Weekly Vulnerabilities Reports > October 5 to 11, 2015
Overview
122 new vulnerabilities reported during this period, including 31 critical vulnerabilities and 22 high severity vulnerabilities. This weekly summary report vulnerabilities in 72 products from 38 vendors including Apple, Google, IBM, Redhat, and ICZ. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Permissions, Privileges, and Access Controls", "Information Exposure", "Improper Input Validation", and "Cross-site Scripting".
- 91 reported vulnerabilities are remotely exploitables.
- 10 reported vulnerabilities have public exploit available.
- 16 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 100 reported vulnerabilities are exploitable by an anonymous user.
- Apple has the most reported vulnerabilities, with 42 reported vulnerabilities.
- Google has the most reported critical vulnerabilities, with 23 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
31 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2015-10-09 | CVE-2015-5922 | Apple ICU Project | Memory Corruption vulnerability in ICU Unspecified vulnerability in International Components for Unicode (ICU) before 53.1.0, as used in Apple OS X before 10.11 and watchOS before 2, has unknown impact and attack vectors. | 10.0 |
2015-10-09 | CVE-2015-5887 | Apple | Code vulnerability in Apple mac OS X The TLS Handshake Protocol implementation in Secure Transport in Apple OS X before 10.11 accepts a Certificate Request message within a session in which no Server Key Exchange message has been sent, which allows remote attackers to have an unspecified impact via crafted TLS data. | 10.0 |
2015-10-09 | CVE-2015-5780 | Apple | Improper Input Validation vulnerability in Apple Safari The Safari Extensions implementation in Apple Safari before 9 does not require user confirmation before replacing an installed extension, which has unspecified impact and attack vectors. | 10.0 |
2015-10-06 | CVE-2015-7716 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android libstagefright in Android 5.x before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 20721050, a different vulnerability than CVE-2015-3873. | 10.0 | |
2015-10-06 | CVE-2015-6604 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23129786. | 10.0 | |
2015-10-06 | CVE-2015-6603 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23227354. | 10.0 | |
2015-10-06 | CVE-2015-6601 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 22935234. | 10.0 | |
2015-10-06 | CVE-2015-6600 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 22882938. | 10.0 | |
2015-10-06 | CVE-2015-6599 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23416608. | 10.0 | |
2015-10-06 | CVE-2015-6598 | Improper Input Validation vulnerability in Google Android libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23306638. | 10.0 | |
2015-10-06 | CVE-2015-3877 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android Skia, as used in Android before 5.1.1 LMY48T, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 20723696. | 10.0 | |
2015-10-06 | CVE-2015-3875 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android libutils in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted audio file, aka internal bug 22952485. | 10.0 | |
2015-10-06 | CVE-2015-3874 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android The Sonivox components in Android before 5.1.1 LMY48T allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bugs 23335715, 23307276, and 23286323. | 10.0 | |
2015-10-06 | CVE-2015-3873 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bugs 23016072, 23248776, 23247055, 22845824, 22008959, 21814993, 21048776, 20718524, 20674674, 22388975, 20674086, 21443020, and 22077698, a different vulnerability than CVE-2015-7716. | 10.0 | |
2015-10-06 | CVE-2015-3872 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23346388. | 10.0 | |
2015-10-06 | CVE-2015-3871 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23031033. | 10.0 | |
2015-10-06 | CVE-2015-3870 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 22771132. | 10.0 | |
2015-10-06 | CVE-2015-3869 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23036083. | 10.0 | |
2015-10-06 | CVE-2015-3868 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23270724. | 10.0 | |
2015-10-06 | CVE-2015-3867 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23213430. | 10.0 | |
2015-10-06 | CVE-2015-3823 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 21335999. | 10.0 | |
