Weekly Vulnerabilities Reports > October 19 to 25, 2015

Overview

226 new vulnerabilities reported during this period, including 27 critical vulnerabilities and 23 high severity vulnerabilities. This weekly summary report vulnerabilities in 66 products from 21 vendors including Oracle, Apple, Redhat, Canonical, and Debian. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Permissions, Privileges, and Access Controls", "Improper Input Validation", "Code", and "Resource Management Errors".

  • 188 reported vulnerabilities are remotely exploitables.
  • 4 reported vulnerabilities have public exploit available.
  • 10 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 168 reported vulnerabilities are exploitable by an anonymous user.
  • Oracle has the most reported vulnerabilities, with 124 reported vulnerabilities.
  • Oracle has the most reported critical vulnerabilities, with 16 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

27 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2015-10-25 CVE-2015-1001 Ininet Solutions Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Ininet Solutions Scada web Server

Multiple stack-based buffer overflows in IniNet embeddedWebServer (aka eWebServer) before 2.02 allow remote attackers to execute arbitrary code via a long field in an HTTP request.

10.0
2015-10-23 CVE-2015-6988 Apple Multiple Security vulnerability in Apple Iphone OS and mac OS X

The kernel in Apple iOS before 9.1 and OS X before 10.11.1 does not initialize an unspecified data structure, which allows remote attackers to execute arbitrary code via vectors involving an unknown network-connectivity requirement.

10.0
2015-10-22 CVE-2015-4915 Oracle Remote Security vulnerability in Oracle and SUN Systems Product Suite 3.0/3.1/3.2

Unspecified vulnerability in the Integrated Lights Out Manager (ILOM) component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to System Management.

10.0
2015-10-21 CVE-2015-4883 Oracle Unspecified vulnerability in Oracle JDK and JRE

Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI, a different vulnerability than CVE-2015-4860.

10.0
2015-10-21 CVE-2015-4881 Oracle Unspecified vulnerability in Oracle JDK and JRE

Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA, a different vulnerability than CVE-2015-4835.

10.0
2015-10-21 CVE-2015-4863 Oracle Remote Security vulnerability in Oracle Database Server 11.2.0.4/12.1.0.1/12.1.0.2

Unspecified vulnerability in the Portable Clusterware component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.

10.0
2015-10-21 CVE-2015-4860 Oracle Unspecified vulnerability in Oracle JDK and JRE

Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI, a different vulnerability than CVE-2015-4883.

10.0
2015-10-21 CVE-2015-4844 Oracle Unspecified vulnerability in Oracle JDK and JRE

Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.

10.0
2015-10-21 CVE-2015-4843 Oracle Unspecified vulnerability in Oracle JDK and JRE

Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.

10.0
2015-10-21 CVE-2015-4839 Oracle Remote Security vulnerability in Oracle E-Business Suite 11.5.10.2

Unspecified vulnerability in the Oracle Applications Technology Stack component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to DB Listener, a different vulnerability than CVE-2015-4798.

10.0
2015-10-21 CVE-2015-4835 Oracle Unspecified vulnerability in Oracle JDK and JRE

Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA, a different vulnerability than CVE-2015-4881.

10.0
2015-10-21 CVE-2015-4805 Oracle Unspecified vulnerability in Oracle JDK and JRE

Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Serialization.

10.0
2015-10-21 CVE-2015-4798 Oracle Remote Security vulnerability in Oracle E-Business Suite 11.5.10.2

Unspecified vulnerability in the Oracle Applications Technology Stack component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to DB Listener, a different vulnerability than CVE-2015-4839.

10.0
2015-10-21 CVE-2015-2608 Oracle Remote Security vulnerability in Multiple Oracle Communications Products

Unspecified vulnerability in (1) the Oracle Communications Diameter Signaling Router (DSR) component in Oracle Communications Applications 4.1.6 and earlier, 5.1.0 and earlier, 6.0.2 and earlier, and 7.1.0 and earlier; (2) the Oracle Communications Performance Intelligence Center Software component in Oracle Communications Applications 9.0.3 and earlier and 10.1.5 and earlier; (3) the Oracle Communications Policy Management component in Oracle Communications Applications 9.9.0 and earlier, 10.5.0 and earlier, 11.5.0 and earlier, and 12.1.0 and earlier; and (4) the Oracle Communications Tekelec HLR Router component in Oracle Communications Applications 4.0.0 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to PMAC.

10.0
2015-10-21 CVE-2015-4716 Owncloud
Microsoft
Path Traversal vulnerability in multiple products

Directory traversal vulnerability in the routing component in ownCloud Server before 7.0.6 and 8.0.x before 8.0.4, when running on Windows, allows remote attackers to reinstall the application or execute arbitrary code via unspecified vectors.

10.0
2015-10-19 CVE-2015-7861 Accelerite Permissions, Privileges, and Access Controls vulnerability in Accelerite Radia Client Automation

Persistent Accelerite Radia Client Automation (formerly HP Client Automation), possibly before 9.1, allows remote attackers to execute arbitrary code by sending unspecified commands in an environment that lacks relationship-based firewalling.

10.0
2015-10-19 CVE-2015-7860 Accelerite Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Accelerite Radia Client Automation

Stack-based buffer overflow in the agent in Persistent Accelerite Radia Client Automation (formerly HP Client Automation), possibly before 9.1, allows remote attackers to execute arbitrary code by sending a large amount of data in an environment that lacks relationship-based firewalling.

10.0
2015-10-23 CVE-2015-6974 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, mac OS X and Watchos

IOHIDFamily in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

9.3
2015-10-23 CVE-2015-6986 Apple Multiple Security vulnerability in Apple iOS APPLE-SA-2015-10-21-1

com.apple.driver.AppleVXD393 in the Graphics Driver subsystem in Apple iOS before 9.1 allows attackers to execute arbitrary code via a crafted app that leverages an unspecified "type confusion." <a href="http://cwe.mitre.org/data/definitions/843.html">CWE-843: Access of Resource Using Incompatible Type ('Type Confusion')</a>

9.3
2015-10-23 CVE-2015-6979 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS and Watchos

GasGauge in Apple iOS before 9.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

9.3
2015-10-22 CVE-2015-4901 Oracle Unspecified vulnerability in Oracle JDK and JRE

Unspecified vulnerability in Oracle Java SE 8u60 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to JavaFX.

9.3
2015-10-21 CVE-2015-4821 Oracle Remote Security vulnerability in Oracle and SUN Systems Product Suite 3.0/3.1/3.2

Unspecified vulnerability in the Integrated Lights Out Manager (ILOM) component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Web.

