Weekly Vulnerabilities Reports > October 5 to 11, 2015

Overview

122 new vulnerabilities reported during this period, including 31 critical vulnerabilities and 22 high severity vulnerabilities. This weekly summary report vulnerabilities in 72 products from 38 vendors including Apple, Google, IBM, Redhat, and ICZ. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Permissions, Privileges, and Access Controls", "Information Exposure", "Improper Input Validation", and "Cross-site Scripting".

  • 91 reported vulnerabilities are remotely exploitables.
  • 10 reported vulnerabilities have public exploit available.
  • 16 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 100 reported vulnerabilities are exploitable by an anonymous user.
  • Apple has the most reported vulnerabilities, with 42 reported vulnerabilities.
  • Google has the most reported critical vulnerabilities, with 23 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

31 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2015-10-09 CVE-2015-5922 Apple
ICU Project
Memory Corruption vulnerability in ICU

Unspecified vulnerability in International Components for Unicode (ICU) before 53.1.0, as used in Apple OS X before 10.11 and watchOS before 2, has unknown impact and attack vectors.

10.0
2015-10-09 CVE-2015-5887 Apple Code vulnerability in Apple mac OS X

The TLS Handshake Protocol implementation in Secure Transport in Apple OS X before 10.11 accepts a Certificate Request message within a session in which no Server Key Exchange message has been sent, which allows remote attackers to have an unspecified impact via crafted TLS data.

10.0
2015-10-09 CVE-2015-5780 Apple Improper Input Validation vulnerability in Apple Safari

The Safari Extensions implementation in Apple Safari before 9 does not require user confirmation before replacing an installed extension, which has unspecified impact and attack vectors.

10.0
2015-10-06 CVE-2015-7716 Google Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android

libstagefright in Android 5.x before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 20721050, a different vulnerability than CVE-2015-3873.

10.0
2015-10-06 CVE-2015-6604 Google Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android

libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23129786.

10.0
2015-10-06 CVE-2015-6603 Google Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android

libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23227354.

10.0
2015-10-06 CVE-2015-6601 Google Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android

libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 22935234.

10.0
2015-10-06 CVE-2015-6600 Google Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android

libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 22882938.

10.0
2015-10-06 CVE-2015-6599 Google Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android

libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23416608.

10.0
2015-10-06 CVE-2015-6598 Google Improper Input Validation vulnerability in Google Android

libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23306638.

10.0
2015-10-06 CVE-2015-3877 Google Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android

Skia, as used in Android before 5.1.1 LMY48T, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 20723696.

10.0
2015-10-06 CVE-2015-3875 Google Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android

libutils in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted audio file, aka internal bug 22952485.

10.0
2015-10-06 CVE-2015-3874 Google Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android

The Sonivox components in Android before 5.1.1 LMY48T allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bugs 23335715, 23307276, and 23286323.

10.0
2015-10-06 CVE-2015-3873 Google Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android

libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bugs 23016072, 23248776, 23247055, 22845824, 22008959, 21814993, 21048776, 20718524, 20674674, 22388975, 20674086, 21443020, and 22077698, a different vulnerability than CVE-2015-7716.

10.0
2015-10-06 CVE-2015-3872 Google Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android

libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23346388.

10.0
2015-10-06 CVE-2015-3871 Google Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android

libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23031033.

10.0
2015-10-06 CVE-2015-3870 Google Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android

libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 22771132.

10.0
2015-10-06 CVE-2015-3869 Google Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android

libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23036083.

10.0
2015-10-06 CVE-2015-3868 Google Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android

libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23270724.

10.0
2015-10-06 CVE-2015-3867 Google Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android

libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23213430.

10.0
2015-10-06 CVE-2015-3823 Google Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android

libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 21335999.

10.0
2015-10-05 CVE-2015-7709 Arkeia Permissions, Privileges, and Access Controls vulnerability in Arkeia Western Digital Arkeia

The arkeiad daemon in the Arkeia Backup Agent in Western Digital Arkeia 11.0.12 and earlier allows remote attackers to bypass authentication and execute arbitrary commands via a series of crafted requests involving the ARKFS_EXEC_CMD operation.