2015-10-05 | CVE-2015-7709 | Arkeia | Permissions, Privileges, and Access Controls vulnerability in Arkeia Western Digital Arkeia The arkeiad daemon in the Arkeia Backup Agent in Western Digital Arkeia 11.0.12 and earlier allows remote attackers to bypass authentication and execute arbitrary commands via a series of crafted requests involving the ARKFS_EXEC_CMD operation. | 10.0 |
2015-10-09 | CVE-2015-5866 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X IOHIDFamily in Apple OS X before 10.11 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | 9.3 |
2015-10-06 | CVE-2015-7717 | Permissions, Privileges, and Access Controls vulnerability in Google Android mediaserver in Android 5.x before 5.1.1 LMY48T and 6.0 before 2015-10-01 allows attackers to gain privileges via a crafted application, aka internal bug 19573085, a different vulnerability than CVE-2015-6596. | 9.3 | |
2015-10-06 | CVE-2015-6606 | Permissions, Privileges, and Access Controls vulnerability in Google Android The Secure Element Evaluation Kit (aka SEEK or SmartCard API) plugin in Android before 5.1.1 LMY48T allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 22301786. | 9.3 | |
2015-10-06 | CVE-2015-6596 | Permissions, Privileges, and Access Controls vulnerability in Google Android mediaserver in Android before 5.1.1 LMY48T allows attackers to gain privileges via a crafted application, aka internal bugs 20731946 and 20719651, a different vulnerability than CVE-2015-7717. | 9.3 | |
2015-10-06 | CVE-2015-3879 | Permissions, Privileges, and Access Controls vulnerability in Google Android Media Player Framework in Android before 5.1.1 LMY48T allows attackers to gain privileges via a crafted application, aka internal bug 23223325. | 9.3 | |
2015-10-06 | CVE-2015-3865 | Permissions, Privileges, and Access Controls vulnerability in Google Android The Runtime subsystem in Android before 5.1.1 LMY48T allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 23050463. | 9.3 | |
2015-10-09 | CVE-2015-7766 | Zohocorp | Permissions, Privileges, and Access Controls vulnerability in Zohocorp Manageengine Opmanager 11.4/11.5/11.6 PGSQL:SubmitQuery.do in ZOHO ManageEngine OpManager 11.6, 11.5, and earlier allows remote administrators to bypass SQL query restrictions via a comment in the query to api/json/admin/SubmitQuery, as demonstrated by "INSERT/**/INTO." | 9.0 |
2015-10-09 | CVE-2015-7765 | Zohocorp | Hardcoded Password Information Disclosure vulnerability in Zohocorp Manageengine Opmanager 11.5 ZOHO ManageEngine OpManager 11.5 build 11600 and earlier uses a hardcoded password of "plugin" for the IntegrationUser account, which allows remote authenticated users to obtain administrator access by leveraging knowledge of this password. | 9.0 |
2015-10-05 | CVE-2015-7684 | Glpi Project | Unspecified vulnerability in Glpi-Project Glpi Unrestricted file upload in GLPI before 0.85.3 allows remote authenticated users to execute arbitrary code by adding a file with an executable extension as an attachment to a new ticket, then accessing it via a direct request to the file in files/_tmp/. | 9.0 |
22 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2015-10-06 | CVE-2015-7686 | Email Address Project | Improper Input Validation vulnerability in Email-Address Project Email-Address Algorithmic complexity vulnerability in Address.pm in the Email-Address module 1.908 and earlier for Perl allows remote attackers to cause a denial of service (CPU consumption) via a crafted string containing a list of e-mail addresses in conjunction with parenthesis characters that can be associated with nested comments. | 7.8 |
2015-10-06 | CVE-2015-3938 | Mitsubishi Electric | Resource Management Errors vulnerability in Mitsubishi Electric Melsec Fx3G The HTTP application on Mitsubishi Electric MELSEC FX3G PLC devices before April 2015 allows remote attackers to cause a denial of service (device outage) via a long parameter. | 7.8 |
2015-10-09 | CVE-2015-7768 | Konicaminolta | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Konicaminolta FTP Utility 1.0 Buffer overflow in Konica Minolta FTP Utility 1.0 allows remote attackers to execute arbitrary code via a long CWD command. | 7.5 |
2015-10-09 | CVE-2015-7767 | Konicaminolta | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Konicaminolta FTP Utility 1.0 Buffer overflow in Konica Minolta FTP Utility 1.0 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a long USER command. | 7.5 |