9.3
2015-10-25 CVE-2015-6335 Cisco Permissions, Privileges, and Access Controls vulnerability in Cisco Firesight System Software 5.3.1.7/5.4.0.4/6.0.0

The policy implementation in Cisco FireSIGHT Management Center 5.3.1.7, 5.4.0.4, and 6.0.0 for VMware allows remote authenticated administrators to bypass intended policy restrictions and execute Linux commands as root via unspecified vectors, aka Bug ID CSCuw12839.

9.0
2015-10-21 CVE-2015-4796 Oracle
Microsoft
Remote Security vulnerability in Oracle Database Server

Unspecified vulnerability in the Java VM component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2, when running on Windows, allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2015-4888.

9.0
2015-10-21 CVE-2015-4794 Oracle Remote Security vulnerability in Oracle Database Server 11.2.0.4/12.1.0.1/12.1.0.2

Unspecified vulnerability in the Java VM component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.

9.0
2015-10-21 CVE-2015-7698 Owncloud OS Command Injection vulnerability in Owncloud and SMB

icewind1991 SMB before 1.0.3 allows remote authenticated users to execute arbitrary SMB commands via shell metacharacters in the user argument in the (1) listShares function in Server.php or the (2) connect or (3) read function in Share.php.

9.0
2015-10-21 CVE-2015-4718 Owncloud OS Command Injection vulnerability in Owncloud

The external SMB storage driver in ownCloud Server before 6.0.8, 7.0.x before 7.0.6, and 8.0.x before 8.0.4 allows remote authenticated users to execute arbitrary SMB commands via a ; (semicolon) character in a file.

9.0

23 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2015-10-23 CVE-2015-6984 Apple Improper Access Control vulnerability in Apple mac OS X

libarchive in Apple OS X before 10.11.1 allows attackers to write to arbitrary files via a crafted app that conducts an unspecified symlink attack.

8.8
2015-10-23 CVE-2015-6983 Apple Multiple Security vulnerability in Apple Iphone OS and mac OS X

Double free vulnerability in Apple iOS before 9.1 and OS X before 10.11.1 allows attackers to write to arbitrary files via a crafted app that accesses AtomicBufferedFile descriptors.

8.8
2015-10-21 CVE-2015-4717 Owncloud Resource Management Errors vulnerability in Owncloud

The filename sanitization component in ownCloud Server before 6.0.8, 7.0.x before 7.0.6, and 8.0.x before 8.0.4 does not properly handle $_GET parameters cast by PHP to an array, which allows remote attackers to cause a denial of service (infinite loop and log file consumption) via crafted endpoint file names.

7.8
2015-10-19 CVE-2015-7752 Juniper Resource Management Errors vulnerability in Juniper Junos

The SSH server in Juniper Junos OS before 12.1X44-D50, 12.1X46 before 12.1X46-D35, 12.1X47 before 12.1X47-D25, 12.3 before 12.3R10, 12.3X48 before 12.3X48-D10, 13.2 before 13.2R8, 13.2X51 before 13.2X51-D35, 13.3 before 13.3R6, 14.1 before 14.1R5, 14.1X53 before 14.1X53-D25, 14.2 before 14.2R3, 15.1 before 15.1R1, and 15.1X49 before 15.1X49-D20 allows remote attackers to cause a denial of service (CPU consumption) via unspecified SSH traffic.

7.8
2015-10-19 CVE-2015-7749 Juniper Improper Input Validation vulnerability in Juniper Junos

The PFE daemon in Juniper vSRX virtual firewalls with Junos OS before 15.1X49-D20 allows remote attackers to cause a denial of service via an unspecified connection request to the "host-OS."

7.8
2015-10-23 CVE-2015-7016 Apple Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X

The MCX Application Restrictions component in Apple OS X before 10.11.1, when Managed Configuration is enabled, mishandles provisioning profiles, which allows attackers to bypass intended entitlement restrictions and gain privileges via a crafted developer-signed app.

7.6
2015-10-21 CVE-2015-4868 Oracle Unspecified vulnerability in Oracle JDK and JRE

Unspecified vulnerability in Oracle Java SE 8u60 and Java SE Embedded 8u51 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.

7.6
2015-10-23 CVE-2015-7007 Apple Unspecified vulnerability in Apple mac OS X

Script Editor in Apple OS X before 10.11.1 allows remote attackers to bypass an intended user-confirmation requirement for AppleScript execution via unspecified vectors.

7.5
2015-10-23 CVE-2015-7035 Apple Code vulnerability in Apple mac OS X

Apple Mac EFI before 2015-002, as used in OS X before 10.11.1 and other products, mishandles arguments, which allows attackers to reach "unused" functions via unspecified vectors.

7.5
2015-10-23 CVE-2015-7030 Apple Code vulnerability in Apple Xcode

The Swift implementation in Apple Xcode before 7.1 mishandles type conversion, which has unspecified impact and attack vectors.

7.5
2015-10-23 CVE-2015-7017 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, Itunes and mac OS X

CoreText in Apple iOS before 9.1, OS X before 10.11.1, and iTunes before 12.3.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6975 and CVE-2015-6992.

7.5
2015-10-23 CVE-2015-6992 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, Itunes and mac OS X

CoreText in Apple iOS before 9.1, OS X before 10.11.1, and iTunes before 12.3.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6975 and CVE-2015-7017.

7.5
2015-10-23 CVE-2015-6975 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, Itunes and mac OS X

CoreText in Apple iOS before 9.1, OS X before 10.11.1, and iTunes before 12.3.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6992 and CVE-2015-7017.

7.5
2015-10-21 CVE-2015-4795 Oracle Remote Security vulnerability in Oracle Industry Applications 1.9.1.1.2

Unspecified vulnerability in the Oracle Utilities Work and Asset Management component in Oracle Industry Applications 1.9.1.1.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Add-On Applications.

7.5
2015-10-21 CVE-2015-7299 Nintex SQL Injection vulnerability in Nintex K2 Blackpearl, K2 for Sharepoint and K2 Smartforms

SQL injection vulnerability in Runtime/Runtime/AjaxCall.ashx in K2 blackpearl, smartforms, and K2 for SharePoint 4.6.7 allows remote attackers to execute arbitrary SQL commands via the xml parameter.

7.5
2015-10-21 CVE-2015-7876 Drupal 7 Driver FOR SQL Server AND SQL Azure Project SQL Injection vulnerability in Drupal 7 Driver FOR SQL Server and SQL Azure Project Drupal 7 Driver FOR SQL Server and SQL Azure

The escapeLike function in sqlsrv/database.inc in the Drupal 7 driver for SQL Server and SQL Azure 7.x-1.x before 7.x-1.4 does not properly escape certain characters, which allows remote attackers to execute arbitrary SQL commands via vectors involving a module using the db_like function.

7.5
2015-10-23 CVE-2015-7021 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X

The Graphics Drivers subsystem in Apple OS X before 10.11.1 allows local users to gain privileges or cause a denial of service (kernel memory corruption) via unspecified vectors.

