Weekly Vulnerabilities Reports > September 28 to October 4, 2015
Overview
110 new vulnerabilities reported during this period, including 29 critical vulnerabilities and 21 high severity vulnerabilities. This weekly summary report vulnerabilities in 86 products from 49 vendors including Google, IBM, Refbase, Cisco, and Canonical. Vulnerabilities are notably categorized as "Cross-site Scripting", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Numeric Errors", "Permissions, Privileges, and Access Controls", and "Improper Input Validation".
- 98 reported vulnerabilities are remotely exploitables.
- 18 reported vulnerabilities have public exploit available.
- 38 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 87 reported vulnerabilities are exploitable by an anonymous user.
- Google has the most reported vulnerabilities, with 30 reported vulnerabilities.
- Google has the most reported critical vulnerabilities, with 22 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
29 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2015-10-01 | CVE-2015-6575 | Numeric Errors vulnerability in Google Android SampleTable.cpp in libstagefright in Android before 5.1.1 LMY48I does not properly consider integer promotion, which allows remote attackers to execute arbitrary code or cause a denial of service (integer overflow and memory corruption) via crafted atoms in MP4 data, aka internal bug 20139950, a different vulnerability than CVE-2015-1538. | 10.0 | |
2015-10-01 | CVE-2015-3864 | Numeric Errors vulnerability in Google Android Integer underflow in the MPEG4Extractor::parseChunk function in MPEG4Extractor.cpp in libstagefright in mediaserver in Android before 5.1.1 LMY48M allows remote attackers to execute arbitrary code via crafted MPEG-4 data, aka internal bug 23034759. | 10.0 | |
2015-10-01 | CVE-2015-3836 | Numeric Errors vulnerability in Google Android The Parse_wave function in arm-wt-22k/lib_src/eas_mdls.c in the Sonivox DLS-to-EAS converter in Android before 5.1.1 LMY48I does not reject a negative value for a certain size field, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via crafted XMF data, aka internal bug 21132860. | 10.0 | |
2015-10-01 | CVE-2015-3834 | Numeric Errors vulnerability in Google Android Multiple integer overflows in the BnHDCP::onTransact function in media/libmedia/IHDCP.cpp in libstagefright in Android before 5.1.1 LMY48I allow attackers to execute arbitrary code via a crafted application that uses HDCP encryption, leading to a heap-based buffer overflow, aka internal bug 20222489. | 10.0 | |
2015-10-01 | CVE-2015-3832 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android Multiple buffer overflows in MPEG4Extractor.cpp in libstagefright in Android before 5.1.1 LMY48I allow remote attackers to execute arbitrary code via invalid size values of NAL units in MP4 data, aka internal bug 19641538. | 10.0 | |
2015-10-01 | CVE-2015-3829 | Numeric Errors vulnerability in Google Android Off-by-one error in the MPEG4Extractor::parseChunk function in MPEG4Extractor.cpp in libstagefright in Android before 5.1.1 LMY48I allows remote attackers to execute arbitrary code or cause a denial of service (integer overflow and memory corruption) via crafted MPEG-4 covr atoms with a size equal to SIZE_MAX, aka internal bug 20923261. | 10.0 | |
2015-10-01 | CVE-2015-3828 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android The MPEG4Extractor::parse3GPPMetaData function in MPEG4Extractor.cpp in libstagefright in Android before 5.1.1 LMY48I does not enforce a minimum size for UTF-16 strings containing a Byte Order Mark (BOM), which allows remote attackers to execute arbitrary code or cause a denial of service (integer underflow and memory corruption) via crafted 3GPP metadata, aka internal bug 20923261, a related issue to CVE-2015-3826. | 10.0 | |
2015-10-01 | CVE-2015-3824 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android The MPEG4Extractor::parseChunk function in MPEG4Extractor.cpp in libstagefright in Android before 5.1.1 LMY48I does not properly restrict size addition, which allows remote attackers to execute arbitrary code or cause a denial of service (integer overflow and memory corruption) via a crafted MPEG-4 tx3g atom, aka internal bug 20923261. | 10.0 | |
2015-10-01 | CVE-2015-1539 | Numeric Errors vulnerability in Google Android Multiple integer underflows in the ESDS::parseESDescriptor function in ESDS.cpp in libstagefright in Android before 5.1.1 LMY48I allow remote attackers to execute arbitrary code via crafted ESDS atoms, aka internal bug 20139950, a related issue to CVE-2015-4493. | 10.0 | |
2015-10-01 | CVE-2015-1538 | Numeric Errors vulnerability in Google Android Integer overflow in the SampleTable::setSampleToChunkParams function in SampleTable.cpp in libstagefright in Android before 5.1.1 LMY48I allows remote attackers to execute arbitrary code via crafted atoms in MP4 data that trigger an unchecked multiplication, aka internal bug 20139950, a related issue to CVE-2015-4496. | 10.0 | |
2015-09-28 | CVE-2015-5957 | Opensuse Roaring Penguin | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Buffer overflow in the DumpSysVar function in var.c in Remind before 3.1.15 allows attackers to have unspecified impact via a long name. | 10.0 |