10.0
2015-10-09 CVE-2015-5866 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X

IOHIDFamily in Apple OS X before 10.11 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

9.3
2015-10-06 CVE-2015-7717 Google Permissions, Privileges, and Access Controls vulnerability in Google Android

mediaserver in Android 5.x before 5.1.1 LMY48T and 6.0 before 2015-10-01 allows attackers to gain privileges via a crafted application, aka internal bug 19573085, a different vulnerability than CVE-2015-6596.

9.3
2015-10-06 CVE-2015-6606 Google Permissions, Privileges, and Access Controls vulnerability in Google Android

The Secure Element Evaluation Kit (aka SEEK or SmartCard API) plugin in Android before 5.1.1 LMY48T allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 22301786.

9.3
2015-10-06 CVE-2015-6596 Google Permissions, Privileges, and Access Controls vulnerability in Google Android

mediaserver in Android before 5.1.1 LMY48T allows attackers to gain privileges via a crafted application, aka internal bugs 20731946 and 20719651, a different vulnerability than CVE-2015-7717.

9.3
2015-10-06 CVE-2015-3879 Google Permissions, Privileges, and Access Controls vulnerability in Google Android

Media Player Framework in Android before 5.1.1 LMY48T allows attackers to gain privileges via a crafted application, aka internal bug 23223325.

9.3
2015-10-06 CVE-2015-3865 Google Permissions, Privileges, and Access Controls vulnerability in Google Android

The Runtime subsystem in Android before 5.1.1 LMY48T allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 23050463.

9.3
2015-10-09 CVE-2015-7766 Zohocorp Permissions, Privileges, and Access Controls vulnerability in Zohocorp Manageengine Opmanager 11.4/11.5/11.6

PGSQL:SubmitQuery.do in ZOHO ManageEngine OpManager 11.6, 11.5, and earlier allows remote administrators to bypass SQL query restrictions via a comment in the query to api/json/admin/SubmitQuery, as demonstrated by "INSERT/**/INTO."

9.0
2015-10-09 CVE-2015-7765 Zohocorp Hardcoded Password Information Disclosure vulnerability in Zohocorp Manageengine Opmanager 11.5

ZOHO ManageEngine OpManager 11.5 build 11600 and earlier uses a hardcoded password of "plugin" for the IntegrationUser account, which allows remote authenticated users to obtain administrator access by leveraging knowledge of this password.

9.0
2015-10-05 CVE-2015-7684 Glpi Project Unspecified vulnerability in Glpi-Project Glpi

Unrestricted file upload in GLPI before 0.85.3 allows remote authenticated users to execute arbitrary code by adding a file with an executable extension as an attachment to a new ticket, then accessing it via a direct request to the file in files/_tmp/.

9.0

22 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2015-10-06 CVE-2015-7686 Email Address Project Improper Input Validation vulnerability in Email-Address Project Email-Address

Algorithmic complexity vulnerability in Address.pm in the Email-Address module 1.908 and earlier for Perl allows remote attackers to cause a denial of service (CPU consumption) via a crafted string containing a list of e-mail addresses in conjunction with parenthesis characters that can be associated with nested comments.

7.8
2015-10-06 CVE-2015-3938 Mitsubishi Electric Resource Management Errors vulnerability in Mitsubishi Electric Melsec Fx3G

The HTTP application on Mitsubishi Electric MELSEC FX3G PLC devices before April 2015 allows remote attackers to cause a denial of service (device outage) via a long parameter.

7.8
2015-10-09 CVE-2015-7768 Konicaminolta Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Konicaminolta FTP Utility 1.0

Buffer overflow in Konica Minolta FTP Utility 1.0 allows remote attackers to execute arbitrary code via a long CWD command.

7.5
2015-10-09 CVE-2015-7767 Konicaminolta Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Konicaminolta FTP Utility 1.0

Buffer overflow in Konica Minolta FTP Utility 1.0 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a long USER command.

7.5
2015-10-05 CVE-2015-7392 Freeswitch Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Freeswitch 1.2/1.6.0

Heap-based buffer overflow in the parse_string function in libs/esl/src/esl_json.c in FreeSWITCH before 1.4.23 and 1.6.x before 1.6.2 allows remote attackers to execute arbitrary code via a trailing \u in a json string to cJSON_Parse.

7.5
2015-10-05 CVE-2015-5687 Anchorcms Code Injection vulnerability in Anchorcms Anchor CMS 0.9.1/0.9.2/0.9.3

system/session/drivers/cookie.php in Anchor CMS 0.9.x allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object in a cookie.

