in type1/t1load.c in FreeType before 2.5.3 allows remote attackers to cause a denial of service (infinite loop) via a "broken number-with-base" in a Postscript stream, as demonstrated by 8#garbage. | 5.0 |
2015-09-14 | CVE-2015-6830 | Phpmyadmin | Information Exposure vulnerability in PHPmyadmin libraries/plugins/auth/AuthenticationCookie.class.php in phpMyAdmin 4.3.x before 4.3.13.2 and 4.4.x before 4.4.14.1 allows remote attackers to bypass a multiple-reCaptcha protection mechanism against brute-force credential guessing by providing a correct response to a single reCaptcha. | 5.0 |
2015-09-14 | CVE-2015-6288 | Cisco | Resource Management Errors vulnerability in Cisco Content Security Management Appliance 7.8Base Cisco Content Security Management Appliance (SMA) 7.8.0-000 does not properly validate credentials, which allows remote attackers to cause a denial of service (rapid log-file rollover and application fault) via crafted HTTP requests, aka Bug ID CSCuw09620. | 5.0 |
2015-09-14 | CVE-2015-6287 | Cisco | Resource Management Errors vulnerability in Cisco web Security Virtual Appliance 8.0.5/8.0.6/8.0Base Cisco Web Security Appliance (WSA) 8.0.6-078 and 8.0.6-115 allows remote attackers to cause a denial of service (service outage) via a flood of TCP traffic that leads to DNS resolution delays, aka Bug IDs CSCur32005 and CSCur07907. | 5.0 |
2015-09-14 | CVE-2015-2013 | IBM | Resource Management Errors vulnerability in IBM Websphere MQ IBM WebSphere MQ 7.0.1 before 7.0.1.13 allows remote attackers to cause a denial of service (channel-agent abend and process outage) via a crafted selection string in an MQI call. | 5.0 |
2015-09-20 | CVE-2014-9228 | Symantec | Resource Management Errors vulnerability in Symantec Endpoint Protection sysplant.sys in the Manager component in Symantec Endpoint Protection (SEP) before 12.1.6 allows local users to cause a denial of service (blocked system shutdown) by triggering an unspecified deadlock condition. | 4.9 |
2015-09-16 | CVE-2015-5440 | HP | Information Exposure vulnerability in HP Universal Configuration Management Database HP UCMDB 10.00 and 10.01 before 10.01CUP12, 10.10 and 10.11 before 10.11CUP6, and 10.2x before 10.21 allows local users to obtain sensitive information via unspecified vectors. | 4.9 |
2015-09-20 | CVE-2015-6295 | Cisco | Resource Management Errors vulnerability in Cisco Nx-Os 6.1(2)I3(4)/7.0(3)I1(1) Cisco NX-OS 6.1(2)I3(4) and 7.0(3)I1(1) on Nexus 9000 (N9K) devices allows remote attackers to cause a denial of service (CPU consumption or control-plane instability) or trigger unintended traffic forwarding via a Layer 2 packet with a reserved VLAN number, aka Bug ID CSCuw13560. | 4.8 |
2015-09-16 | CVE-2015-5426 | HP | Local Code Execution vulnerability in HP LoadRunner Unspecified vulnerability in HP LoadRunner Controller before 12.50 allows local users to gain privileges via unknown vectors, aka ZDI-CAN-2756. | 4.6 |
2015-09-20 | CVE-2014-9227 | Symantec | DLL Loading Local Privilege Escalation vulnerability in Symantec Endpoint Protection Manager and Client Multiple untrusted search path vulnerabilities in the Manager component in Symantec Endpoint Protection (SEP) before 12.1.6 allow local users to gain privileges via a Trojan horse DLL in an unspecified directory. | 4.4 |
2015-09-20 | CVE-2015-5691 | Symantec | Cross-site Scripting vulnerability in Symantec web Gateway Multiple cross-site scripting (XSS) vulnerabilities in PHP scripts in the management console on Symantec Web Gateway (SWG) appliances with software before 5.2.2 DB 5.0.0.1277 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, as demonstrated an attack against admin_messages.php. | 4.3 |
2015-09-20 | CVE-2015-5638 | Dena | Path Traversal vulnerability in Dena H20 Directory traversal vulnerability in H2O before 1.4.5 and 1.5.x before 1.5.0-beta2, when the file.dir directive is enabled, allows remote attackers to read arbitrary files via a crafted URL. | 4.3 |
2015-09-18 | CVE-2015-6939 | Joomla | Cross-site Scripting vulnerability in Joomla Joomla! Cross-site scripting (XSS) vulnerability in the login module in Joomla! 3.4.x before 3.4.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2015-09-18 | CVE-2015-5921 | Apple | Information Exposure vulnerability in Apple Iphone OS WebKit in Apple iOS before 9 mishandles "Content-Disposition: attachment" HTTP headers, which might allow man-in-the-middle attackers to obtain sensitive information via unspecified vectors. | 4.3 |