7.2
2015-10-23 CVE-2015-5945 Apple Improper Input Validation vulnerability in Apple mac OS X

The Sandbox subsystem in Apple OS X before 10.11.1 allows local users to gain privileges via vectors involving NVRAM parameters.

7.2
2015-10-23 CVE-2015-5932 Apple Unspecified vulnerability in Apple mac OS X

The kernel in Apple OS X before 10.11.1 allows local users to gain privileges by leveraging an unspecified "type confusion" during Mach task processing.

7.2
2015-10-21 CVE-2015-4873 Oracle Local Security vulnerability in Oracle Database Server 11.2.0.4/12.1.0.1/12.1.0.2

Unspecified vulnerability in the Database Scheduler component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows local users to affect confidentiality, integrity, and availability via unknown vectors.

7.2
2015-10-21 CVE-2015-4819 Oracle
Redhat
Mariadb
Debian
Fedoraproject
Canonical
Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier, and 5.6.25 and earlier, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Client programs.
7.2
2015-10-23 CVE-2015-6994 Apple Resource Management Errors vulnerability in Apple Iphone OS and mac OS X

The kernel in Apple iOS before 9.1 and OS X before 10.11.1 mishandles reuse of virtual memory, which allows attackers to cause a denial of service via a crafted app.

7.1
2015-10-23 CVE-2015-7004 Apple Improper Input Validation vulnerability in Apple Iphone OS

The kernel in Apple iOS before 9.1 allows attackers to cause a denial of service via a crafted app.

7.1

142 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2015-10-21 CVE-2015-4810 Oracle Unspecified vulnerability in Oracle JDK and JRE

Unspecified vulnerability in Oracle Java SE 7u85 and 8u60 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.

6.9
2015-10-19 CVE-2015-7751 Juniper Permissions, Privileges, and Access Controls vulnerability in Juniper Junos

Juniper Junos OS before 12.1X44-D50, 12.1X46 before 12.1X46-D35, 12.1X47 before 12.1X47-D25, 12.3 before 12.3R9, 12.3X48 before 12.3X48-D15, 13.2 before 13.2R7, 13.2X51 before 13.2X51-D35, 13.3 before 13.3R6, 14.1 before 14.1R5, 14.1X50 before 14.1X50-D105, 14.1X51 before 14.1X51-D70, 14.1X53 before 14.1X53-D25, 14.1X55 before 14.1X55-D20, 14.2 before 14.2R1, 15.1 before 15.1F2 or 15.1R1, and 15.1X49 before 15.1X49-D10 does not require a password for the root user when pam.conf is "corrupted," which allows local users to gain root privileges by modifying the file.

6.9
2015-10-23 CVE-2015-7018 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS and mac OS X

FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6976, CVE-2015-6977, CVE-2015-6978, CVE-2015-6990, CVE-2015-6991, CVE-2015-6993, CVE-2015-7008, CVE-2015-7009, and CVE-2015-7010.

6.8
2015-10-23 CVE-2015-7015 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, mac OS X and Watchos

Heap-based buffer overflow in the DNS client library in configd in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows attackers to execute arbitrary code via a crafted app that sends a spoofed configd response to a client.

6.8
2015-10-23 CVE-2015-7014 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, Itunes and Safari

WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-1, APPLE-SA-2015-10-21-3, and APPLE-SA-2015-10-21-5.

6.8
2015-10-23 CVE-2015-7013 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, Itunes and mac OS X

WebKit, as used in Apple Safari before 9.0.1 and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-3 and APPLE-SA-2015-10-21-5.

6.8
2015-10-23 CVE-2015-7012 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, Itunes and Safari

WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-1, APPLE-SA-2015-10-21-3, and APPLE-SA-2015-10-21-5.

6.8
2015-10-23 CVE-2015-7011 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Itunes and Safari

WebKit, as used in Apple Safari before 9.0.1 and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-3 and APPLE-SA-2015-10-21-5.

6.8
2015-10-23 CVE-2015-7010 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS and mac OS X

FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6976, CVE-2015-6977, CVE-2015-6978, CVE-2015-6990, CVE-2015-6991, CVE-2015-6993, CVE-2015-7008, CVE-2015-7009, and CVE-2015-7018.

6.8
2015-10-23 CVE-2015-7009 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS and mac OS X

FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6976, CVE-2015-6977, CVE-2015-6978, CVE-2015-6990, CVE-2015-6991, CVE-2015-6993, CVE-2015-7008, CVE-2015-7010, and CVE-2015-7018.

6.8
2015-10-23 CVE-2015-7008 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS and mac OS X

FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6976, CVE-2015-6977, CVE-2015-6978, CVE-2015-6990, CVE-2015-6991, CVE-2015-6993, CVE-2015-7009, CVE-2015-7010, and CVE-2015-7018.

6.8
2015-10-23 CVE-2015-7006 Apple Path Traversal vulnerability in Apple Iphone OS, mac OS X and Watchos

Directory traversal vulnerability in the BOM (aka Bill of Materials) component in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows remote attackers to execute arbitrary code via a crafted CPIO archive.

6.8
2015-10-23 CVE-2015-7003 Apple Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X

coreaudiod in Audio in Apple OS X before 10.11.1 does not initialize an unspecified data structure, which allows attackers to execute arbitrary code via a crafted app.

6.8
2015-10-23 CVE-2015-7002 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, Itunes and Safari

WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-1, APPLE-SA-2015-10-21-3, and APPLE-SA-2015-10-21-5.

6.8
2015-10-23 CVE-2015-6996 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, mac OS X and Watchos

IOAcceleratorFamily in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted app.

6.8
2015-10-23 CVE-2015-6995 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS and mac OS X

The Disk Images component in Apple iOS before 9.1 and OS X before 10.11.1 misparses images, which allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted app.

6.8
2015-10-23 CVE-2015-6993 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS and mac OS X

FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6976, CVE-2015-6977, CVE-2015-6978, CVE-2015-6990, CVE-2015-6991, CVE-2015-7008, CVE-2015-7009, CVE-2015-7010, and CVE-2015-7018.

6.8
2015-10-23 CVE-2015-6991 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS and mac OS X

FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6976, CVE-2015-6977, CVE-2015-6978, CVE-2015-6990, CVE-2015-6993, CVE-2015-7008, CVE-2015-7009, CVE-2015-7010, and CVE-2015-7018.

6.8
2015-10-23 CVE-2015-6990 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS and mac OS X

FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6976, CVE-2015-6977, CVE-2015-6978, CVE-2015-6991, CVE-2015-6993, CVE-2015-7008, CVE-2015-7009, CVE-2015-7010, and CVE-2015-7018.

6.8
2015-10-23 CVE-2015-6989 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, mac OS X and Watchos

Grand Central Dispatch in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted package that is mishandled during dispatch calls.