7.5
2015-10-09 CVE-2015-5919 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Watch OS

GasGauge in Apple watchOS before 2 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5918.

7.2
2015-10-09 CVE-2015-5918 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Watch OS

GasGauge in Apple watchOS before 2 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5919.

7.2
2015-10-09 CVE-2015-5891 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X

The SMB implementation in the kernel in Apple OS X before 10.11 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.

7.2
2015-10-09 CVE-2015-5890 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X

IOGraphics in Apple OS X before 10.11 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5871, CVE-2015-5872, and CVE-2015-5873.

7.2
2015-10-09 CVE-2015-5889 Apple Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X

rsh in the remote_cmds component in Apple OS X before 10.11 allows local users to obtain root privileges via vectors involving environment variables.

7.2
2015-10-09 CVE-2015-5888 Apple Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X

The Install Framework Legacy component in Apple OS X before 10.11 allows local users to obtain root privileges via vectors involving a privileged executable file.

7.2
2015-10-09 CVE-2015-5877 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X

The Intel Graphics Driver component in Apple OS X before 10.11 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5830.

7.2
2015-10-09 CVE-2015-5873 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X

IOGraphics in Apple OS X before 10.11 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5871, CVE-2015-5872, and CVE-2015-5890.

7.2
2015-10-09 CVE-2015-5872 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X

IOGraphics in Apple OS X before 10.11 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5871, CVE-2015-5873, and CVE-2015-5890.

7.2
2015-10-09 CVE-2015-5871 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X

IOGraphics in Apple OS X before 10.11 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5872, CVE-2015-5873, and CVE-2015-5890.

7.2
2015-10-09 CVE-2015-5833 Apple 7PK - Security Features vulnerability in Apple mac OS X

The Login Window component in Apple OS X before 10.11 does not ensure that the screen is locked at the intended time, which allows physically proximate attackers to obtain access by visiting an unattended workstation.

7.2
2015-10-09 CVE-2015-5830 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X

The Intel Graphics Driver component in Apple OS X before 10.11 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5877.

7.2
2015-10-06 CVE-2015-7600 Cisco Permissions, Privileges, and Access Controls vulnerability in Cisco VPN Client

Cisco VPN Client 5.x through 5.0.07.0440 uses weak permissions for vpnclient.ini, which allows local users to gain privileges by entering an arbitrary program name in the Command field of the ApplicationLauncher section.

7.2
2015-10-06 CVE-2015-5652 Python
Microsoft
Remote Code Execution vulnerability in Python DLL Loading 'readline.pyd'

Untrusted search path vulnerability in python.exe in Python through 3.5.0 on Windows allows local users to gain privileges via a Trojan horse readline.pyd file in the current working directory.

7.2
2015-10-09 CVE-2015-5900 Apple 7PK - Security Features vulnerability in Apple mac OS X

The protected range register in the EFI component in Apple OS X before 10.11 has an incorrect value, which allows attackers to cause a denial of service (boot failure) via a crafted app that writes to an unintended address.

7.1
2015-10-08 CVE-2015-5649 Cybozu Improper Authentication vulnerability in Cybozu Garoon

Cybozu Garoon 3.x through 3.7.5 and 4.x through 4.0.3 mishandles authentication requests, which allows remote authenticated users to conduct LDAP injection attacks, and consequently bypass intended login restrictions or obtain sensitive information, by leveraging certain group-administration privileges.

7.0

51 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2015-10-09 CVE-2015-5234 Redhat
Opensuse
Fedoraproject
Improper Input Validation vulnerability in multiple products

IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly sanitize applet URLs, which allows remote attackers to inject applets into the .appletTrustSettings configuration file and bypass user approval to execute the applet via a crafted web page, possibly related to line breaks.

6.8
2015-10-09 CVE-2015-1337 Simpestreams Project
Canonical
Improper Input Validation vulnerability in multiple products

Simple Streams (simplestreams) does not properly verify the GPG signatures of disk image files, which allows remote mirror servers to spoof disk images and have unspecified other impact via a 403 (aka Forbidden) response.