2015-10-05 | CVE-2015-7392 | Freeswitch | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Freeswitch 1.2/1.6.0 Heap-based buffer overflow in the parse_string function in libs/esl/src/esl_json.c in FreeSWITCH before 1.4.23 and 1.6.x before 1.6.2 allows remote attackers to execute arbitrary code via a trailing \u in a json string to cJSON_Parse. | 7.5 |
2015-10-05 | CVE-2015-5687 | Anchorcms | Code Injection vulnerability in Anchorcms Anchor CMS 0.9.1/0.9.2/0.9.3 system/session/drivers/cookie.php in Anchor CMS 0.9.x allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object in a cookie. | 7.5 |
2015-10-09 | CVE-2015-5919 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Watch OS GasGauge in Apple watchOS before 2 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5918. | 7.2 |
2015-10-09 | CVE-2015-5918 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Watch OS GasGauge in Apple watchOS before 2 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5919. | 7.2 |
2015-10-09 | CVE-2015-5891 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X The SMB implementation in the kernel in Apple OS X before 10.11 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors. | 7.2 |
2015-10-09 | CVE-2015-5890 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X IOGraphics in Apple OS X before 10.11 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5871, CVE-2015-5872, and CVE-2015-5873. | 7.2 |
2015-10-09 | CVE-2015-5889 | Apple | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X rsh in the remote_cmds component in Apple OS X before 10.11 allows local users to obtain root privileges via vectors involving environment variables. | 7.2 |
2015-10-09 | CVE-2015-5888 | Apple | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X The Install Framework Legacy component in Apple OS X before 10.11 allows local users to obtain root privileges via vectors involving a privileged executable file. | 7.2 |
2015-10-09 | CVE-2015-5877 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X The Intel Graphics Driver component in Apple OS X before 10.11 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5830. | 7.2 |
2015-10-09 | CVE-2015-5873 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X IOGraphics in Apple OS X before 10.11 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5871, CVE-2015-5872, and CVE-2015-5890. | 7.2 |
2015-10-09 | CVE-2015-5872 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X IOGraphics in Apple OS X before 10.11 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5871, CVE-2015-5873, and CVE-2015-5890. | 7.2 |
2015-10-09 | CVE-2015-5871 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X IOGraphics in Apple OS X before 10.11 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5872, CVE-2015-5873, and CVE-2015-5890. | 7.2 |
2015-10-09 | CVE-2015-5833 | Apple | 7PK - Security Features vulnerability in Apple mac OS X The Login Window component in Apple OS X before 10.11 does not ensure that the screen is locked at the intended time, which allows physically proximate attackers to obtain access by visiting an unattended workstation. | 7.2 |
2015-10-09 | CVE-2015-5830 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X The Intel Graphics Driver component in Apple OS X before 10.11 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5877. | 7.2 |
2015-10-06 | CVE-2015-7600 | Cisco | Permissions, Privileges, and Access Controls vulnerability in Cisco VPN Client Cisco VPN Client 5.x through 5.0.07.0440 uses weak permissions for vpnclient.ini, which allows local users to gain privileges by entering an arbitrary program name in the Command field of the ApplicationLauncher section. | 7.2 |
2015-10-06 | CVE-2015-5652 | Python Microsoft | Remote Code Execution vulnerability in Python DLL Loading 'readline.pyd' Untrusted search path vulnerability in python.exe in Python through 3.5.0 on Windows allows local users to gain privileges via a Trojan horse readline.pyd file in the current working directory. | 7.2 |
2015-10-09 | CVE-2015-5900 | Apple | 7PK - Security Features vulnerability in Apple mac OS X The protected range register in the EFI component in Apple OS X before 10.11 has an incorrect value, which allows attackers to cause a denial of service (boot failure) via a crafted app that writes to an unintended address. | 7.1 |
2015-10-08 | CVE-2015-5649 | Cybozu | Improper Authentication vulnerability in Cybozu Garoon Cybozu Garoon 3.x through 3.7.5 and 4.x through 4.0.3 mishandles authentication requests, which allows remote authenticated users to conduct LDAP injection attacks, and consequently bypass intended login restrictions or obtain sensitive information, by leveraging certain group-administration privileges. | 7.0 |