6.8
2015-10-23 CVE-2015-6985 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X

Apple Type Services (ATS) in Apple OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web page.

6.8
2015-10-23 CVE-2015-6978 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, mac OS X and Watchos

FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6976, CVE-2015-6977, CVE-2015-6990, CVE-2015-6991, CVE-2015-6993, CVE-2015-7008, CVE-2015-7009, CVE-2015-7010, and CVE-2015-7018.

6.8
2015-10-23 CVE-2015-6977 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS and mac OS X

FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6976, CVE-2015-6978, CVE-2015-6990, CVE-2015-6991, CVE-2015-6993, CVE-2015-7008, CVE-2015-7009, CVE-2015-7010, and CVE-2015-7018.

6.8
2015-10-23 CVE-2015-6976 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS and mac OS X

FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6977, CVE-2015-6978, CVE-2015-6990, CVE-2015-6991, CVE-2015-6993, CVE-2015-7008, CVE-2015-7009, CVE-2015-7010, and CVE-2015-7018.

6.8
2015-10-23 CVE-2015-5944 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X

CoreText in Apple OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file.

6.8
2015-10-23 CVE-2015-5942 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, mac OS X and Watchos

FontParser in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-5927.

6.8
2015-10-23 CVE-2015-5940 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS and mac OS X

The Accelerate Framework component in Apple iOS before 9.1 and OS X before 10.11.1, when multi-threading is enabled, omits certain validation and locking steps, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.

6.8
2015-10-23 CVE-2015-5939 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, mac OS X and Watchos

ImageIO in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted metadata in an image, a different vulnerability than CVE-2015-5935, CVE-2015-5936, and CVE-2015-5937.

6.8
2015-10-23 CVE-2015-5938 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X

ImageIO in Apple OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted metadata in an image.

6.8
2015-10-23 CVE-2015-5937 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, mac OS X and Watchos

ImageIO in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted metadata in an image, a different vulnerability than CVE-2015-5935, CVE-2015-5936, and CVE-2015-5939.

6.8
2015-10-23 CVE-2015-5936 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, mac OS X and Watchos

ImageIO in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted metadata in an image, a different vulnerability than CVE-2015-5935, CVE-2015-5937, and CVE-2015-5939.

6.8
2015-10-23 CVE-2015-5935 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, mac OS X and Watchos

ImageIO in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted metadata in an image, a different vulnerability than CVE-2015-5936, CVE-2015-5937, and CVE-2015-5939.

6.8
2015-10-23 CVE-2015-5934 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X

Audio in Apple OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted audio file, a different vulnerability than CVE-2015-5933.

6.8
2015-10-23 CVE-2015-5933 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X

Audio in Apple OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted audio file, a different vulnerability than CVE-2015-5934.

6.8
2015-10-23 CVE-2015-5931 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Itunes and Safari

WebKit, as used in Apple Safari before 9.0.1 and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-3 and APPLE-SA-2015-10-21-5.

6.8
2015-10-23 CVE-2015-5930 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, Itunes and Safari

WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-1, APPLE-SA-2015-10-21-3, and APPLE-SA-2015-10-21-5.

6.8
2015-10-23 CVE-2015-5929 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, Itunes and Safari

WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-1, APPLE-SA-2015-10-21-3, and APPLE-SA-2015-10-21-5.

6.8
2015-10-23 CVE-2015-5928 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, Itunes and Safari

WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-1, APPLE-SA-2015-10-21-3, and APPLE-SA-2015-10-21-5.

6.8
2015-10-23 CVE-2015-5927 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, mac OS X and Watchos

FontParser in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-5942.

6.8
2015-10-23 CVE-2015-5926 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, mac OS X and Watchos

The CoreGraphics component in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2015-5925.

6.8
2015-10-23 CVE-2015-5925 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, mac OS X and Watchos

The CoreGraphics component in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2015-5926.

6.8
2015-10-23 CVE-2015-5924 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS and mac OS X

The OpenGL implementation in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.

6.8
2015-10-23 CVE-2015-7005 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS

WebKit, as used in Apple iOS before 9.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-1.

6.8
2015-10-23 CVE-2015-6982 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS

WebKit, as used in Apple iOS before 9.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-1.

6.8
2015-10-23 CVE-2015-6981 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS

WebKit, as used in Apple iOS before 9.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-1.

6.8
2015-10-21 CVE-2015-4851 Oracle XML External Entity Injection vulnerability in Oracle E-Business Suite

Unspecified vulnerability in the Oracle iSupplier Portal component in Oracle E-Business Suite 12.0.6, 12.1.3, 12.2.3, and 12.2.4 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to XML input.

6.8
2015-10-21 CVE-2015-4849 Oracle XML External Entity Injection vulnerability in Oracle E-Business Suite

Unspecified vulnerability in the Oracle Payments component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3, 12.2.3, and 12.2.4 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Punch-in.

6.8
2015-10-21 CVE-2015-4837 Oracle Local Security vulnerability in Oracle Solaris 11.2

Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Utility/Security.

6.6
2015-10-21 CVE-2015-4900 Oracle Remote Security vulnerability in Oracle Database Server 11.2.0.4/12.1.0.1/12.1.0.2

Unspecified vulnerability in the XDB - XML Database component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.

6.5
2015-10-21 CVE-2015-4888 Oracle Remote Security vulnerability in Oracle Database Server 11.2.0.4/12.1.0.1/12.1.0.2

Unspecified vulnerability in the Java VM component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2015-4796.

6.5
2015-10-25 CVE-2015-1002 Ininet Solutions Unspecified vulnerability in Ininet Solutions Scada web Server

IniNet embeddedWebServer (aka eWebServer) before 2.02 mishandles URL encoding, which allows remote attackers to write to or delete files via a crafted string.

6.4
2015-10-21 CVE-2015-4886 Oracle XML External Entity Injection vulnerability in Oracle E-Business Suite

Unspecified vulnerability in the Oracle Report Manager component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3, 12.2.3, and 12.2.4 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Reports Security.

6.4
2015-10-21 CVE-2015-4827 Oracle Remote Security vulnerability in Oracle Retail Applications 3.0

Unspecified vulnerability in the Oracle Retail Open Commerce Platform component in Oracle Retail Applications 3.0 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Framework.

6.4
2015-10-21 CVE-2015-4806 Oracle Unspecified vulnerability in Oracle JDK and JRE

Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality and integrity via unknown vectors related to Libraries.

6.4
2015-10-21 CVE-2015-4820 Oracle Local Security vulnerability in Oracle Solaris 11.2

Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Solaris Kernel Zones, a different vulnerability than CVE-2015-4907.