2015-09-28 | CVE-2015-5082 | Endian Firewall | Command Injection vulnerability in Endian Firewall Endian Firewall Endian Firewall before 3.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) NEW_PASSWORD_1 or (2) NEW_PASSWORD_2 parameter to cgi-bin/chpasswd.cgi. | 10.0 |
2015-10-02 | CVE-2015-6602 | Improper Input Validation vulnerability in Google Android libutils in Android through 5.1.1 LMY48M allows remote attackers to execute arbitrary code via crafted metadata in a (1) MP3 or (2) MP4 file, as demonstrated by an attack against use of libutils by libstagefright in Android 5.x. | 9.3 | |
2015-10-02 | CVE-2015-3876 | Improper Input Validation vulnerability in Google Android libstagefright in Android through 5.1.1 LMY48M allows remote attackers to execute arbitrary code via crafted metadata in a (1) MP3 or (2) MP4 file. | 9.3 | |
2015-10-01 | CVE-2015-3863 | Numeric Errors vulnerability in Google Android Multiple integer overflows in the Blob class in keystore/keystore.cpp in Keystore in Android before 5.1.1 LMY48M allow attackers to execute arbitrary code and read arbitrary Keystore keys via an application that uses a crafted blob in an insert operation, aka internal bug 22802399. | 9.3 | |
2015-10-01 | CVE-2015-3858 | Permissions, Privileges, and Access Controls vulnerability in Google Android The checkDestination function in internal/telephony/SMSDispatcher.java in Android before 5.1.1 LMY48M relies on an obsolete permission name for an authorization check, which allows attackers to bypass an intended user-confirmation requirement for SMS short-code messaging via a crafted application, aka internal bug 22314646. | 9.3 | |
2015-10-01 | CVE-2015-3849 | Permissions, Privileges, and Access Controls vulnerability in Google Android The Region_createFromParcel function in core/jni/android/graphics/Region.cpp in Region in Android before 5.1.1 LMY48M does not check the return values of certain read operations, which allows attackers to execute arbitrary code via an application that sends a crafted message to a service, aka internal bug 21585255. | 9.3 | |
2015-10-01 | CVE-2015-3843 | Permissions, Privileges, and Access Controls vulnerability in Google Android The SIM Toolkit (STK) framework in Android before 5.1.1 LMY48I allows attackers to (1) intercept or (2) emulate unspecified Telephony STK SIM commands via an application that sends a crafted Intent, related to com/android/internal/telephony/cat/AppInterface.java, aka internal bug 21697171. | 9.3 | |
2015-10-01 | CVE-2015-3842 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android Multiple heap-based buffer overflows in libeffects in the Audio Policy Service in mediaserver in Android before 5.1.1 LMY48I allow attackers to execute arbitrary code via a crafted application, aka internal bug 21953516. | 9.3 | |
2015-10-01 | CVE-2015-3837 | Improper Input Validation vulnerability in Google Android The OpenSSLX509Certificate class in org/conscrypt/OpenSSLX509Certificate.java in Android before 5.1.1 LMY48I improperly includes certain context data during serialization and deserialization, which allows attackers to execute arbitrary code via an application that sends a crafted Intent, aka internal bug 21437603. | 9.3 | |
2015-10-01 | CVE-2015-3835 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android Buffer overflow in the OMXNodeInstance::emptyBuffer function in omx/OMXNodeInstance.cpp in libstagefright in Android before 5.1.1 LMY48I allows attackers to execute arbitrary code via a crafted application, aka internal bug 20634516. | 9.3 | |
2015-10-01 | CVE-2015-3831 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android Buffer overflow in the readAt function in BpMediaHTTPConnection in media/libmedia/IMediaHTTPConnection.cpp in the mediaserver service in Android before 5.1.1 LMY48I allows attackers to execute arbitrary code via a crafted application, aka internal bug 19400722. | 9.3 | |
2015-10-01 | CVE-2015-3827 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android The MPEG4Extractor::parseChunk function in MPEG4Extractor.cpp in libstagefright in Android before 5.1.1 LMY48I does not validate the relationship between chunk sizes and skip sizes, which allows remote attackers to execute arbitrary code or cause a denial of service (integer underflow and memory corruption) via crafted MPEG-4 covr atoms, aka internal bug 20923261. | 9.3 | |
2015-10-01 | CVE-2015-1528 | Numeric Errors vulnerability in Google Android Integer overflow in the native_handle_create function in libcutils/native_handle.c in Android before 5.1.1 LMY48M allows attackers to obtain a different application's privileges or cause a denial of service (Binder heap memory corruption) via a crafted application, aka internal bug 19334482. | 9.3 | |
2015-09-28 | CVE-2015-6280 | Cisco | Improper Authentication vulnerability in Cisco IOS and IOS XE The SSHv2 functionality in Cisco IOS 15.2, 15.3, 15.4, and 15.5 and IOS XE 3.6E before 3.6.3E, 3.7E before 3.7.1E, 3.10S before 3.10.6S, 3.11S before 3.11.4S, 3.12S before 3.12.3S, 3.13S before 3.13.3S, and 3.14S before 3.14.1S does not properly implement RSA authentication, which allows remote attackers to obtain login access by leveraging knowledge of a username and the associated public key, aka Bug ID CSCus73013. | 9.3 |