2015-09-18 | CVE-2015-5920 | Apple | Information Disclosure vulnerability in Apple iTunes The Software Update component in Apple iTunes before 12.3 does not properly handle redirection, which allows man-in-the-middle attackers to discover encrypted SMB credentials via unspecified vectors. | 4.3 |
2015-09-18 | CVE-2015-5916 | Apple | Information Exposure vulnerability in Apple Iphone OS and Watchos The Apple Pay component in Apple iOS before 9 allows remote terminals to obtain sensitive recent-transaction information during payments by leveraging the transaction-log feature. | 4.3 |
2015-09-18 | CVE-2015-5904 | Apple | 7PK - Security Features vulnerability in Apple Iphone OS Safari in Apple iOS before 9 allows remote attackers to spoof the relationship between URLs and web content via a crafted web site. | 4.3 |
2015-09-18 | CVE-2015-5880 | Apple | Information Exposure vulnerability in Apple Iphone OS CoreAnimation in Apple iOS before 9 allows attackers to bypass intended IOSurface restrictions and obtain screen-framebuffer access via a crafted background app. | 4.3 |
2015-09-18 | CVE-2015-5862 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, mac OS X and Watchos The Audio component in Apple iOS before 9 allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted audio file. | 4.3 |
2015-09-18 | CVE-2015-5856 | Apple | 7PK - Security Features vulnerability in Apple Iphone OS The Application Store component in Apple iOS before 9 allows remote attackers to cause a denial of service to an enterprise-signed app via a crafted ITMS URL. | 4.3 |
2015-09-18 | CVE-2015-5855 | Apple | Information Exposure vulnerability in Apple Iphone OS and Watchos Apple iOS before 9 allows attackers to discover the e-mail address of a player via a crafted Game Center app. | 4.3 |
2015-09-18 | CVE-2015-5838 | Apple | Improper Access Control vulnerability in Apple Iphone OS SpringBoard in Apple iOS before 9 does not properly restrict access to privileged API calls, which allows attackers to spoof the dialog windows of an arbitrary app via a crafted app. | 4.3 |
2015-09-18 | CVE-2015-5837 | Apple | Improper Input Validation vulnerability in Apple Iphone OS and Watchos PluginKit in Apple iOS before 9 allows attackers to bypass an intended app-trust requirement and install arbitrary extensions via a crafted enterprise app. | 4.3 |
2015-09-18 | CVE-2015-5835 | Apple | Information Exposure vulnerability in Apple Iphone OS Apple iOS before 9 allows attackers to obtain sensitive information about inter-app communication via a crafted app that conducts an interception attack involving an unspecified URL scheme. | 4.3 |
2015-09-18 | CVE-2015-5834 | Apple | Information Exposure vulnerability in Apple Iphone OS and Watchos IOAcceleratorFamily in Apple iOS before 9 allows attackers to obtain sensitive kernel memory-layout information via a crafted app. | 4.3 |
2015-09-18 | CVE-2015-5826 | Apple | Improper Access Control vulnerability in Apple Iphone OS and Safari WebKit in Apple iOS before 9 does not properly select the cases in which a Cascading Style Sheets (CSS) document is required to have the text/css content type, which allows remote attackers to bypass the Same Origin Policy via a crafted web site. | 4.3 |
2015-09-18 | CVE-2015-5825 | Apple | Information Exposure vulnerability in Apple Iphone OS and Safari WebKit in Apple iOS before 9 does not properly restrict the availability of Performance API times, which allows remote attackers to obtain sensitive information about the browser history, mouse movement, or network traffic via crafted JavaScript code. | 4.3 |
2015-09-18 | CVE-2015-5824 | Apple | Cryptographic Issues vulnerability in Apple Iphone OS, mac OS X and Watchos The NSURL implementation in the CFNetwork SSL component in Apple iOS before 9 does not properly verify X.509 certificates from SSL servers after a certificate change, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 4.3 |
2015-09-18 | CVE-2015-5820 | Apple | Improper Input Validation vulnerability in Apple Iphone OS and Safari WebKit in Apple iOS before 9 allows remote attackers to trigger a dialing action via a crafted (1) tel://, (2) facetime://, or (3) facetime-audio:// URL. | 4.3 |