6.2
2015-10-21 CVE-2015-4817 Oracle Local Security vulnerability in Oracle Solaris 11.2

Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect confidentiality, integrity, and availability via vectors related to Kernel Zones virtualized NIC driver.

6.2
2015-10-21 CVE-2015-4887 Oracle Remote Security vulnerability in Oracle Peoplesoft products 9.2

Unspecified vulnerability in the PeopleSoft Enterprise HCM component in Oracle PeopleSoft Products 9.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to ePerformance.

6.0
2015-10-23 CVE-2015-7023 Apple Code vulnerability in Apple Iphone OS and mac OS X

CFNetwork in Apple iOS before 9.1 and OS X before 10.11.1 does not properly consider the uppercase-versus-lowercase distinction during cookie parsing, which allows remote web servers to overwrite cookies via unspecified vectors.

5.8
2015-10-21 CVE-2015-4871 Oracle Unspecified vulnerability in Oracle JDK and JRE

Unspecified vulnerability in Oracle Java SE 7u85 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Libraries.

5.8
2015-10-21 CVE-2015-4859 Oracle Remote Security vulnerability in Oracle Enterprise Manager Grid Control 12.1.0.4/12.1.0.5

Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control 12.1.0.4 and 12.1.0.5 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Agent Next Gen.

5.8
2015-10-21 CVE-2015-7823 Kentico Unspecified vulnerability in Kentico CMS 8.2

Open redirect vulnerability in CMSPages/GetDocLink.ashx in Kentico CMS 8.2 through 8.2.41 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the link parameter.

5.8
2015-10-23 CVE-2015-7020 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X

The NVIDIA driver in the Graphics Drivers subsystem in Apple OS X before 10.11.1 allows local users to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read and system crash) via unspecified vectors, a different vulnerability than CVE-2015-7019.

5.6
2015-10-23 CVE-2015-7019 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X

The NVIDIA driver in the Graphics Drivers subsystem in Apple OS X before 10.11.1 allows local users to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read and system crash) via unspecified vectors, a different vulnerability than CVE-2015-7020.

5.6
2015-10-21 CVE-2015-4857 Oracle Remote Security vulnerability in Oracle Database Server 12.1.0.1/12.1.0.2

Unspecified vulnerability in the RDBMS component in Oracle Database Server 12.1.0.1 and 12.1.0.2 allows remote authenticated users to affect confidentiality and integrity via unknown vectors.

5.5
2015-10-21 CVE-2015-4850 Oracle Remote Security vulnerability in Oracle Peoplesoft products 9.2

Unspecified vulnerability in the PeopleSoft Enterprise HCM component in Oracle PeopleSoft Products 9.2 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Talent Acquisition Management.

5.5
2015-10-21 CVE-2015-4818 Oracle Remote Security vulnerability in Oracle Peoplesoft products 8.54

Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.54 allows remote authenticated users to affect confidentiality and integrity via vectors related to PIA Core Technology.

5.5
2015-10-25 CVE-2015-6484 3S Smart Software Solutions NULL Pointer Dereference Remote Denial of Service vulnerability in CODESYS Gateway Server

3S-Smart CODESYS Gateway Server before 2.3.9.48 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted (1) GET or (2) POST request.

5.0
2015-10-25 CVE-2015-6341 Cisco Permissions, Privileges, and Access Controls vulnerability in Cisco Wireless LAN Controller Software 7.4.140.0/8.0.120.0

The Web Management GUI on Cisco Wireless LAN Controller (WLC) devices with software 7.4(140.0) and 8.0(120.0) allows remote attackers to cause a denial of service (client disconnection) via unspecified vectors, aka Bug ID CSCuw10610.

5.0
2015-10-25 CVE-2015-1003 Ininet Solutions Path Traversal vulnerability in Ininet Solutions Scada web Server

Directory traversal vulnerability in IniNet embeddedWebServer (aka eWebServer) before 2.02 allows remote attackers to read arbitrary files via a crafted pathname.

5.0
2015-10-23 CVE-2015-7031 Apple Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X Server 5.0.14/5.0.2/5.0.3

The Web Service component in Apple OS X Server before 5.0.15 omits an unspecified HTTP header configuration, which allows remote attackers to bypass intended access restrictions via unknown vectors.

5.0
2015-10-23 CVE-2015-6999 Apple 7PK - Security Features vulnerability in Apple Iphone OS

The OCSP client in Apple iOS before 9.1 does not check for certificate expiry, which allows remote attackers to spoof a valid certificate by leveraging access to a revoked certificate.

5.0
2015-10-22 CVE-2015-4916 Oracle Unspecified vulnerability in Oracle Javafx, JDK and JRE

Unspecified vulnerability in Oracle Java SE 8u60 and JavaFX 2.2.85 allows remote attackers to affect confidentiality via unknown vectors, a different vulnerability than CVE-2015-4906 and CVE-2015-4908.

5.0
2015-10-22 CVE-2015-4911 Oracle Unspecified vulnerability in Oracle Jdk, JRE and Jrockit

Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Java SE Embedded 8u51; and JRockit R28.3.7 allows remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2015-4803 and CVE-2015-4893.

5.0
2015-10-22 CVE-2015-4909 Oracle Remote Security vulnerability in Oracle Fusion Middleware 11.1.2.4.0/12.1.2.0.0/12.1.3.0.0

Unspecified vulnerability in the Oracle JDeveloper component in Oracle Fusion Middleware 11.1.2.4.0, 12.1.2.0.0, and 12.1.3.0.0 allows remote attackers to affect integrity via vectors related to ADF Faces.

5.0
2015-10-22 CVE-2015-4908 Oracle Unspecified vulnerability in Oracle Javafx, JDK and JRE

Unspecified vulnerability in Oracle Java SE 8u60 and JavaFX 2.2.85 allows remote attackers to affect confidentiality via unknown vectors, a different vulnerability than CVE-2015-4906 and CVE-2015-4916.

5.0
2015-10-22 CVE-2015-4906 Oracle Unspecified vulnerability in Oracle Javafx, JDK and JRE

Unspecified vulnerability in Oracle Java SE 8u60 and JavaFX 2.2.85 allows remote attackers to affect confidentiality via unknown vectors related to JavaFX, a different vulnerability than CVE-2015-4908 and CVE-2015-4916.

5.0
2015-10-22 CVE-2015-4903 Oracle Unspecified vulnerability in Oracle JDK and JRE

Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality via vectors related to RMI.

5.0
2015-10-21 CVE-2015-4896 Oracle
Debian
Remote Security vulnerability in Oracle VM VirtualBox

Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.0.34, 4.1.42, 4.2.34, 4.3.32, and 5.0.8, when a VM has the Remote Display feature (RDP) enabled, allows remote attackers to affect availability via unknown vectors related to Core.