2015-10-04 | CVE-2015-4930 | IBM | Command Injection vulnerability in IBM Qradar Security Information and Event Manager IBM QRadar SIEM 7.1 MR2 before Patch 11 IF02 and 7.2.x before 7.2.5 Patch 4 allows remote authenticated users to execute arbitrary commands with root privileges by leveraging admin access. | 9.0 |
2015-10-04 | CVE-2015-2016 | IBM | Command Execution vulnerability in IBM QRadar Security Information and Event Manager Unspecified vulnerability in IBM QRadar SIEM 7.1 MR2 before Patch 11 IF02 and 7.2.x before 7.2.5 Patch 4 allows remote authenticated users to execute arbitrary commands with root privileges via unknown vectors. | 9.0 |
2015-10-04 | CVE-2015-2011 | IBM | Command Injection vulnerability in IBM Qradar Security Information and Event Manager The xmlrpc.cgi Webmin script in IBM QRadar SIEM 7.1 MR2 before Patch 11 IF02 and 7.2.x before 7.2.5 Patch 4 allows remote authenticated users to execute arbitrary commands with root privileges via unspecified vectors. | 9.0 |
2015-09-28 | CVE-2015-3974 | Easyio | Credentials Management vulnerability in Easyio Easyio-30P-Sf and Easyio-30P-Sf Firmware EasyIO EasyIO-30P-SF controllers with firmware before 0.5.21 and 2.x before 2.0.5.21, as used in Accutrol, Bar-Tech Automation, Infocon/EasyIO, Honeywell Automation India, Johnson Controls, SyxthSENSE, Transformative Wave Technologies, Tridium Asia Pacific, and Tridium Europe products, have a hardcoded password, which makes it easier for remote attackers to obtain access via unspecified vectors. | 9.0 |
21 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2015-10-01 | CVE-2015-1536 | Numeric Errors vulnerability in Google Android Integer overflow in the Bitmap_createFromParcel function in core/jni/android/graphics/Bitmap.cpp in Android before 5.1.1 LMY48I allows attackers to cause a denial of service (system_server crash) or obtain sensitive system_server memory-content information via a crafted application that leverages improper unmarshalling of bitmaps, aka internal bug 19666945. | 8.5 | |
2015-10-02 | CVE-2015-4546 | EMC | Path Traversal vulnerability in EMC RSA Certificate Manager and RSA Onestep Directory traversal vulnerability in EMC RSA OneStep 6.9 before build 559, as used in RSA Certificate Manager and RSA Registration Manager through 6.9 build 558 and other products, allows remote attackers to read arbitrary files via a crafted KCSOSC_ERROR_PAGE parameter. | 7.8 |
2015-09-29 | CVE-2015-7603 | Konicaminolta | Path Traversal vulnerability in Konicaminolta FTP Utility 1.0 Directory traversal vulnerability in Konica Minolta FTP Utility 1.0 allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in a RETR command. | 7.8 |
2015-09-29 | CVE-2015-7602 | Bisonware | Path Traversal vulnerability in Bisonware Bisonftp 3.5 Directory traversal vulnerability in BisonWare BisonFTP 3.5 allows remote attackers to read arbitrary files via a ../ (dot dot slash) in a RETR command. | 7.8 |
2015-09-29 | CVE-2015-7601 | Pcman S FTP Server Project | Path Traversal vulnerability in Pcman'S FTP Server Project Pcman'S FTP Server 2.0.7 Directory traversal vulnerability in PCMan's FTP Server 2.0.7 allows remote attackers to read arbitrary files via a ..// (dot dot double slash) in a RETR command. | 7.8 |
2015-09-28 | CVE-2015-6279 | Cisco | Improper Input Validation vulnerability in Cisco IOS and IOS XE The IPv6 snooping functionality in the first-hop security subsystem in Cisco IOS 12.2, 15.0, 15.1, 15.2, 15.3, 15.4, and 15.5 and IOS XE 3.2SE, 3.3SE, 3.3XO, 3.4SG, 3.5E, and 3.6E before 3.6.3E; 3.7E before 3.7.2E; 3.9S and 3.10S before 3.10.6S; 3.11S before 3.11.4S; 3.12S and 3.13S before 3.13.3S; and 3.14S before 3.14.2S allows remote attackers to cause a denial of service (device reload) via a malformed ND packet with the Cryptographically Generated Address (CGA) option, aka Bug ID CSCuo04400. | 7.8 |
2015-09-28 | CVE-2015-6278 | Cisco | Improper Input Validation vulnerability in Cisco IOS and IOS XE The IPv6 snooping functionality in the first-hop security subsystem in Cisco IOS 12.2, 15.0, 15.1, 15.2, 15.3, 15.4, and 15.5 and IOS XE 3.2SE, 3.3SE, 3.3XO, 3.4SG, 3.5E, and 3.6E before 3.6.3E; 3.7E before 3.7.2E; 3.9S and 3.10S before 3.10.6S; 3.11S before 3.11.4S; 3.12S and 3.13S before 3.13.3S; and 3.14S before 3.14.2S does not properly implement the Control Plane Protection (aka CPPr) feature, which allows remote attackers to cause a denial of service (device reload) via a flood of ND packets, aka Bug ID CSCus19794. | 7.8 |
2015-10-02 | CVE-2015-5653 | Canarylabs | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Canarylabs Trendweb Buffer overflow in Canary Labs Trend Web Server before 9.5.2 allows remote attackers to execute arbitrary code via a crafted TCP packet. | 7.5 |
2015-10-02 | CVE-2015-2858 | Datalex | Authorization Bypass vulnerability in Datalex Datalex airline booking software before 2015-09-03 allows remote attackers to read or write to arbitrary user data via a modified profileId parameter to (1) ValidateFormAction.do or (2) ProfileConfirmEditAddressAction.do. | 7.5 |
2015-10-01 | CVE-2015-7236 | Rpcbind Project Canonical Debian Oracle | Use-after-free vulnerability in xprt_set_caller in rpcb_svc_com.c in rpcbind 0.2.1 and earlier allows remote attackers to cause a denial of service (daemon crash) via crafted packets, involving a PMAP_CALLIT code. | 7.5 |