51 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2015-10-09 | CVE-2015-5234 | Redhat Opensuse Fedoraproject | Improper Input Validation vulnerability in multiple products IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly sanitize applet URLs, which allows remote attackers to inject applets into the .appletTrustSettings configuration file and bypass user approval to execute the applet via a crafted web page, possibly related to line breaks. | 6.8 |
2015-10-09 | CVE-2015-1337 | Simpestreams Project Canonical | Improper Input Validation vulnerability in multiple products Simple Streams (simplestreams) does not properly verify the GPG signatures of disk image files, which allows remote mirror servers to spoof disk images and have unspecified other impact via a 403 (aka Forbidden) response. | 6.8 |
2015-10-09 | CVE-2015-5913 | Apple | Improper Access Control vulnerability in Apple mac OS X Heimdal, as used in Apple OS X before 10.11, allows remote attackers to conduct replay attacks against the SMB server via packet data that represents a Kerberos authenticated request. | 6.8 |
2015-10-09 | CVE-2015-5849 | Apple | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X The filtering implementation in AppleEvents in Apple OS X before 10.11 mishandles attempts to send events to a different user, which allows attackers to bypass intended access restrictions by leveraging a screen-sharing connection. | 6.8 |
2015-10-06 | CVE-2015-6607 | Sqlite | Permissions, Privileges, and Access Controls vulnerability in Sqlite SQLite before 3.8.9, as used in Android before 5.1.1 LMY48T, allows attackers to gain privileges via a crafted application, aka internal bug 20099586. | 6.8 |
2015-10-06 | CVE-2015-5644 | ICZ | Code Injection vulnerability in ICZ Matchasns The installer in ICZ MATCHA SNS before 1.3.7 does not properly configure the database, which allows remote attackers to execute arbitrary PHP code via unspecified vectors. | 6.8 |
2015-10-06 | CVE-2015-5643 | ICZ | Code Injection vulnerability in ICZ Matchasns The installer in ICZ MATCHA INVOICE before 2.5.7 does not properly configure the database, which allows remote attackers to execute arbitrary PHP code via unspecified vectors. | 6.8 |
2015-10-06 | CVE-2014-9751 | NTP Redhat Debian Oracle | Improper Input Validation vulnerability in multiple products The read_network_packet function in ntp_io.c in ntpd in NTP 4.x before 4.2.8p1 on Linux and OS X does not properly determine whether a source IP address is an IPv6 loopback address, which makes it easier for remote attackers to spoof restricted packets, and read or write to the runtime state, by leveraging the ability to reach the ntpd machine's network interface with a packet from the ::1 address. | 6.8 |
2015-10-11 | CVE-2015-5659 | Network Applied Communication Laboratory | SQL Injection vulnerability in Network Applied Communication Laboratory Shimane Prefecture CMS 2.0.0 SQL injection vulnerability in Network Applied Communication Laboratory Pref Shimane CMS 2.x before 2.0.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | 6.5 |
2015-10-11 | CVE-2015-5648 | Loenshotel | SQL Injection vulnerability in Loenshotel PHPrechnung SQL injection vulnerability in list.php in phpRechnung before 1.6.5 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | 6.5 |
2015-10-06 | CVE-2015-5645 | ICZ | Permissions, Privileges, and Access Controls vulnerability in ICZ Matchasns ICZ MATCHA SNS before 1.3.7 allows remote authenticated users to obtain administrative privileges via unspecified vectors. | 6.5 |
2015-10-06 | CVE-2015-5642 | ICZ | SQL Injection vulnerability in ICZ Matchasns Multiple SQL injection vulnerabilities in ICZ MATCHA INVOICE before 2.5.7 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | 6.5 |
2015-10-06 | CVE-2015-5641 | Basercms | SQL Injection vulnerability in Basercms SQL injection vulnerability in baserCMS before 3.0.8 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | 6.5 |
2015-10-06 | CVE-2015-5640 | Basercms | Permissions, Privileges, and Access Controls vulnerability in Basercms baserCMS before 3.0.8 allows remote authenticated users to modify arbitrary user settings via a crafted request. | 6.5 |