2015-09-18 | CVE-2015-5788 | Apple | Information Exposure vulnerability in Apple Iphone OS and Safari The WebKit Canvas implementation in Apple iOS before 9 allows remote attackers to bypass the Same Origin Policy and obtain sensitive image information via vectors involving a CANVAS element. | 4.3 |
2015-09-18 | CVE-2015-5767 | Apple | Improper Input Validation vulnerability in Apple Iphone OS and Safari The user interface in Safari in Apple iOS before 9 allows remote attackers to spoof URLs via unspecified vectors, a different vulnerability than CVE-2015-5764 and CVE-2015-5765. | 4.3 |
2015-09-18 | CVE-2015-5765 | Apple | Improper Input Validation vulnerability in Apple Iphone OS and Safari The user interface in Safari in Apple iOS before 9 allows remote attackers to spoof URLs via unspecified vectors, a different vulnerability than CVE-2015-5764 and CVE-2015-5767. | 4.3 |
2015-09-18 | CVE-2015-5764 | Apple | Improper Input Validation vulnerability in Apple Iphone OS and Safari The user interface in Safari in Apple iOS before 9 allows remote attackers to spoof URLs via unspecified vectors, a different vulnerability than CVE-2015-5765 and CVE-2015-5767. | 4.3 |
2015-09-17 | CVE-2015-6672 | Citrix | Cross-site Scripting vulnerability in Citrix products Cross-site scripting (XSS) vulnerability in the Administrative Web Interface in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.1 Build 132.8, 10.5 before Build 57.7, and 10.5e before Build 56.1505.e allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2015-09-16 | CVE-2015-6972 | Igniterealtime | Cross-site Scripting vulnerability in Igniterealtime Openfire 3.10.2 Multiple cross-site scripting (XSS) vulnerabilities in Ignite Realtime Openfire 3.10.2 allow remote attackers to inject arbitrary web script or HTML via the (1) groupchatName parameter to plugins/clientcontrol/create-bookmark.jsp; the (2) urlName parameter to plugins/clientcontrol/create-bookmark.jsp; the (3) hostname parameter to server-session-details.jsp; or the (4) search parameter to group-summary.jsp. | 4.3 |
2015-09-16 | CVE-2015-6929 | Nokia | Cross-site Scripting vulnerability in Nokia @Vantage Commander Multiple cross-site scripting (XSS) vulnerabilities in Nokia Networks (formerly Nokia Solutions and Networks and Nokia Siemens Networks) @vantage Commander allow remote attackers to inject arbitrary web script or HTML via the (1) idFilter or (2) nameFilter parameter to cftraces/filter/fl_copy.jsp; the (3) flName parameter to cftraces/filter/fl_crea1.jsp; the (4) serchStatus, (5) refreshTime, or (6) serchNode parameter to cftraces/process/pr_show_process.jsp; the (7) MaxActivationTime, (8) NumberOfBytes, (9) NumberOfTracefiles, (10) SessionName, or (11) serchSessionkind parameter to cftraces/session/se_crea.jsp; the (12) serchSessionDescription parameter to cftraces/session/se_show.jsp; the (13) serchApplication or (14) serchApplicationkind parameter to cftraces/session/tr_crea_filter.jsp; the (15) columKeyUnique, (16) columParameter, (17) componentName, (18) criteria1, (19) criteria2, (20) criteria3, (21) description, (22) filter, (23) id, (24) pathName, (25) tableName, or (26) component parameter to cftraces/session/tr_create_tagg_para.jsp; or the (27) userid parameter to home/certificate_association.jsp. | 4.3 |
2015-09-16 | CVE-2015-6969 | S9Y | Cross-site Scripting vulnerability in S9Y Serendipity Cross-site scripting (XSS) vulnerability in js/2k11.min.js in the 2k11 theme in Serendipity before 2.0.2 allows remote attackers to inject arbitrary web script or HTML via a user name in a comment, which is not properly handled in a Reply link. | 4.3 |
2015-09-15 | CVE-2015-6945 | JSP Mysql Administrador WEB Project | Cross-site Scripting vulnerability in Jsp/Mysql Administrador web Project Jsp/Mysql Administrador web 1.0 Cross-site scripting (XSS) vulnerability in JSP/MySQL Administrador Web 1 allows remote attackers to inject arbitrary web script or HTML via the bd parameter to sys/sys/listaBD2.jsp. | 4.3 |