2015-09-29 | CVE-2015-7319 | Codepeople | SQL Injection vulnerability in Codepeople Appointment Booking Calendar SQL injection vulnerability in cpabc_appointments_admin_int_calendar_list.inc.php in the Appointment Booking Calendar plugin before 1.1.8 for WordPress allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to updating the username. | 7.5 |
2015-09-29 | CVE-2015-5074 | X2Engine | Improper Input Validation vulnerability in X2Engine X2Crm Incomplete blacklist vulnerability in the FileUploadsFilter class in protected/components/filters/FileUploadsFilter.php in X2Engine X2CRM before 5.0.9 allows remote authenticated users to execute arbitrary PHP code by uploading a file with a .pht extension. | 7.5 |
2015-09-28 | CVE-2015-3203 | H5Ai Project | Unspecified vulnerability in H5Ai Project H5Ai 0.24.1 Unrestricted file upload vulnerability in h5ai before 0.25.0 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in the directory specified by the href parameter. | 7.5 |
2015-09-28 | CVE-2015-7387 | Zohocorp | SQL Injection vulnerability in Zohocorp Manageengine Eventlog Analyzer ZOHO ManageEngine EventLog Analyzer 10.6 build 10060 and earlier allows remote attackers to bypass intended restrictions and execute arbitrary SQL commands via an allowed query followed by a disallowed one in the query parameter to event/runQuery.do, as demonstrated by "SELECT 1;INSERT INTO." Fixed in Build 11200. | 7.5 |
2015-09-28 | CVE-2015-7382 | Refbase | SQL Injection vulnerability in Refbase SQL injection vulnerability in install.php in Web Reference Database (aka refbase) through 0.9.6 allows remote attackers to execute arbitrary SQL commands via the defaultCharacterSet parameter, a different issue than CVE-2015-6009. | 7.5 |
2015-09-28 | CVE-2015-7381 | Refbase | Code Injection vulnerability in Refbase Multiple PHP remote file inclusion vulnerabilities in install.php in Web Reference Database (aka refbase) through 0.9.6 allow remote attackers to execute arbitrary PHP code via the (1) pathToMYSQL or (2) databaseStructureFile parameter, a different issue than CVE-2015-6008. | 7.5 |
2015-09-28 | CVE-2015-6009 | Refbase | SQL Injection vulnerability in Refbase Multiple SQL injection vulnerabilities in Web Reference Database (aka refbase) through 0.9.6 allow remote attackers to execute arbitrary SQL commands via (1) the where parameter to rss.php or (2) the sqlQuery parameter to search.php, a different issue than CVE-2015-7382. | 7.5 |
2015-09-28 | CVE-2015-6008 | Refbase | OS Command Injection vulnerability in Refbase install.php in Web Reference Database (aka refbase) through 0.9.6 allows remote attackers to execute arbitrary commands via the adminPassword parameter, a different issue than CVE-2015-7381. | 7.5 |
2015-10-01 | CVE-2015-1338 | Apport Project Canonical | Link Following vulnerability in multiple products kernel_crashdump in Apport before 2.19 allows local users to cause a denial of service (disk consumption) or possibly gain privileges via a (1) symlink or (2) hard link attack on /var/crash/vmcore.log. | 7.2 |
2015-10-01 | CVE-2015-1335 | Linuxcontainers Canonical | Link Following vulnerability in multiple products lxc-start in lxc before 1.0.8 and 1.1.x before 1.1.4 allows local container administrators to escape AppArmor confinement via a symlink attack on a (1) mount target or (2) bind mount source. | 7.2 |
2015-10-01 | CVE-2015-3860 | Improper Access Control vulnerability in Google Android packages/Keyguard/res/layout/keyguard_password_view.xml in Lockscreen in Android 5.x before 5.1.1 LMY48M does not restrict the number of characters in the passwordEntry input field, which allows physically proximate attackers to bypass intended access restrictions via a long password that triggers a SystemUI crash, aka internal bug 22214934. | 7.2 |
47 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2015-09-30 | CVE-2015-5950 | Nvidia Microsoft | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Nvidia Display Driver and GPU Driver The NVIDIA display driver R352 before 353.82 and R340 before 341.81 on Windows; R304 before 304.128, R340 before 340.93, and R352 before 352.41 on Linux; and R352 before 352.46 on GRID vGPU and vSGA allows local users to write to an arbitrary kernel memory location and consequently gain privileges via a crafted ioctl call. | 6.9 |
2015-09-28 | CVE-2014-9202 | Advantech | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Advantech Webaccess 8.0 Multiple stack-based buffer overflows in an unspecified DLL file in Advantech WebAccess before 8.0_20150816 allow remote attackers to execute arbitrary code via a crafted file that triggers long string arguments to functions. | 6.9 |
2015-10-03 | CVE-2015-0145 | IBM | Cross-Site Request Forgery (CSRF) vulnerability in IBM Openpages GRC Platform Cross-site request forgery (CSRF) vulnerability in IBM OpenPages GRC Platform 6.2 before IF7, 6.2.1 before 6.2.1.1 IF5, 7.0 before FP4, and 7.1 before FP1 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences. | 6.8 |