6.8
2015-10-09 CVE-2015-5913 Apple Improper Access Control vulnerability in Apple mac OS X

Heimdal, as used in Apple OS X before 10.11, allows remote attackers to conduct replay attacks against the SMB server via packet data that represents a Kerberos authenticated request.

6.8
2015-10-09 CVE-2015-5849 Apple Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X

The filtering implementation in AppleEvents in Apple OS X before 10.11 mishandles attempts to send events to a different user, which allows attackers to bypass intended access restrictions by leveraging a screen-sharing connection.

6.8
2015-10-06 CVE-2015-6607 Sqlite
Google
Permissions, Privileges, and Access Controls vulnerability in Sqlite

SQLite before 3.8.9, as used in Android before 5.1.1 LMY48T, allows attackers to gain privileges via a crafted application, aka internal bug 20099586.

6.8
2015-10-06 CVE-2015-5644 ICZ Code Injection vulnerability in ICZ Matchasns

The installer in ICZ MATCHA SNS before 1.3.7 does not properly configure the database, which allows remote attackers to execute arbitrary PHP code via unspecified vectors.

6.8
2015-10-06 CVE-2015-5643 ICZ Code Injection vulnerability in ICZ Matchasns

The installer in ICZ MATCHA INVOICE before 2.5.7 does not properly configure the database, which allows remote attackers to execute arbitrary PHP code via unspecified vectors.

6.8
2015-10-06 CVE-2014-9751 NTP
Redhat
Debian
Oracle
Improper Input Validation vulnerability in multiple products

The read_network_packet function in ntp_io.c in ntpd in NTP 4.x before 4.2.8p1 on Linux and OS X does not properly determine whether a source IP address is an IPv6 loopback address, which makes it easier for remote attackers to spoof restricted packets, and read or write to the runtime state, by leveraging the ability to reach the ntpd machine's network interface with a packet from the ::1 address.

6.8
2015-10-11 CVE-2015-5659 Network Applied Communication Laboratory SQL Injection vulnerability in Network Applied Communication Laboratory Shimane Prefecture CMS 2.0.0

SQL injection vulnerability in Network Applied Communication Laboratory Pref Shimane CMS 2.x before 2.0.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

6.5
2015-10-11 CVE-2015-5648 Loenshotel SQL Injection vulnerability in Loenshotel PHPrechnung

SQL injection vulnerability in list.php in phpRechnung before 1.6.5 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

6.5
2015-10-06 CVE-2015-5645 ICZ Permissions, Privileges, and Access Controls vulnerability in ICZ Matchasns

ICZ MATCHA SNS before 1.3.7 allows remote authenticated users to obtain administrative privileges via unspecified vectors.

6.5
2015-10-06 CVE-2015-5642 ICZ SQL Injection vulnerability in ICZ Matchasns

Multiple SQL injection vulnerabilities in ICZ MATCHA INVOICE before 2.5.7 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

6.5
2015-10-06 CVE-2015-5641 Basercms SQL Injection vulnerability in Basercms

SQL injection vulnerability in baserCMS before 3.0.8 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

6.5
2015-10-06 CVE-2015-5640 Basercms Permissions, Privileges, and Access Controls vulnerability in Basercms

baserCMS before 3.0.8 allows remote authenticated users to modify arbitrary user settings via a crafted request.

6.5
2015-10-06 CVE-2015-4967 IBM SQL Injection vulnerability in IBM products

SQL injection vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX004, and 7.6.0 before 7.6.0.1 IFIX002; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX004 and 7.6.0 before 7.6.0.1 IFIX002 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

6.5
2015-10-05 CVE-2015-7707 Igniterealtime Permissions, Privileges, and Access Controls vulnerability in Igniterealtime Openfire 3.10.2

Ignite Realtime Openfire 3.10.2 allows remote authenticated users to gain administrator access via the isadmin parameter to user-edit-form.jsp.

6.5
2015-10-06 CVE-2015-3847 Google Permissions, Privileges, and Access Controls vulnerability in Google Android

Bluetooth in Android before 5.1.1 LMY48T allows attackers to remove stored SMS messages via a crafted application, aka internal bug 22343270.