5.0
2015-10-21 CVE-2015-4893 Oracle Unspecified vulnerability in Oracle Jdk, JRE and Jrockit

Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Java SE Embedded 8u51; and JRockit R28.3.7 allows remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2015-4803 and CVE-2015-4911.

5.0
2015-10-21 CVE-2015-4884 Oracle Remote Security vulnerability in Oracle E-Business Suite

Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3, 12.2.3, and 12.2.4 allows remote attackers to affect confidentiality via unknown vectors related to Single Signon.

5.0
2015-10-21 CVE-2015-4882 Oracle Unspecified vulnerability in Oracle JDK and JRE

Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect availability via vectors related to CORBA.

5.0
2015-10-21 CVE-2015-4875 Oracle Remote Security vulnerability in Oracle Enterprise Manager Grid Control 12.1.0.5/12.1.0.6

Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control 12.1.0.4 and 12.1.0.5 allows remote attackers to affect availability via unknown vectors related to Agent Next Gen.

5.0
2015-10-21 CVE-2015-4872 Oracle Unspecified vulnerability in Oracle Jdk, JRE and Jrockit

Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Java SE Embedded 8u51; and JRockit R28.3.7 allows remote attackers to affect integrity via unknown vectors related to Security.

5.0
2015-10-21 CVE-2015-4848 Oracle Remote Security vulnerability in Oracle Supply Chain Products Suite

Unspecified vulnerability in the Oracle Configurator component in Oracle Supply Chain Products Suite 12.0.6, 12.1.3, 12.2.3, and 12.2.4 allows remote attackers to affect confidentiality via unknown vectors related to Integration with Peoplesoft.

5.0
2015-10-21 CVE-2015-4842 Oracle Unspecified vulnerability in Oracle JDK and JRE

Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality via vectors related to JAXP.

5.0
2015-10-21 CVE-2015-4840 Oracle Unspecified vulnerability in Oracle JDK and JRE

Unspecified vulnerability in Oracle Java SE 7u85 and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality via unknown vectors related to 2D.

5.0
2015-10-21 CVE-2015-4803 Oracle Unspecified vulnerability in Oracle Jdk, JRE and Jrockit

Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Java SE Embedded 8u51; and JRockit R28.3.7 allows remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2015-4893 and CVE-2015-4911.

5.0
2015-10-21 CVE-2015-4734 Oracle Unspecified vulnerability in Oracle JDK and JRE

Unspecified vulnerability in Oracle Java SE 6u101, 7u85 and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality via vectors related to JGSS.

5.0
2015-10-21 CVE-2015-1829 Oracle Denial of Service vulnerability in IBM HTTP Server

Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 10.1.3.5, 11.1.1.7, 11.1.1.9, 12.1.2.0, and 12.1.3.0 allows remote attackers to affect availability via unknown vectors related to Web Listener.

5.0
2015-10-21 CVE-2015-7822 Kentico Cross-site Scripting vulnerability in Kentico CMS 8.2

Multiple cross-site scripting (XSS) vulnerabilities in Kentico CMS 8.2 allow remote attackers to inject arbitrary web script or HTML via a (1) parameter name to CMSModules/AdminControls/Pages/UIPage.aspx or the (2) CMSBodyClass cookie variable to the default URI.

5.0
2015-10-19 CVE-2015-7863 Accelerite 7PK - Security Features vulnerability in Accelerite Radia Client Automation

The default configuration of Persistent Accelerite Radia Client Automation (formerly HP Client Automation) 7.9 through 9.1 before 2015-02-19 enables a remote Notify capability without the Extended Notify Security features, which might allow remote attackers to bypass intended access restrictions via unspecified vectors.

5.0
2015-10-19 CVE-2015-7862 Accelerite Permissions, Privileges, and Access Controls vulnerability in Accelerite Radia Client Automation

Persistent Accelerite Radia Client Automation (formerly HP Client Automation) 7.9 through 9.1 before 2015-02-19 improperly implements the Role Based Access Control feature, which might allow remote attackers to modify an account's role assignments via unspecified vectors.

5.0
2015-10-19 CVE-2015-7750 Juniper Improper Input Validation vulnerability in Juniper Screenos 6.3.0

The L2TP packet processing functionality in Juniper Netscreen and ScreenOS Firewall products with ScreenOS before 6.3.0r13-dnd1, 6.3.0r14 through 6.3.0r18 before 6.3.0r18-dnc1, and 6.3.0r19 allows remote attackers to cause a denial of service via a crafted L2TP packet.

5.0
2015-10-19 CVE-2015-7748 Juniper Improper Input Validation vulnerability in Juniper Junos

Juniper chassis with Trio (Trinity) chipset line cards and Junos OS 13.3 before 13.3R8, 14.1 before 14.1R6, 14.2 before 14.2R5, and 15.1 before 15.1R2 allow remote attackers to cause a denial of service (MPC line card crash) via a crafted uBFD packet.

5.0
2015-10-21 CVE-2015-4894 Oracle Remote Security vulnerability in Oracle Database Mobile/Lite Server 10.3.0.3/11.3.0.2/12.1.0.0

Unspecified vulnerability in the Mobile Server component in Oracle Database Mobile/Lite Server 10.3.0.3, 11.3.0.2, and 12.1.0.0 allows remote authenticated users to affect integrity and availability via unknown vectors.

4.9
2015-10-21 CVE-2015-4869 Oracle Local Security vulnerability in Oracle Solaris 10/11.2

Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows local users to affect availability via unknown vectors related to Kernel.

4.9
2015-10-21 CVE-2015-4856 Oracle Local Security vulnerability in Oracle VM VirtualBox

Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.0.30, 4.1.38, 4.2.30, 4.3.26, and 5.0.0 allows local users to affect availability via unknown vectors related to Core.

4.9
2015-10-21 CVE-2015-4831 Oracle Local Security vulnerability in Oracle Solaris 11.2

Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect availability via unknown vectors related to Solaris Kernel Zones, a different vulnerability than CVE-2015-4822.

4.9
2015-10-19 CVE-2015-7833 Novell
Redhat
Code vulnerability in multiple products

The usbvision driver in the Linux kernel package 3.10.0-123.20.1.el7 through 3.10.0-229.14.1.el7 in Red Hat Enterprise Linux (RHEL) 7.1 allows physically proximate attackers to cause a denial of service (panic) via a nonzero bInterfaceNumber value in a USB device descriptor.

4.9
2015-10-19 CVE-2015-7799 Linux Local Denial of Service vulnerability in Google Android 'PPP Character Device Driver'

The slhc_init function in drivers/net/slip/slhc.c in the Linux kernel through 4.2.3 does not ensure that certain slot numbers are valid, which allows local users to cause a denial of service (NULL pointer dereference and system crash) via a crafted PPPIOCSMAXCID ioctl call.