2015-10-02 | CVE-2015-6309 | Cisco | Resource Management Errors vulnerability in Cisco products Cisco Email Security Appliance (ESA) 8.5.6-106 and 9.6.0-042 allows remote authenticated users to cause a denial of service (file-descriptor consumption and device reload) via crafted HTTP requests, aka Bug ID CSCuw32211. | 6.8 |
2015-10-01 | CVE-2015-7612 | Mcafee | Cross-Site Request Forgery (CSRF) vulnerability in Mcafee vulnerability Manager 7.0.11/7.5.4/7.5.5 Multiple cross-site request forgery (CSRF) vulnerabilities in the Organizations page in Enterprise Manager in McAfee Vulnerability Manager (MVM) 7.5.9 and earlier allow remote attackers to hijack the authentication of administrators for requests that have unspecified impact via unknown vectors. | 6.8 |
2015-10-01 | CVE-2015-3845 | Permissions, Privileges, and Access Controls vulnerability in Google Android The Parcel::appendFrom function in libs/binder/Parcel.cpp in Binder in Android before 5.1.1 LMY48M does not consider parcel boundaries during identification of binder objects in an append operation, which allows attackers to obtain a different application's privileges via a crafted application, aka internal bug 17312693. | 6.8 | |
2015-10-01 | CVE-2015-3844 | Permissions, Privileges, and Access Controls vulnerability in Google Android The getProcessRecordLocked method in services/core/java/com/android/server/am/ActivityManagerService.java in ActivityManager in Android before 5.1.1 LMY48I allows attackers to trigger incorrect process loading via a crafted application, as demonstrated by interfering with use of the Settings application, aka internal bug 21669445. | 6.8 | |
2015-09-29 | CVE-2015-7337 | Ipython Jupyter | Improper Input Validation vulnerability in multiple products The editor in IPython Notebook before 3.2.2 and Jupyter Notebook 4.0.x before 4.0.5 allows remote attackers to execute arbitrary JavaScript code via a crafted file, which triggers a redirect to files/, related to MIME types. | 6.8 |
2015-09-29 | CVE-2015-5075 | X2Engine | Cross-Site Request Forgery (CSRF) vulnerability in X2Engine X2Crm Cross-site request forgery (CSRF) vulnerability in X2Engine X2CRM before 5.2 allows remote attackers to hijack the authentication of administrators for requests that create an administrative account via a crafted request to index.php/users/create. | 6.8 |
2015-09-28 | CVE-2015-5400 | Fedoraproject Debian Squid Cache | Permissions, Privileges, and Access Controls vulnerability in multiple products Squid before 3.5.6 does not properly handle CONNECT method peer responses when configured with cache_peer, which allows remote attackers to bypass intended restrictions and gain access to a backend proxy via a CONNECT request. | 6.8 |
2015-09-28 | CVE-2015-6928 | Cubecart | Improper Access Control vulnerability in Cubecart classes/admin.class.php in CubeCart 5.2.12 through 5.2.16 and 6.x before 6.0.7 does not properly validate that a password reset request was made, which allows remote attackers to change the administrator password via a recovery request with a space character in the validate parameter and the administrator email in the email parameter. | 6.8 |
2015-09-28 | CVE-2015-6007 | Refbase | Cross-Site Request Forgery (CSRF) vulnerability in Refbase Cross-site request forgery (CSRF) vulnerability in Web Reference Database (aka refbase) through 0.9.6 allows remote attackers to hijack the authentication of arbitrary users. | 6.8 |
2015-09-28 | CVE-2015-5703 | Open Xchange OX Guard | SQL Injection vulnerability in Open-Xchange OX Guard Open-Xchange OX Guard SQL injection vulnerability in the public key discovery API call in Open-Xchange OX Guard before 2.0.0-rev8 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | 6.5 |
2015-09-28 | CVE-2015-6307 | Cisco | Resource Management Errors vulnerability in Cisco Firepower 5.4.0.1 Cisco FirePOWER (formerly Sourcefire) 7000 and 8000 devices with software 5.4.0.1 allow remote attackers to cause a denial of service (inspection-engine outage) via crafted packets, aka Bug ID CSCuu10871. | 6.1 |
2015-10-04 | CVE-2015-2026 | IBM | Cross-Site Request Forgery (CSRF) vulnerability in IBM Websphere Extreme Scale 7.1.0/7.1.0.2/7.1.1 Cross-site request forgery (CSRF) vulnerability in IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3 and 7.1.1 before 7.1.1.1 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences. | 6.0 |
2015-09-28 | CVE-2015-6463 | Codewrights Endress Hauser | CodeWrights HART Comm DTM components, as used with Endress+Hauser FieldCare, allow remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a longtag XML schema containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | 5.8 |
2015-09-28 | CVE-2015-6012 | Refbase | Unspecified vulnerability in Refbase Multiple open redirect vulnerabilities in Web Reference Database (aka refbase) through 0.9.6 and bleeding-edge before 2015-01-08 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the referrer parameter. | 5.8 |
2015-10-04 | CVE-2015-2030 | IBM | Security Bypass vulnerability in IBM Websphere Extreme Scale 7.1.0/7.1.0.2/7.1.1 IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3 and 7.1.1 before 7.1.1.1 has an improper account-lockout setting, which makes it easier for remote attackers to obtain access via a brute-force attack. | 5.0 |