6.4
2015-10-08 CVE-2015-6311 Cisco Resource Management Errors vulnerability in Cisco Wireless LAN Controller 7.0(240.0)/7.3(101.0)/7.4(1.19)

Cisco Wireless LAN Controller (WLC) devices with software 7.0(240.0), 7.3(101.0), and 7.4(1.19) allow remote attackers to cause a denial of service (device outage) by sending malformed 802.11i management data to a managed access point, aka Bug ID CSCub65236.

6.1
2015-10-06 CVE-2015-4964 IBM Permissions, Privileges, and Access Controls vulnerability in IBM Urbancode Deploy

IBM UrbanCode Deploy 6.0 and 6.0.1.x before 6.0.1.10, 6.1.1.x before 6.1.1.8, and 6.1.2 writes admin AUTH_TOKEN values to execution logs, which allows remote authenticated users to gain privileges by leveraging the ability to create and execute a process.

6.0
2015-10-06 CVE-2014-9750 NTP
Redhat
Debian
Oracle
Improper Input Validation vulnerability in NTP

ntp_crypto.c in ntpd in NTP 4.x before 4.2.8p1, when Autokey Authentication is enabled, allows remote attackers to obtain sensitive information from process memory or cause a denial of service (daemon crash) via a packet containing an extension field with an invalid value for the length of its value field.

5.8
2015-10-09 CVE-2015-7761 Apple Information Exposure vulnerability in Apple mac OS X

Mail in Apple OS X before 10.11 does not properly recognize user preferences, which allows attackers to obtain sensitive information via an unspecified action during the printing of an e-mail message, a different vulnerability than CVE-2015-7760.

5.0
2015-10-09 CVE-2015-7760 Apple Resource Management Errors vulnerability in Apple mac OS X

libxpc in launchd in Apple OS X before 10.11 does not restrict the creation of processes for network connections, which allows remote attackers to cause a denial of service (resource consumption) by repeatedly connecting to the SSH port, a different vulnerability than CVE-2015-7761.

5.0
2015-10-09 CVE-2015-5917 Netbsd
Apple
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Netbsd Tnftpd

The glob implementation in tnftpd (formerly lukemftpd), as used in Apple OS X before 10.11, allows remote attackers to cause a denial of service (memory consumption and daemon outage) via a STAT command containing a crafted pattern, as demonstrated by multiple instances of the {..,..,..}/* substring.

5.0
2015-10-09 CVE-2015-5915 Apple Code vulnerability in Apple mac OS X

Apple OS X before 10.11 does not ensure that the keychain's lock state is displayed correctly, which has unspecified impact and attack vectors.

5.0
2015-10-09 CVE-2015-5883 Apple Improper Input Validation vulnerability in Apple mac OS X

The bidirectional text-display and text-selection implementations in Terminal in Apple OS X before 10.11 interpret directional override formatting characters differently, which allows remote attackers to spoof the content of a text document via a crafted character sequence.

5.0
2015-10-08 CVE-2015-6310 Cisco Resource Management Errors vulnerability in Cisco Unified Communications Manager IM and Presence Service 11.5(1)

The REST interface in Cisco Unified Communications Manager IM and Presence Service 11.5(1) allows remote attackers to cause a denial of service (SIP proxy service restart) via a crafted HTTP request, aka Bug ID CSCuw31632.

5.0
2015-10-06 CVE-2015-7718 Google Unspecified vulnerability in Google Android

mediaserver in Android 5.x before 5.1.1 LMY48T and 6.0 before 2015-10-01 allows attackers to cause a denial of service (process crash) via unspecified vectors, aka internal bug 22278703, a different vulnerability than CVE-2015-6605.

5.0
2015-10-06 CVE-2015-6605 Google Unspecified vulnerability in Google Android

mediaserver in Android before 5.1.1 LMY48T allows attackers to cause a denial of service (process crash) via unspecified vectors, aka internal bugs 20915134 and 23142203, a different vulnerability than CVE-2015-7718.

5.0
2015-10-06 CVE-2015-3862 Google Unspecified vulnerability in Google Android

mediaserver in Android before 5.1.1 LMY48T allows attackers to cause a denial of service (process crash) via unspecified vectors, aka internal bug 22954006.

5.0
2015-10-06 CVE-2015-5650 Ajaxplorer Path Traversal vulnerability in Ajaxplorer 2.0

Directory traversal vulnerability in AjaXplorer 2.0 allows remote attackers to read arbitrary files via unspecified vectors.