4.9
2015-10-19 CVE-2015-6937 Linux
Canonical
Debian
Null Pointer Deference Denial of Service vulnerability in Linux Kernel

The __rds_conn_create function in net/rds/connection.c in the Linux kernel through 4.2.3 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by using a socket that was not properly bound.

4.9
2015-10-19 CVE-2015-0275 Linux
Oracle
Code vulnerability in Linux Kernel

The ext4_zero_range function in fs/ext4/extents.c in the Linux kernel before 4.1 allows local users to cause a denial of service (BUG) via a crafted fallocate zero-range request.

4.9
2015-10-22 CVE-2015-4907 Oracle Local Security vulnerability in Oracle Solaris 11.2

Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Solaris Kernel Zones, a different vulnerability than CVE-2015-4820.

4.6
2015-10-21 CVE-2015-4891 Oracle Local Security vulnerability in Oracle Solaris 11.2

Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect confidentiality, integrity, and availability via vectors related to NSCD.

4.6
2015-10-21 CVE-2015-4879 Oracle
Debian
Canonical
Mariadb
Redhat
Fedoraproject
Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier, and 5.6.25 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to DML.
4.6
2015-10-19 CVE-2015-5707 Linux
Canonical
Debian
Suse
Integer Overflow or Wraparound vulnerability in Linux Kernel

Integer overflow in the sg_start_req function in drivers/scsi/sg.c in the Linux kernel 2.6.x through 4.x before 4.1 allows local users to cause a denial of service or possibly have unspecified other impact via a large iov_count value in a write request.

4.6
2015-10-21 CVE-2015-2642 Oracle Local Security vulnerability in Oracle Solaris 10/11.2

Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Gzip.

4.4
2015-10-23 CVE-2015-5943 Apple 7PK - Security Features vulnerability in Apple mac OS X

SecurityAgent in Apple OS X before 10.11.1 does not prevent synthetic clicks from reaching keychain windows, which allows attackers to bypass intended access restrictions via a crafted app.

4.3
2015-10-23 CVE-2015-7022 Apple Information Exposure vulnerability in Apple Iphone OS

The Telephony subsystem in Apple iOS before 9.1 allows attackers to obtain sensitive call-status information via a crafted app.

4.3
2015-10-23 CVE-2015-6997 Apple 7PK - Security Features vulnerability in Apple Iphone OS and Watchos

The X.509 certificate-trust implementation in Apple iOS before 9.1 does not recognize that the kSecRevocationRequirePositiveResponse flag implies a revocation-checking requirement, which makes it easier for man-in-the-middle attackers to spoof endpoints by leveraging access to a revoked certificate.

4.3
2015-10-22 CVE-2015-4912 Oracle Remote Security vulnerability in Oracle Fusion Middleware 11.1.2.2/11.1.2.3

Unspecified vulnerability in the Oracle Access Manager component in Oracle Fusion Middleware 11.1.2.2 and 11.1.2.3 allows remote attackers to affect confidentiality via vectors related to SSO Engine.

4.3
2015-10-21 CVE-2015-4899 Oracle Remote Security vulnerability in Oracle Fusion Middleware 3.0.1/3.1.2

Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 3.0.1 and 3.1.2 allows remote attackers to affect confidentiality via unknown vectors related to Security.

4.3
2015-10-21 CVE-2015-4880 Oracle Remote Security vulnerability in Oracle Fusion Middleware 10.1.3.5.1

Unspecified vulnerability in the Oracle WebCenter Content component in Oracle Fusion Middleware 10.1.3.5.1 allows remote attackers to affect integrity via unknown vectors related to Content Server, a different vulnerability than CVE-2015-4867.

4.3
2015-10-21 CVE-2015-4867 Oracle Remote Security vulnerability in Oracle Fusion Middleware 10.1.3.5.1

Unspecified vulnerability in the Oracle WebCenter Content component in Oracle Fusion Middleware 10.1.3.5.1 allows remote attackers to affect integrity via unknown vectors related to Content Server, a different vulnerability than CVE-2015-4880.

4.3
2015-10-21 CVE-2015-4854 Oracle Cross-Site Scripting vulnerability in Oracle E-Business Suite

Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 12.0.6, 12.1.3, 12.2.3, and 12.2.4 allows remote attackers to affect integrity via unknown vectors related to Single Signon.

4.3
2015-10-21 CVE-2015-4847 Oracle Remote Security vulnerability in Oracle Supply Chain Products Suite

Unspecified vulnerability in the Oracle Configurator component in Oracle Supply Chain Products Suite 12.0.6, 12.1.3, 12.2.3, and 12.2.4 allows remote attackers to affect integrity via vectors related to OCI.

4.3
2015-10-21 CVE-2015-4845 Oracle User Enumeration vulnerability in Oracle E-Business Suite

Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3, 12.2.3, and 12.2.4 allows remote attackers to affect confidentiality via vectors related to Java APIs - AOL/J.

4.3
2015-10-21 CVE-2015-4841 Oracle Remote Security vulnerability in Oracle Siebel CRM Ip2014/Ip2015

Unspecified vulnerability in the Siebel Core - Server Framework component in Oracle Siebel CRM IP2014 and IP2015 allows remote attackers to affect confidentiality via unknown vectors related to Services.

4.3
2015-10-21 CVE-2015-4832 Oracle Remote Security vulnerability in Oracle Fusion Middleware 11.1.1.7/11.1.2.2/11.1.2.3

Unspecified vulnerability in the Oracle Identity Manager component in Oracle Fusion Middleware 11.1.1.7, 11.1.2.2, and 11.1.2.3 allows remote attackers to affect integrity via vectors related to OIM Legacy UI.

4.3
2015-10-21 CVE-2015-4799 Oracle Remote Security vulnerability in Oracle Fusion Middleware 11.1.1.6.1/11.1.1.8.0/7.6.2

Unspecified vulnerability in the Oracle WebCenter Sites component in Oracle Fusion Middleware 7.6.2, 11.1.1.6.1, and 11.1.1.8.0 allows remote attackers to affect integrity via unknown vectors related to Security.

4.3
2015-10-21 CVE-2015-4793 Oracle Remote Security vulnerability in Oracle Communications Convergence

Unspecified vulnerability in the Oracle Communications Convergence component in Oracle Communications Applications 2.0 and 3.0.1 allows remote attackers to affect confidentiality via unknown vectors related to Mail Proxy.

4.3
2015-10-21 CVE-2015-4874 Oracle Local Security vulnerability in Oracle Enterprise Manager Grid Control 12.1.0.4/12.1.0.5

Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control 12.1.0.4 and 12.1.0.5 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Agent Next Gen.

4.1
2015-10-22 CVE-2015-4905 Oracle Remote Security vulnerability in Oracle MySQL Server

Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via vectors related to Server : DML.