2015-10-04 | CVE-2015-1934 | IBM | Cryptographic Issues vulnerability in IBM products IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX002, and 7.6.0 before 7.6.0.1 IFIX001; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX002 and 7.6.0 before 7.6.0.1 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products do not properly encrypt passwords, which makes it easier for context-dependent attackers to determine cleartext passwords by leveraging access to a password file. | 5.0 |
2015-10-01 | CVE-2015-3861 | Numeric Errors vulnerability in Google Android Multiple integer overflows in the addVorbisCodecInfo function in matroska/MatroskaExtractor.cpp in libstagefright in mediaserver in Android before 5.1.1 LMY48M allow remote attackers to cause a denial of service (device inoperability) via crafted Matroska data, aka internal bug 21296336. | 5.0 | |
2015-10-01 | CVE-2015-3826 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android The MPEG4Extractor::parse3GPPMetaData function in MPEG4Extractor.cpp in libstagefright in Android before 5.1.1 LMY48I does not enforce a minimum size for UTF-16 strings containing a Byte Order Mark (BOM), which allows remote attackers to cause a denial of service (integer underflow, buffer over-read, and mediaserver process crash) via crafted 3GPP metadata, aka internal bug 20923261, a related issue to CVE-2015-3828. | 5.0 | |
2015-09-29 | CVE-2015-0852 | Freeimage Project | Numeric Errors vulnerability in Freeimage Project Freeimage 3.17.0 Multiple integer underflows in PluginPCX.cpp in FreeImage 3.17.0 and earlier allow remote attackers to cause a denial of service (heap memory corruption) via vectors related to the height and width of a window. | 5.0 |
2015-09-28 | CVE-2015-6806 | GNU | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in GNU Screen The MScrollV function in ansi.c in GNU screen 4.3.1 and earlier does not properly limit recursion, which allows remote attackers to cause a denial of service (stack consumption) via an escape sequence with a large repeat count value. | 5.0 |
2015-09-28 | CVE-2015-5185 | Opensuse Standards Based Linux Instrumentation | Denial of Service vulnerability in SBLIM-SFCB 'lookupProviders()' Function The lookupProviders function in providerMgr.c in sblim-sfcb 1.3.4 and 1.3.18 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty className in a packet. | 5.0 |
2015-09-28 | CVE-2015-5372 | Adnovum | Improper Authentication vulnerability in Adnovum Nevisauth The SAML 2.0 implementation in AdNovum nevisAuth 4.13.0.0 before 4.18.3.1, when using SAML POST-Binding, does not match all attributes of the X.509 certificate embedded in the assertion against the certificate from the identity provider (IdP), which allows remote attackers to inject arbitrary SAML assertions via a crafted certificate. | 5.0 |
2015-09-28 | CVE-2015-6011 | Refbase | Unspecified vulnerability in Refbase Web Reference Database (aka refbase) through 0.9.6 and bleeding-edge before 2015-01-08 allows remote attackers to conduct XML injection attacks via (1) the id parameter to unapi.php or (2) the stylesheet parameter to sru.php. | 5.0 |
2015-09-29 | CVE-2015-5442 | HP | Local Privilege Escalation vulnerability in HP Software Update Unspecified vulnerability in HP Software Update before 5.005.002.002 allows local users to gain privileges via unknown vectors. | 4.6 |
2015-10-04 | CVE-2015-2029 | IBM | Session Hijacking vulnerability in IBM Websphere Extreme Scale 7.1.0/7.1.0.2/7.1.1 Session fixation vulnerability in IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3 and 7.1.1 before 7.1.1.1 allows remote attackers to hijack web sessions via a session identifier. | 4.3 |
2015-10-04 | CVE-2015-2028 | IBM | HTTP Response Splitting vulnerability in IBM Websphere Extreme Scale 7.1.0/7.1.0.2/7.1.1 CRLF injection vulnerability in IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3 and 7.1.1 before 7.1.1.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL. | 4.3 |
2015-10-04 | CVE-2015-2025 | IBM | Information Exposure vulnerability in IBM Websphere Extreme Scale 7.1.0/7.1.0.2/7.1.1 IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3 and 7.1.1 before 7.1.1.1 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. | 4.3 |
2015-10-03 | CVE-2015-5651 | Dotclear | Cross-site Scripting vulnerability in Dotclear Cross-site scripting (XSS) vulnerability in Dotclear before 2.8.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2015-10-03 | CVE-2015-0195 | IBM | Cross-site Scripting vulnerability in IBM Content Template Catalog 4.0 Cross-site scripting (XSS) vulnerability in IBM Content Template Catalog 4.x before 4.1.4 for WebSphere Portal 8.0.x and 4.x before 4.3.1 for WebSphere Portal 8.5.x allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | 4.3 |
2015-10-01 | CVE-2015-3833 | Improper Access Control vulnerability in Google Android The getRunningAppProcesses function in services/core/java/com/android/server/am/ActivityManagerService.java in Android before 5.1.1 LMY48I allows attackers to bypass intended getRecentTasks restrictions and discover the name of the foreground application via a crafted application, aka internal bug 20034603. | 4.3 | |