5.0
2015-10-06 CVE-2015-0987 Omron Information Exposure vulnerability in Omron Cj2H Plc, Cj2M PLC and Cx-Programmer

Omron CX-One CX-Programmer before 9.6, CJ2M PLC devices before 2.1, and CJ2H PLC devices before 1.5 rely on cleartext password transmission, which allows remote attackers to obtain sensitive information by sniffing the network during a PLC unlock request.

5.0
2015-10-05 CVE-2015-7322 Juniper Information Exposure vulnerability in Juniper Pulse Connect Secure

The Secure Meeting (Pulse Collaboration) in Pulse Connect Secure (formerly Juniper Junos Pulse) before 7.1R22.1, 7.4, 8.0 before 8.0R11, and 8.1 before 8.1R3 provides different messages for attempts to join a meeting depending on the status of the meeting, which allows remote attackers to enumerate valid meeting ids via a series of requests.

5.0
2015-10-09 CVE-2015-5902 Apple Multiple Security vulnerability in Apple Mac OS X Prior to 10.11

The debugging feature in the kernel in Apple OS X before 10.11 mismanages state, which allows local users to cause a denial of service via unspecified vectors.

4.9
2015-10-09 CVE-2015-5914 Apple Code vulnerability in Apple mac OS X

The EFI component in Apple OS X before 10.11 allows physically proximate attackers to modify firmware during the EFI update process by inserting an Apple Ethernet Thunderbolt adapter with crafted code in an Option ROM, aka a "Thunderstrike" issue.

4.7
2015-10-09 CVE-2015-5897 Apple Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X

The Address Book framework in Apple OS X before 10.11 allows local users to gain privileges by using an environment variable to inject code into processes that rely on this framework.

4.6
2015-10-11 CVE-2015-5654 Dojotoolkit Cross-site Scripting vulnerability in Dojotoolkit Dojo

Cross-site scripting (XSS) vulnerability in Dojo Toolkit before 1.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2015-10-09 CVE-2015-5235 Fedoraproject
Redhat
Opensuse
Improper Input Validation vulnerability in multiple products

IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly determine the origin of unsigned applets, which allows remote attackers to bypass the approval process or trick users into approving applet execution via a crafted web page.

4.3
2015-10-09 CVE-2015-5894 Apple Code vulnerability in Apple mac OS X

The X.509 certificate-trust implementation in Apple OS X before 10.11 does not recognize that the kSecRevocationRequirePositiveResponse flag implies a revocation-checking requirement, which makes it easier for man-in-the-middle attackers to spoof endpoints by leveraging access to a revoked certificate.

4.3
2015-10-09 CVE-2015-5865 Apple Information Exposure vulnerability in Apple mac OS X

IOGraphics in Apple OS X before 10.11 allows attackers to obtain sensitive kernel memory-layout information via a crafted app.

4.3
2015-10-09 CVE-2015-5836 Apple Information Exposure vulnerability in Apple mac OS X

Apple Online Store Kit in Apple OS X before 10.11 improperly validates iCloud keychain item ACLs, which allows attackers to obtain access to keychain items via a crafted app.

4.3
2015-10-09 CVE-2015-5828 Opensuse
Apple
Improper Input Validation vulnerability in multiple products

The API in the WebKit Plug-ins component in Apple Safari before 9 does not provide notification of an HTTP Redirection (aka 3xx) status code to a plugin, which allows remote attackers to bypass intended request restrictions via a crafted web site.

4.3
2015-10-06 CVE-2015-3878 Google Permissions, Privileges, and Access Controls vulnerability in Google Android 5.0/5.1

Media Projection in Android 5.x before 5.1.1 LMY48T and 6.0 before 2015-10-01 allows attackers to bypass an intended screen-recording warning feature and obtain sensitive screen-snapshot information via a crafted application that references a long application name, aka internal bug 23345192.

4.3
2015-10-06 CVE-2015-7314 Gollum Project Information Exposure vulnerability in Gollum Project Gollum 4.0

The Precious module in gollum before 4.0.1 allows remote attackers to read arbitrary files by leveraging the lack of a certain temporary-file check.