2015-09-14 | CVE-2015-6290 | Cisco | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco web Security Virtual Appliance Cisco Web Security Appliance (WSA) 8.0.7 allows remote HTTP servers to cause a denial of service (memory consumption from stale TCP connections) via crafted responses, aka Bug ID CSCuw10426. | 4.3 |
2015-09-20 | CVE-2015-6300 | Cisco | Improper Input Validation vulnerability in Cisco Secure Access Control Server 5.7.0.15 Cisco Secure Access Control Server (ACS) Solution Engine 5.7(0.15) allows remote authenticated users to cause a denial of service (SSH screen process crash) via crafted (1) CLI or (2) GUI commands, aka Bug ID CSCuw24694. | 4.0 |
2015-09-20 | CVE-2015-4305 | Cisco | Permissions, Privileges, and Access Controls vulnerability in Cisco Prime Collaboration Assurance The web framework in Cisco Prime Collaboration Assurance before 10.5.1.53684-1 allows remote authenticated users to bypass intended system-database read restrictions, and discover credentials or SNMP communities for arbitrary tenant domains, via a crafted URL, aka Bug ID CSCus62656. | 4.0 |
2015-09-17 | CVE-2015-7234 | Structured Dynamics | Improper Input Validation vulnerability in Structured Dynamics Open Semantic Framework 7.X3.0/7.X3.X The OSF module 7.x-3.x before 7.x-3.1 for Drupal, when the OSF Ontology and OSF Import modules are enabled, allows user-assisted remote attackers to delete arbitrary files via unspecified vectors. | 4.0 |
2015-09-17 | CVE-2015-4040 | F5 | Path Traversal vulnerability in F5 products Directory traversal vulnerability in the configuration utility in F5 BIG-IP before 12.0.0 and Enterprise Manager 3.0.0 through 3.1.1 allows remote authenticated users to access arbitrary files in the web root via unspecified vectors. | 4.0 |
2015-09-16 | CVE-2015-2136 | HP | Information Exposure vulnerability in HP Arcsight Logger 5.2/5.3/6.0 HP ArcSight Logger before 6.0 P2 allows remote authenticated users to bypass the intended authorization policy via unspecified vectors. | 4.0 |
2015-09-14 | CVE-2015-4980 | IBM | Information Exposure vulnerability in IBM Websphere Commerce Unspecified vulnerability in IBM WebSphere Commerce 7.0.0.6 through 7.0.0.9 allows remote authenticated users to obtain sensitive personal information via unknown vectors. | 4.0 |
18 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2015-09-17 | CVE-2015-7230 | Workbench Email Project | Permissions, Privileges, and Access Controls vulnerability in Workbench Email Project Workbench Email The Workbench Email module 7.x-3.x before 7.x-3.4 for Drupal allows remote authenticated users with certain permissions to bypass node and field validation by saving a node. | 3.5 |
2015-09-17 | CVE-2015-7229 | Twitter Project | Permissions, Privileges, and Access Controls vulnerability in Twitter Project Twitter The Twitter module 6.x-5.x before 6.x-5.2, 7.x-5.x before 7.x-5.9, and 7.x-6.x before 7.x-6.0 for Drupal does not properly check access permissions, which allows remote authenticated users to post tweets to arbitrary accounts by leveraging the (1) "post to twitter" permission or change the options for arbitrary attached accounts by leveraging the (2) "add twitter accounts" or (3) "add authenticated twitter accounts" permission. | 3.5 |
2015-09-17 | CVE-2015-7227 | Fieldable Panels Panes Project | Permissions, Privileges, and Access Controls vulnerability in Fieldable Panels Panes Project Fieldable Panels Panes The Fieldable Panels Panes module 7.x-1.x before 7.x-1.7 for Drupal does not properly check permissions to edit Fieldable Panels Panes entities, which allows remote authenticated users to edit panes by leveraging permissions to edit panels. | 3.5 |
2015-09-16 | CVE-2015-5956 | Typo3 | Cross-site Scripting vulnerability in Typo3 The sanitizeLocalUrl function in TYPO3 6.x before 6.2.15, 7.x before 7.4.0, 4.5.40, and earlier allows remote authenticated users to bypass the XSS filter and conduct cross-site scripting (XSS) attacks via a base64 encoded data URI, as demonstrated by the (1) returnUrl parameter to show_rechis.php and the (2) redirect_url parameter to index.php. | 3.5 |
2015-09-18 | CVE-2015-5910 | Apple | Information Exposure vulnerability in Apple Xcode IDE Xcode Server in Apple Xcode before 7.0 does not ensure that server traffic is encrypted, which allows remote attackers to obtain sensitive information by sniffing the network. | 3.3 |