2015-10-01 | CVE-2015-1541 | Improper Access Control vulnerability in Google Android The AppWidgetServiceImpl implementation in com/android/server/appwidget/AppWidgetServiceImpl.java in the Settings application in Android before 5.1.1 LMY48I allows attackers to obtain a URI permission via an application that sends an Intent with a (1) FLAG_GRANT_READ_URI_PERMISSION or (2) FLAG_GRANT_WRITE_URI_PERMISSION flag, as demonstrated by bypassing intended restrictions on reading contacts, aka internal bug 19618745. | 4.3 | |
2015-09-29 | CVE-2015-7604 | Splunk | Cross-site Scripting vulnerability in Splunk Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk Enterprise 6.2.x before 6.2.6 and Splunk Light 6.2.x before 6.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2015-09-29 | CVE-2015-7320 | Codepeople | Cross-site Scripting vulnerability in Codepeople Appointment Booking Calendar Multiple cross-site scripting (XSS) vulnerabilities in cpabc_appointments_admin_int_bookings_list.inc.php in the Appointment Booking Calendar plugin before 1.1.8 for WordPress allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2015-09-29 | CVE-2015-5076 | X2Engine | Cross-site Scripting vulnerability in X2Engine X2Crm Multiple cross-site scripting (XSS) vulnerabilities in X2Engine X2CRM before 5.0.9 allow remote attackers to inject arbitrary web script or HTML via the (1) version parameter in protected/views/admin/formEditor.php; the (2) importId parameter in protected/views/admin/rollbackImport.php; the (3) bc, (4) fg, (5) bgc, or (6) font parameter in protected/views/site/listener.php; the (7) Services[*] parameter in protected/components/views/webForm.php; the (8) file parameter in protected/components/TranslationManager.php; the (9) x2_key parameter in protected/tests/webscripts/x2WebTrackingTestPages/customWebLeadCaptureScriptTest.php; the (10) id parameter in protected/modules/contacts/controllers/ContactsController.php; or the (11) lastEventId parameter to index.php/profile/getEvents. | 4.3 |
2015-09-28 | CVE-2015-5375 | Open Xchange | Cross-site Scripting vulnerability in Open-Xchange Appsuite and Open-Xchange Server Cross-site scripting (XSS) vulnerability in unspecified dialogs for printing content in the Front End in Open-Xchange Server 6 and OX App Suite before 6.22.8-rev8, 6.22.9 before 6.22.9-rev15m, 7.x before 7.6.1-rev25, and 7.6.2 before 7.6.2-rev20 allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to object properties. | 4.3 |
2015-09-28 | CVE-2015-7383 | Refbase | Cross-site Scripting vulnerability in Refbase Multiple cross-site scripting (XSS) vulnerabilities in Web Reference Database (aka refbase) through 0.9.6 and bleeding-edge through 2015-04-28 allow remote attackers to inject arbitrary web script or HTML via the (1) adminUserName, (2) pathToMYSQL, (3) databaseStructureFile, or (4) pathToBibutils parameter to install.php or the (5) adminUserName parameter to update.php. | 4.3 |
2015-09-28 | CVE-2015-6010 | Refbase | Cross-site Scripting vulnerability in Refbase Multiple cross-site scripting (XSS) vulnerabilities in Web Reference Database (aka refbase) through 0.9.6 and bleeding-edge before 2015-01-08 allow remote attackers to inject arbitrary web script or HTML via the (1) errorNo or (2) errorMsg parameter to error.php; the (3) viewType parameter to duplicate_manager.php; the (4) queryAction, (5) displayType, (6) citeOrder, (7) sqlQuery, (8) showQuery, (9) showLinks, (10) showRows, or (11) queryID parameter to query_manager.php; the (12) sourceText or (13) sourceIDs parameter to import.php; or the (14) typeName or (15) fileName parameter to modify.php. | 4.3 |
2015-10-03 | CVE-2015-0143 | IBM | Information Exposure vulnerability in IBM Openpages GRC Platform IBM OpenPages GRC Platform 6.2 before IF7, 6.2.1 before 6.2.1.1 IF5, 7.0 before FP4, and 7.1 before FP1 allows remote authenticated users to obtain sensitive information by reading error messages. | 4.0 |
2015-10-03 | CVE-2015-0142 | IBM | Permissions, Privileges, and Access Controls vulnerability in IBM Openpages GRC Platform IBM OpenPages GRC Platform 6.2 before IF7, 6.2.1 before 6.2.1.1 IF5, 7.0 before FP4, and 7.1 before FP1 allows remote authenticated users to cause a denial of service (maintenance-mode transition and data-storage outage) by calling the System Administration Mode function. | 4.0 |
2015-10-03 | CVE-2015-0141 | IBM | Improper Access Control vulnerability in IBM Openpages GRC Platform IBM OpenPages GRC Platform 6.2 before IF7, 6.2.1 before 6.2.1.1 IF5, 7.0 before FP4, and 7.1 before FP1 allows remote authenticated users to modify arbitrary user filters via a JSON request. | 4.0 |
2015-10-02 | CVE-2015-6308 | Cisco | Resource Management Errors vulnerability in Cisco Nx-Os 6.0(2)U6(0.46) Cisco NX-OS 6.0(2)U6(0.46) on N3K devices allows remote authenticated users to cause a denial of service (temporary SNMP outage) via an SNMP request for an OID that does not exist, aka Bug ID CSCuw36684. | 4.0 |
2015-09-30 | CVE-2015-5435 | HP | Remote Denial of Service vulnerability in HP products Unspecified vulnerability in HP Integrated Lights-Out (iLO) firmware 3 before 1.85 and 4 before 2.22 allows remote authenticated users to cause a denial of service via unknown vectors. | 4.0 |
2015-09-29 | CVE-2015-0299 | Open Source Point OF Sale Project | Cross-site Scripting vulnerability in Open Source Point of Sale Project Open Source Point of Sale 2.3.1 Multiple cross-site scripting (XSS) vulnerabilities in Open Source Point of Sale 2.3.1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 4.0 |