4.3
2015-10-06 CVE-2015-5022 IBM Information Exposure vulnerability in IBM B2B Advanced Communications 1.0.0.1/1.0.0.2/1.0.0.3

IBM Multi-Enterprise Integration Gateway 1.x through 1.0.0.1 and B2B Advanced Communications 1.0.0.2 and 1.0.0.3 before 1.0.0.3_2, when access by guests is enabled, place an internal hostname and a payload path in a response, which allows remote authenticated users to obtain sensitive information by leveraging a trading-partner relationship and reading response fields.

4.3
2015-10-06 CVE-2015-4973 IBM Cross-site Scripting vulnerability in IBM B2B Advanced Communications 1.0.0.1/1.0.0.2/1.0.0.3

Cross-site scripting (XSS) vulnerability in IBM Multi-Enterprise Integration Gateway 1.x through 1.0.0.1 and B2B Advanced Communications 1.0.0.2 and 1.0.0.3 before 1.0.0.3_2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

4.3
2015-10-06 CVE-2015-4939 IBM Cross-site Scripting vulnerability in IBM products

Cross-site scripting (XSS) vulnerability in IBM Emptoris Supplier Lifecycle Management and Emptoris Program Management 10.x before 10.0.1.4_iFix3, 10.0.2.x before 10.0.2.7_iFix1, 10.0.3.x before 10.0.3.2, and 10.0.4.x before 10.0.4.0_iFix1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

4.3
2015-10-05 CVE-2015-7708 4Homepages Cross-site Scripting vulnerability in 4Homepages 4Images

Cross-site scripting (XSS) vulnerability in 4images 1.7.11 and earlier allows remote attackers to inject arbitrary web script or HTML via the cat_description parameter in an updatecat action to admin/categories.php.

4.3
2015-10-11 CVE-2015-4929 IBM Information Exposure vulnerability in IBM License Metric Tool

IBM License Metric Tool 9 before 9.2.1.0 and Endpoint Manager for Software Use Analysis 9 before 9.2.1.0 allow remote authenticated users to bypass intended access restrictions and obtain sensitive information via a REST API request.

4.0
2015-10-06 CVE-2015-5024 IBM Information Exposure vulnerability in IBM Emptoris Sourcing

IBM Emptoris Sourcing 10.0.2.0 before iFix6, 10.0.2.2 before iFix11, 10.0.2.3, 10.0.2.5 before iFix4, 10.0.2.6 before iFix8, 10.0.2.7 before iFix1, and 10.0.4.x before iFix2 allows remote authenticated users to obtain sensitive supplier-bid information via unspecified vectors.

4.0
2015-10-06 CVE-2015-4965 IBM Information Exposure vulnerability in IBM products

maximouiweb/webmodule/webclient/utility/merlin.jsp in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX004, and 7.6.0 before 7.6.0.1 IFIX002; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX004 and 7.6.0 before 7.6.0.1 IFIX002 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allows remote authenticated users to obtain sensitive information by reading a (1) backup or (2) debug application file.

4.0
2015-10-05 CVE-2015-7685 Glpi Project Permissions, Privileges, and Access Controls vulnerability in Glpi-Project Glpi

GLPI before 0.85.3 allows remote authenticated users to create super-admin accounts by leveraging permissions to create a user and the _profiles_id parameter to front/user.form.php.

4.0

18 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2015-10-06 CVE-2015-6549 Symantec Cross-site Scripting vulnerability in Symantec Netbackup Opscenter

Cross-site scripting (XSS) vulnerability in an application console in the server in Symantec NetBackup OpsCenter before 7.7.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

3.5
2015-10-06 CVE-2015-4992 IBM Improper Input Validation vulnerability in IBM Sterling B2B Integrator 5.2

IBM Sterling B2B Integrator 5.2 before 5020500_8 allows remote authenticated users to conduct clickjacking attacks via unspecified vectors.