2015-10-06 | CVE-2015-4967 | IBM | SQL Injection vulnerability in IBM products SQL injection vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX004, and 7.6.0 before 7.6.0.1 IFIX002; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX004 and 7.6.0 before 7.6.0.1 IFIX002 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | 6.5 |
2015-10-05 | CVE-2015-7707 | Igniterealtime | Permissions, Privileges, and Access Controls vulnerability in Igniterealtime Openfire 3.10.2 Ignite Realtime Openfire 3.10.2 allows remote authenticated users to gain administrator access via the isadmin parameter to user-edit-form.jsp. | 6.5 |
2015-10-06 | CVE-2015-3847 | Permissions, Privileges, and Access Controls vulnerability in Google Android Bluetooth in Android before 5.1.1 LMY48T allows attackers to remove stored SMS messages via a crafted application, aka internal bug 22343270. | 6.4 | |
2015-10-08 | CVE-2015-6311 | Cisco | Resource Management Errors vulnerability in Cisco Wireless LAN Controller 7.0(240.0)/7.3(101.0)/7.4(1.19) Cisco Wireless LAN Controller (WLC) devices with software 7.0(240.0), 7.3(101.0), and 7.4(1.19) allow remote attackers to cause a denial of service (device outage) by sending malformed 802.11i management data to a managed access point, aka Bug ID CSCub65236. | 6.1 |
2015-10-06 | CVE-2015-4964 | IBM | Permissions, Privileges, and Access Controls vulnerability in IBM Urbancode Deploy IBM UrbanCode Deploy 6.0 and 6.0.1.x before 6.0.1.10, 6.1.1.x before 6.1.1.8, and 6.1.2 writes admin AUTH_TOKEN values to execution logs, which allows remote authenticated users to gain privileges by leveraging the ability to create and execute a process. | 6.0 |
2015-10-06 | CVE-2014-9750 | NTP Redhat Debian Oracle | Improper Input Validation vulnerability in NTP ntp_crypto.c in ntpd in NTP 4.x before 4.2.8p1, when Autokey Authentication is enabled, allows remote attackers to obtain sensitive information from process memory or cause a denial of service (daemon crash) via a packet containing an extension field with an invalid value for the length of its value field. | 5.8 |
2015-10-09 | CVE-2015-7761 | Apple | Information Exposure vulnerability in Apple mac OS X Mail in Apple OS X before 10.11 does not properly recognize user preferences, which allows attackers to obtain sensitive information via an unspecified action during the printing of an e-mail message, a different vulnerability than CVE-2015-7760. | 5.0 |
2015-10-09 | CVE-2015-7760 | Apple | Resource Management Errors vulnerability in Apple mac OS X libxpc in launchd in Apple OS X before 10.11 does not restrict the creation of processes for network connections, which allows remote attackers to cause a denial of service (resource consumption) by repeatedly connecting to the SSH port, a different vulnerability than CVE-2015-7761. | 5.0 |
2015-10-09 | CVE-2015-5917 | Netbsd Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Netbsd Tnftpd The glob implementation in tnftpd (formerly lukemftpd), as used in Apple OS X before 10.11, allows remote attackers to cause a denial of service (memory consumption and daemon outage) via a STAT command containing a crafted pattern, as demonstrated by multiple instances of the {..,..,..}/* substring. | 5.0 |
2015-10-09 | CVE-2015-5915 | Apple | Code vulnerability in Apple mac OS X Apple OS X before 10.11 does not ensure that the keychain's lock state is displayed correctly, which has unspecified impact and attack vectors. | 5.0 |
2015-10-09 | CVE-2015-5883 | Apple | Improper Input Validation vulnerability in Apple mac OS X The bidirectional text-display and text-selection implementations in Terminal in Apple OS X before 10.11 interpret directional override formatting characters differently, which allows remote attackers to spoof the content of a text document via a crafted character sequence. | 5.0 |
2015-10-08 | CVE-2015-6310 | Cisco | Resource Management Errors vulnerability in Cisco Unified Communications Manager IM and Presence Service 11.5(1) The REST interface in Cisco Unified Communications Manager IM and Presence Service 11.5(1) allows remote attackers to cause a denial of service (SIP proxy service restart) via a crafted HTTP request, aka Bug ID CSCuw31632. | 5.0 |
2015-10-06 | CVE-2015-7718 | Unspecified vulnerability in Google Android mediaserver in Android 5.x before 5.1.1 LMY48T and 6.0 before 2015-10-01 allows attackers to cause a denial of service (process crash) via unspecified vectors, aka internal bug 22278703, a different vulnerability than CVE-2015-6605. | 5.0 | |