2015-09-29 | CVE-2015-5711 | Tibco | Information Exposure vulnerability in Tibco products TIBCO Managed File Transfer Internet Server before 7.2.5, Managed File Transfer Command Center before 7.2.5, Slingshot before 1.9.4, and Vault before 2.0.1 allow remote authenticated users to obtain sensitive information via a crafted HTTP request. | 4.0 |
13 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2015-10-01 | CVE-2015-7311 | XEN | Code vulnerability in XEN libxl in Xen 4.1.x through 4.6.x does not properly handle the readonly flag on disks when using the qemu-xen device model, which allows local guest users to write to a read-only disk image. | 3.6 |
2015-09-28 | CVE-2015-6927 | Openvz | Link Following vulnerability in Openvz Vzctl vzctl before 4.9.4 determines the virtual environment (VE) layout based on the presence of root.hdd/DiskDescriptor.xml in the VE private directory, which allows local simfs container (CT) root users to change the root password for arbitrary ploop containers, as demonstrated by a symlink attack on the ploop container root.hdd file and then access a control panel. | 3.6 |
2015-10-04 | CVE-2015-2031 | IBM | Cross-site Scripting vulnerability in IBM Websphere Extreme Scale 7.1.0/7.1.0.2/7.1.1 Cross-site scripting (XSS) vulnerability in IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3 and 7.1.1 before 7.1.1.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | 3.5 |
2015-10-04 | CVE-2015-1988 | IBM | Cross-site Scripting vulnerability in IBM products Cross-site scripting (XSS) vulnerability in IBM Tivoli Storage Manger for Virtual Environments: Data Protection for VMware 6.3 before 6.3.2.5, 6.4 before 6.4.3.1, and 7.1 before 7.1.3 and Tivoli Storage FlashCopy Manager for VMware 3.1 before 3.1.1.3, 3.2 before 3.2.0.6, and 4.1 before 4.1.3.0 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | 3.5 |
2015-10-04 | CVE-2015-1983 | IBM | Cross-site Scripting vulnerability in IBM Urbancode Build 6.1.0.0/6.1.0.1/6.1.0.2 Cross-site scripting (XSS) vulnerability in the Projects page in IBM UrbanCode Build 6.1.x before 6.1.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | 3.5 |
2015-10-04 | CVE-2015-1969 | IBM | Cross-site Scripting vulnerability in IBM Tivoli Common Reporting Cross-site scripting (XSS) vulnerability in IBM Tivoli Common Reporting (TCR) 2.1 before IF13 and 2.1.1 before IF21, and TCR 3.1.x as used in Cognos Business Intelligence before 10.2 IF0015 and other products, allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | 3.5 |
2015-10-03 | CVE-2015-4955 | IBM | Cross-site Scripting vulnerability in IBM Business Process Manager Cross-site scripting (XSS) vulnerability in IBM Business Process Manager (BPM) 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, 8.5.5 through 8.5.5.0, and 8.5.6 before 8.5.6.0 CF1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | 3.5 |
2015-10-03 | CVE-2015-1888 | IBM | Cross-site Scripting vulnerability in IBM Content Navigator 2.0.2/2.0.3 Cross-site scripting (XSS) vulnerability in IBM Content Navigator 2.0.2 before 2.0.2-ICN-FP007 and 2.0.3 before 2.0.3-ICN-FP003, as used in Content Manager, FileNet Content Manager, Content Foundation, Content Manager OnDemand, and other products, allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | 3.5 |
2015-10-03 | CVE-2015-0144 | IBM | Cross-site Scripting vulnerability in IBM Openpages GRC Platform Cross-site scripting (XSS) vulnerability in IBM OpenPages GRC Platform 6.2 before IF7, 6.2.1 before 6.2.1.1 IF5, 7.0 before FP4, and 7.1 before FP1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2014-8916. | 3.5 |
2015-10-03 | CVE-2014-8916 | IBM | Cross-site Scripting vulnerability in IBM Openpages GRC Platform Cross-site scripting (XSS) vulnerability in IBM OpenPages GRC Platform 6.2 before IF7, 6.2.1 before 6.2.1.1 IF5, 7.0 before FP4, and 7.1 before FP1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2015-0144. | 3.5 |
2015-09-28 | CVE-2015-7386 | Ghozylab | Cross-site Scripting vulnerability in Ghozylab Gallery - Photo Albums - Portfolio 1.3.47 Multiple cross-site scripting (XSS) vulnerabilities in includes/metaboxes.php in the Gallery - Photo Albums - Portfolio plugin 1.3.47 for WordPress allow remote authenticated users to inject arbitrary web script or HTML via the (1) Media Title or (2) Media Subtitle fields. | 3.5 |
2015-10-04 | CVE-2015-2027 | IBM | Permissions, Privileges, and Access Controls vulnerability in IBM Websphere Extreme Scale 7.1.0/7.1.0.2/7.1.1 IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3 and 7.1.1 before 7.1.1.1 improperly performs logout actions, which allows remote attackers to bypass intended access restrictions by leveraging an unattended workstation. | 2.1 |
2015-10-04 | CVE-2015-1933 | IBM | Information Exposure vulnerability in IBM products IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX001, and 7.6.0 before 7.6.0.1 IFIX001; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX001 and 7.6.0 before 7.6.0.1 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products do not have an off autocomplete attribute for the password field, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation. | 2.1 |