3.5
2015-10-06 CVE-2015-4971 IBM Cross-site Scripting vulnerability in IBM Emptoris and Emptoris Program Management

Cross-site scripting (XSS) vulnerability in IBM Emptoris Strategic Supply Management Platform and Emptoris Program Management 10.x before 10.0.1.4_iFix3, 10.0.2.x before 10.0.2.7_iFix1, 10.0.3.x before 10.0.3.2, and 10.0.4.x before 10.0.4.0_iFix1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

3.5
2015-10-06 CVE-2015-4944 IBM Cross-site Scripting vulnerability in IBM products

Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX003, and 7.6.0 before 7.6.0.1 IFIX001; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX003 and 7.6.0 before 7.6.0.1 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

3.5
2015-10-05 CVE-2015-7323 Juniper Permissions, Privileges, and Access Controls vulnerability in Juniper Pulse Connect Secure

The Secure Meeting (Pulse Collaboration) in Pulse Connect Secure (formerly Juniper Junos Pulse) before 7.1R22.1, 7.4, 8.0 before 8.0R11, and 8.1 before 8.1R3 allows remote authenticated users to bypass intended access restrictions and log into arbitrary meetings by leveraging a meeting id and meetingAppSun.jar.

3.5
2015-10-09 CVE-2015-5884 Apple Information Exposure vulnerability in Apple mac OS X

The Mail Drop feature in Mail in Apple OS X before 10.11 mishandles encryption parameters for attachments, which makes it easier for remote attackers to obtain sensitive information by sniffing the network during transmission of an S/MIME e-mail message with a large attachment.

3.3
2015-10-09 CVE-2015-5853 Apple Information Exposure vulnerability in Apple mac OS X

AirScan in Apple OS X before 10.11 allows man-in-the-middle attackers to obtain eSCL packet payload data via unspecified vectors.

3.3
2015-10-09 CVE-2015-5923 Apple Information Exposure vulnerability in Apple Iphone OS

Apple iOS before 9.0.2 does not properly restrict the options available on the lock screen, which allows physically proximate attackers to read contact data or view photos via unspecified vectors.

2.1
2015-10-09 CVE-2015-5901 Apple Information Exposure vulnerability in Apple mac OS X

The Secure Empty Trash feature in Finder in Apple OS X before 10.11 improperly deletes Trash files, which might allow local users to obtain sensitive information by reading storage media, as demonstrated by reading a flash drive.

2.1
2015-10-09 CVE-2015-5893 Apple Information Exposure vulnerability in Apple mac OS X

SMBClient in SMB in Apple OS X before 10.11 allows local users to obtain sensitive kernel memory-layout information via unspecified vectors.

2.1
2015-10-09 CVE-2015-5878 Apple Information Exposure vulnerability in Apple mac OS X

Notes in Apple OS X before 10.11 misparses links, which allows local users to obtain sensitive information via unspecified vectors.

2.1
2015-10-09 CVE-2015-5875 Apple Cross-site Scripting vulnerability in Apple mac OS X

Cross-site scripting (XSS) vulnerability in Notes in Apple OS X before 10.11 allows local users to inject arbitrary web script or HTML via crafted text.

2.1
2015-10-09 CVE-2015-5870 Apple Information Exposure vulnerability in Apple mac OS X

The debugging interfaces in the kernel in Apple OS X before 10.11 allow local users to obtain sensitive memory-layout information via unspecified vectors.

2.1
2015-10-09 CVE-2015-5864 Apple Information Exposure vulnerability in Apple mac OS X

IOAudioFamily in Apple OS X before 10.11 allows local users to obtain sensitive kernel memory-layout information via unspecified vectors.

2.1
2015-10-09 CVE-2015-5854 Apple Information Exposure vulnerability in Apple mac OS X

The backup implementation in Time Machine in Apple OS X before 10.11 allows local users to obtain access to keychain items via unspecified vectors.

2.1
2015-10-06 CVE-2015-1015 Omron Information Exposure vulnerability in Omron Cj2H Plc, Cj2M PLC and Cx-Programmer

Omron CX-One CX-Programmer before 9.6, CJ2M PLC devices before 2.1, and CJ2H PLC devices before 1.5 use a reversible format for password storage in object files on Compact Flash cards, which makes it easier for local users to obtain sensitive information by reading a file.

2.1
2015-10-06 CVE-2015-0988 Omron Information Exposure vulnerability in Omron Cx-Programmer

Omron CX-One CX-Programmer before 9.6 uses a reversible format for password storage in project source-code files, which makes it easier for local users to obtain sensitive information by reading a file.

2.1
2015-10-09 CVE-2015-3785 Apple Multiple Security vulnerability in Apple Mac OS X Prior to 10.11

The Telephony component in Apple OS X before 10.11, when the Continuity feature is enabled, allows local users to bypass intended telephone-call restrictions via unspecified vectors.

1.9