2015-10-06 | CVE-2015-6605 | Unspecified vulnerability in Google Android mediaserver in Android before 5.1.1 LMY48T allows attackers to cause a denial of service (process crash) via unspecified vectors, aka internal bugs 20915134 and 23142203, a different vulnerability than CVE-2015-7718. | 5.0 | |
2015-10-06 | CVE-2015-3862 | Unspecified vulnerability in Google Android mediaserver in Android before 5.1.1 LMY48T allows attackers to cause a denial of service (process crash) via unspecified vectors, aka internal bug 22954006. | 5.0 | |
2015-10-06 | CVE-2015-5650 | Ajaxplorer | Path Traversal vulnerability in Ajaxplorer 2.0 Directory traversal vulnerability in AjaXplorer 2.0 allows remote attackers to read arbitrary files via unspecified vectors. | 5.0 |
2015-10-06 | CVE-2015-0987 | Omron | Information Exposure vulnerability in Omron Cj2H Plc, Cj2M PLC and Cx-Programmer Omron CX-One CX-Programmer before 9.6, CJ2M PLC devices before 2.1, and CJ2H PLC devices before 1.5 rely on cleartext password transmission, which allows remote attackers to obtain sensitive information by sniffing the network during a PLC unlock request. | 5.0 |
2015-10-05 | CVE-2015-7322 | Juniper | Information Exposure vulnerability in Juniper Pulse Connect Secure The Secure Meeting (Pulse Collaboration) in Pulse Connect Secure (formerly Juniper Junos Pulse) before 7.1R22.1, 7.4, 8.0 before 8.0R11, and 8.1 before 8.1R3 provides different messages for attempts to join a meeting depending on the status of the meeting, which allows remote attackers to enumerate valid meeting ids via a series of requests. | 5.0 |
2015-10-09 | CVE-2015-5902 | Apple | Multiple Security vulnerability in Apple Mac OS X Prior to 10.11 The debugging feature in the kernel in Apple OS X before 10.11 mismanages state, which allows local users to cause a denial of service via unspecified vectors. | 4.9 |
2015-10-09 | CVE-2015-5914 | Apple | Code vulnerability in Apple mac OS X The EFI component in Apple OS X before 10.11 allows physically proximate attackers to modify firmware during the EFI update process by inserting an Apple Ethernet Thunderbolt adapter with crafted code in an Option ROM, aka a "Thunderstrike" issue. | 4.7 |
2015-10-09 | CVE-2015-5897 | Apple | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X The Address Book framework in Apple OS X before 10.11 allows local users to gain privileges by using an environment variable to inject code into processes that rely on this framework. | 4.6 |
2015-10-11 | CVE-2015-5654 | Dojotoolkit | Cross-site Scripting vulnerability in Dojotoolkit Dojo Cross-site scripting (XSS) vulnerability in Dojo Toolkit before 1.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2015-10-09 | CVE-2015-5235 | Fedoraproject Redhat Opensuse | Improper Input Validation vulnerability in multiple products IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly determine the origin of unsigned applets, which allows remote attackers to bypass the approval process or trick users into approving applet execution via a crafted web page. | 4.3 |
2015-10-09 | CVE-2015-5894 | Apple | Code vulnerability in Apple mac OS X The X.509 certificate-trust implementation in Apple OS X before 10.11 does not recognize that the kSecRevocationRequirePositiveResponse flag implies a revocation-checking requirement, which makes it easier for man-in-the-middle attackers to spoof endpoints by leveraging access to a revoked certificate. | 4.3 |
2015-10-09 | CVE-2015-5865 | Apple | Information Exposure vulnerability in Apple mac OS X IOGraphics in Apple OS X before 10.11 allows attackers to obtain sensitive kernel memory-layout information via a crafted app. | 4.3 |
2015-10-09 | CVE-2015-5836 | Apple | Information Exposure vulnerability in Apple mac OS X Apple Online Store Kit in Apple OS X before 10.11 improperly validates iCloud keychain item ACLs, which allows attackers to obtain access to keychain items via a crafted app. | 4.3 |
2015-10-09 | CVE-2015-5828 | Opensuse Apple | Improper Input Validation vulnerability in multiple products The API in the WebKit Plug-ins component in Apple Safari before 9 does not provide notification of an HTTP Redirection (aka 3xx) status code to a plugin, which allows remote attackers to bypass intended request restrictions via a crafted web site. | 4.3 |
2015-10-06 | CVE-2015-3878 | Permissions, Privileges, and Access Controls vulnerability in Google Android 5.0/5.1 Media Projection in Android 5.x before 5.1.1 LMY48T and 6.0 before 2015-10-01 allows attackers to bypass an intended screen-recording warning feature and obtain sensitive screen-snapshot information via a crafted application that references a long application name, aka internal bug 23345192. | 4.3 | |