2015-09-18 | CVE-2015-5869 | Apple | Improper Input Validation vulnerability in Apple Iphone OS, mac OS X and Watchos The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Apple iOS before 9 allows remote attackers to reconfigure a hop-limit setting via a small hop_limit value in a Router Advertisement (RA) message. | 3.3 |
2015-09-18 | CVE-2015-5907 | Apple | Cryptographic Issues vulnerability in Apple Iphone OS WebKit in Apple iOS before 9 allows man-in-the-middle attackers to conduct redirection attacks by leveraging the mishandling of the resource cache of an SSL web site with an invalid X.509 certificate. | 2.6 |
2015-09-17 | CVE-2015-7232 | Structured Dynamics | Cross-site Scripting vulnerability in Structured Dynamics Open Semantic Framework 7.X3.0/7.X3.X Cross-site scripting (XSS) vulnerability in unspecified administration pages in the OSF module 7.x-3.x before 7.x-3.1 for Drupal, when the OSF Ontology module is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2.6 |
2015-09-18 | CVE-2015-7238 | Mcafee | Permissions, Privileges, and Access Controls vulnerability in Mcafee Threat Intelligence Exchange The Secondary server in Threat Intelligence Exchange (TIE) before 1.2.0 uses weak permissions for unspecified (1) configuration files and (2) installation logs, which allows local users to obtain sensitive information by reading the files. | 2.1 |
2015-09-18 | CVE-2015-5898 | Apple | Information Exposure vulnerability in Apple Iphone OS and Watchos CFNetwork in Apple iOS before 9 relies on the hardware UID for its cache encryption key, which makes it easier for physically proximate attackers to obtain sensitive information by obtaining this UID. | 2.1 |
2015-09-18 | CVE-2015-5892 | Apple | Information Exposure vulnerability in Apple Iphone OS Siri in Apple iOS before 9 allows physically proximate attackers to bypass an intended client-side protection mechanism and obtain sensitive content-notification information by listening to a device in the lock-screen state. | 2.1 |
2015-09-18 | CVE-2015-5863 | Apple | Information Exposure vulnerability in Apple Iphone OS, mac OS X and Watchos IOStorageFamily in Apple iOS before 9 does not properly initialize an unspecified data structure, which allows local users to obtain sensitive information from kernel memory via unknown vectors. | 2.1 |
2015-09-18 | CVE-2015-5861 | Apple | Improper Access Control vulnerability in Apple Iphone OS SpringBoard in Apple iOS before 9 allows physically proximate attackers to bypass a lock-screen preview-disabled setting, and reply to an audio message, via unspecified vectors. | 2.1 |
2015-09-18 | CVE-2015-5851 | Apple | Information Exposure vulnerability in Apple Iphone OS and mac OS X The convenience initializer in the Multipeer Connectivity component in Apple iOS before 9 does not require an encrypted session, which allows local users to obtain cleartext multipeer data via an encrypted-to-unencrypted downgrade attack. | 2.1 |
2015-09-18 | CVE-2015-5850 | Apple | 7PK - Security Features vulnerability in Apple Iphone OS AppleKeyStore in Apple iOS before 9 allows physically proximate attackers to reset the count of incorrect passcode attempts via a device backup. | 2.1 |
2015-09-18 | CVE-2015-5842 | Apple | Information Exposure vulnerability in Apple Iphone OS, mac OS X and Watchos XNU in the kernel in Apple iOS before 9 does not properly initialize an unspecified data structure, which allows local users to obtain sensitive memory-layout information via unknown vectors. | 2.1 |
2015-09-18 | CVE-2015-5832 | Apple | Information Exposure vulnerability in Apple Iphone OS The iTunes Store component in Apple iOS before 9 does not properly delete AppleID credentials from the keychain upon a signout action, which might allow physically proximate attackers to obtain sensitive information via unspecified vectors. | 2.1 |
2015-09-17 | CVE-2015-1319 | Canonical | Improper Input Validation vulnerability in Canonical Ubuntu Linux 14.04/15.04 The Unity Settings Daemon before 14.04.0+14.04.20150825-0ubuntu2 and 15.04.x before 15.04.1+15.04.20150408-0ubuntu1.2 does not properly detect if the screen is locked, which allows physically proximate attackers to mount removable media while the screen is locked as demonstrated by inserting a USB thumb drive. | 2.1 |