2015-10-06 | CVE-2015-7314 | Gollum Project | Information Exposure vulnerability in Gollum Project Gollum 4.0 The Precious module in gollum before 4.0.1 allows remote attackers to read arbitrary files by leveraging the lack of a certain temporary-file check. | 4.3 |
2015-10-06 | CVE-2015-5022 | IBM | Information Exposure vulnerability in IBM B2B Advanced Communications 1.0.0.1/1.0.0.2/1.0.0.3 IBM Multi-Enterprise Integration Gateway 1.x through 1.0.0.1 and B2B Advanced Communications 1.0.0.2 and 1.0.0.3 before 1.0.0.3_2, when access by guests is enabled, place an internal hostname and a payload path in a response, which allows remote authenticated users to obtain sensitive information by leveraging a trading-partner relationship and reading response fields. | 4.3 |
2015-10-06 | CVE-2015-4973 | IBM | Cross-site Scripting vulnerability in IBM B2B Advanced Communications 1.0.0.1/1.0.0.2/1.0.0.3 Cross-site scripting (XSS) vulnerability in IBM Multi-Enterprise Integration Gateway 1.x through 1.0.0.1 and B2B Advanced Communications 1.0.0.2 and 1.0.0.3 before 1.0.0.3_2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | 4.3 |
2015-10-06 | CVE-2015-4939 | IBM | Cross-site Scripting vulnerability in IBM products Cross-site scripting (XSS) vulnerability in IBM Emptoris Supplier Lifecycle Management and Emptoris Program Management 10.x before 10.0.1.4_iFix3, 10.0.2.x before 10.0.2.7_iFix1, 10.0.3.x before 10.0.3.2, and 10.0.4.x before 10.0.4.0_iFix1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | 4.3 |
2015-10-05 | CVE-2015-7708 | 4Homepages | Cross-site Scripting vulnerability in 4Homepages 4Images Cross-site scripting (XSS) vulnerability in 4images 1.7.11 and earlier allows remote attackers to inject arbitrary web script or HTML via the cat_description parameter in an updatecat action to admin/categories.php. | 4.3 |
2015-10-11 | CVE-2015-4929 | IBM | Information Exposure vulnerability in IBM License Metric Tool IBM License Metric Tool 9 before 9.2.1.0 and Endpoint Manager for Software Use Analysis 9 before 9.2.1.0 allow remote authenticated users to bypass intended access restrictions and obtain sensitive information via a REST API request. | 4.0 |
2015-10-06 | CVE-2015-5024 | IBM | Information Exposure vulnerability in IBM Emptoris Sourcing IBM Emptoris Sourcing 10.0.2.0 before iFix6, 10.0.2.2 before iFix11, 10.0.2.3, 10.0.2.5 before iFix4, 10.0.2.6 before iFix8, 10.0.2.7 before iFix1, and 10.0.4.x before iFix2 allows remote authenticated users to obtain sensitive supplier-bid information via unspecified vectors. | 4.0 |
2015-10-06 | CVE-2015-4965 | IBM | Information Exposure vulnerability in IBM products maximouiweb/webmodule/webclient/utility/merlin.jsp in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX004, and 7.6.0 before 7.6.0.1 IFIX002; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX004 and 7.6.0 before 7.6.0.1 IFIX002 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allows remote authenticated users to obtain sensitive information by reading a (1) backup or (2) debug application file. | 4.0 |
2015-10-05 | CVE-2015-7685 | Glpi Project | Permissions, Privileges, and Access Controls vulnerability in Glpi-Project Glpi GLPI before 0.85.3 allows remote authenticated users to create super-admin accounts by leveraging permissions to create a user and the _profiles_id parameter to front/user.form.php. | 4.0 |
18 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2015-10-06 | CVE-2015-6549 | Symantec | Cross-site Scripting vulnerability in Symantec Netbackup Opscenter Cross-site scripting (XSS) vulnerability in an application console in the server in Symantec NetBackup OpsCenter before 7.7.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 3.5 |
2015-10-06 | CVE-2015-4992 | IBM | Improper Input Validation vulnerability in IBM Sterling B2B Integrator 5.2 IBM Sterling B2B Integrator 5.2 before 5020500_8 allows remote authenticated users to conduct clickjacking attacks via unspecified vectors. | 3.5 |
2015-10-06 | CVE-2015-4971 | IBM | Cross-site Scripting vulnerability in IBM Emptoris and Emptoris Program Management Cross-site scripting (XSS) vulnerability in IBM Emptoris Strategic Supply Management Platform and Emptoris Program Management 10.x before 10.0.1.4_iFix3, 10.0.2.x before 10.0.2.7_iFix1, 10.0.3.x before 10.0.3.2, and 10.0.4.x before 10.0.4.0_iFix1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | 3.5 |
2015-10-06 | CVE-2015-4944 | IBM | Cross-site Scripting vulnerability in IBM products Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX003, and 7.6.0 before 7.6.0.1 IFIX001; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX003 and 7.6.0 before 7.6.0.1 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | 3.5 |
2015-10-05 | CVE-2015-7323 | Juniper | Permissions, Privileges, and Access Controls vulnerability in Juniper Pulse Connect Secure The Secure Meeting (Pulse Collaboration) in Pulse Connect Secure (formerly Juniper Junos Pulse) before 7.1R22.1, 7.4, 8.0 before 8.0R11, and 8.1 before 8.1R3 allows remote authenticated users to bypass intended access restrictions and log into arbitrary meetings by leveraging a meeting id and meetingAppSun.jar. | 3.5 |
2015-10-09 | CVE-2015-5884 | Apple | Information Exposure vulnerability in Apple mac OS X The Mail Drop feature in Mail in Apple OS X before 10.11 mishandles encryption parameters for attachments, which makes it easier for remote attackers to obtain sensitive information by sniffing the network during transmission of an S/MIME e-mail message with a large attachment. | 3.3 |
2015-10-09 | CVE-2015-5853 | Apple | Information Exposure vulnerability in Apple mac OS X AirScan in Apple OS X before 10.11 allows man-in-the-middle attackers to obtain eSCL packet payload data via unspecified vectors. | 3.3 |
2015-10-09 | CVE-2015-5923 | Apple | Information Exposure vulnerability in Apple Iphone OS Apple iOS before 9.0.2 does not properly restrict the options available on the lock screen, which allows physically proximate attackers to read contact data or view photos via unspecified vectors. | 2.1 |
2015-10-09 | CVE-2015-5901 | Apple | Information Exposure vulnerability in Apple mac OS X The Secure Empty Trash feature in Finder in Apple OS X before 10.11 improperly deletes Trash files, which might allow local users to obtain sensitive information by reading storage media, as demonstrated by reading a flash drive. | 2.1 |
2015-10-09 | CVE-2015-5893 | Apple | Information Exposure vulnerability in Apple mac OS X SMBClient in SMB in Apple OS X before 10.11 allows local users to obtain sensitive kernel memory-layout information via unspecified vectors. | 2.1 |
2015-10-09 | CVE-2015-5878 | Apple | Information Exposure vulnerability in Apple mac OS X Notes in Apple OS X before 10.11 misparses links, which allows local users to obtain sensitive information via unspecified vectors. | 2.1 |
2015-10-09 | CVE-2015-5875 | Apple | Cross-site Scripting vulnerability in Apple mac OS X Cross-site scripting (XSS) vulnerability in Notes in Apple OS X before 10.11 allows local users to inject arbitrary web script or HTML via crafted text. | 2.1 |
2015-10-09 | CVE-2015-5870 | Apple | Information Exposure vulnerability in Apple mac OS X The debugging interfaces in the kernel in Apple OS X before 10.11 allow local users to obtain sensitive memory-layout information via unspecified vectors. | 2.1 |
2015-10-09 | CVE-2015-5864 | Apple | Information Exposure vulnerability in Apple mac OS X IOAudioFamily in Apple OS X before 10.11 allows local users to obtain sensitive kernel memory-layout information via unspecified vectors. | 2.1 |
2015-10-09 | CVE-2015-5854 | Apple | Information Exposure vulnerability in Apple mac OS X The backup implementation in Time Machine in Apple OS X before 10.11 allows local users to obtain access to keychain items via unspecified vectors. | 2.1 |
2015-10-06 | CVE-2015-1015 | Omron | Information Exposure vulnerability in Omron Cj2H Plc, Cj2M PLC and Cx-Programmer Omron CX-One CX-Programmer before 9.6, CJ2M PLC devices before 2.1, and CJ2H PLC devices before 1.5 use a reversible format for password storage in object files on Compact Flash cards, which makes it easier for local users to obtain sensitive information by reading a file. | 2.1 |
2015-10-06 | CVE-2015-0988 | Omron | Information Exposure vulnerability in Omron Cx-Programmer Omron CX-One CX-Programmer before 9.6 uses a reversible format for password storage in project source-code files, which makes it easier for local users to obtain sensitive information by reading a file. | 2.1 |
2015-10-09 | CVE-2015-3785 | Apple | Multiple Security vulnerability in Apple Mac OS X Prior to 10.11 The Telephony component in Apple OS X before 10.11, when the Continuity feature is enabled, allows local users to bypass intended telephone-call restrictions via unspecified vectors. | 1.9 |