4.0
2015-10-22 CVE-2015-4904 Oracle Remote Security vulnerability in Oracle MySQL Server

Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows remote authenticated users to affect availability via unknown vectors related to libmysqld.

4.0
2015-10-21 CVE-2015-4898 Oracle Remote Security vulnerability in Oracle E-Business Suite

Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3, 12.2.3, and 12.2.4 allows remote authenticated users to affect integrity via vectors related to Diagnostics and DMZ.

4.0
2015-10-21 CVE-2015-4876 Oracle Remote Security vulnerability in Oracle Peoplesoft products 8.53/8.54

Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53 and 8.54 allows remote authenticated users to affect integrity via unknown vectors related to Pivot Grid.

4.0
2015-10-21 CVE-2015-4870 Oracle
Opensuse
Mariadb
Canonical
Debian
Redhat
Fedoraproject
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Parser.
4.0
2015-10-21 CVE-2015-4866 Oracle
Mariadb
Canonical
Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.
4.0
2015-10-21 CVE-2015-4862 Oracle
Redhat
Remote Security vulnerability in Oracle Mysql

Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to DML.

4.0
2015-10-21 CVE-2015-4858 Oracle
Opensuse
Mariadb
Canonical
Debian
Redhat
Fedoraproject
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via vectors related to DML, a different vulnerability than CVE-2015-4913.
4.0
2015-10-21 CVE-2015-4838 Oracle Remote Security vulnerability in Oracle Fusion Middleware 11.1.2.4.0/12.1.2.0.0/12.1.3.0.0

Unspecified vulnerability in the Oracle JDeveloper component in Oracle Fusion Middleware 11.1.2.4.0, 12.1.2.0.0, and 12.1.3.0.0 allows remote authenticated users to affect confidentiality via vectors related to ADF Faces.

4.0
2015-10-21 CVE-2015-4833 Oracle Remote Security vulnerability in Oracle MySQL Server

Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition.

4.0
2015-10-21 CVE-2015-4830 Oracle
Mariadb
Canonical
Debian
Suse
Redhat
Opensuse
Fedoraproject
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Privileges.
4.0
2015-10-21 CVE-2015-4828 Oracle Remote Security vulnerability in Oracle Peoplesoft products 9.2

Unspecified vulnerability in the PeopleSoft Enterprise FSCM component in Oracle PeopleSoft Products 9.2 allows remote authenticated users to affect confidentiality via vectors related to FIN Resource Management (Security).

4.0
2015-10-21 CVE-2015-4826 Oracle
Opensuse
Mariadb
Canonical
Debian
Redhat
Fedoraproject
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Types.
4.0
2015-10-21 CVE-2015-4816 Oracle
Mariadb
Canonical
Debian
Redhat
Fedoraproject
Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.
4.0
2015-10-21 CVE-2015-4815 Oracle
Opensuse
Mariadb
Canonical
Debian
Redhat
Fedoraproject
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DDL.
4.0
2015-10-21 CVE-2015-4804 Oracle Remote Security vulnerability in Oracle Peoplesoft products 9.2

Unspecified vulnerability in the PeopleSoft Enterprise HCM Talent Acquisition Management component in Oracle PeopleSoft Products 9.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Security.

4.0
2015-10-21 CVE-2015-4800 Redhat
Oracle
Remote Security vulnerability in Oracle MySQL Server

Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.

4.0
2015-10-21 CVE-2015-4762 Oracle Remote Security vulnerability in Oracle E-Business Suite 12.2.3/12.2.4

Unspecified vulnerability in the Oracle Applications DBA component in Oracle E-Business Suite 12.2.3 and 12.2.4 allows remote authenticated users to affect confidentiality via unknown vectors related to Online patching.

4.0
2015-10-21 CVE-2015-4730 Oracle Remote Security vulnerability in Oracle MySQL Server

Unspecified vulnerability in Oracle MySQL 5.6.20 and earlier allows remote authenticated users to affect availability via unknown vectors related to Types.

4.0
2015-10-21 CVE-2015-5954 Owncloud Unspecified vulnerability in Owncloud

The virtual filesystem in ownCloud Server before 6.0.9, 7.0.x before 7.0.7, and 8.0.x before 8.0.5 does not consider that NULL is a valid getPath return value, which allows remote authenticated users to bypass intended access restrictions and gain access to users files via a sharing link to a file with a deleted parent folder.

4.0

34 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2015-10-21 CVE-2015-4834 Oracle Local Security vulnerability in Oracle Solaris 11.2

Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Utility/Zones.

3.7
2015-10-21 CVE-2015-4846 Oracle SQL Injection vulnerability in Oracle E-Business Suite

Unspecified vulnerability in the Oracle Applications Manager component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3, 12.2.3, and 12.2.4 allows remote authenticated users to affect confidentiality and integrity via vectors related to SQL Extensions.

3.6
2015-10-21 CVE-2015-2633 Oracle Remote Security vulnerability in Oracle Enterprise Manager

Unspecified vulnerability in the Enterprise Manager Ops Center component in Oracle Enterprise Manager Grid Control 12.1.0.1 and 12.2.2 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Ops Center.

3.6
2015-10-22 CVE-2015-4917 Oracle Remote Security vulnerability in Oracle Supply Chain products Suite 9.3.4

Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 allows remote authenticated users to affect integrity via unknown vectors related to Security, a different vulnerability than CVE-2015-4892.

3.5
2015-10-22 CVE-2015-4914 Oracle Remote Security vulnerability in Oracle Fusion Middleware

Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 10.1.3.5, 11.1.1.7, 11.1.1.9, 12.1.2.0, and 12.1.3.0 allows remote authenticated users to affect confidentiality via unknown vectors related to Web Listener.

3.5
2015-10-22 CVE-2015-4913 Oracle
Opensuse
Redhat
Canonical
Debian
Fedoraproject
Mariadb
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DML, a different vulnerability than CVE-2015-4858.
3.5
2015-10-21 CVE-2015-4895 Oracle
Mariadb
Fedoraproject
Debian
Canonical
Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.
3.5
2015-10-21 CVE-2015-4892 Oracle Remote Security vulnerability in Oracle Supply Chain products Suite 9.3.4

Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 allows remote authenticated users to affect integrity via unknown vectors related to Security, a different vulnerability than CVE-2015-4917.

3.5
2015-10-21 CVE-2015-4890 Redhat
Oracle
Remote Security vulnerability in Oracle MySQL Server

Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Replication.

3.5
2015-10-21 CVE-2015-4864 Oracle
Canonical
Redhat
Mariadb
Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Privileges.
3.5
2015-10-21 CVE-2015-4861 Oracle
Opensuse
Redhat
Mariadb
Debian
Canonical
Fedoraproject
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.
3.5
2015-10-21 CVE-2015-4825 Oracle Remote Security vulnerability in Oracle Peoplesoft products 9.2

Unspecified vulnerability in the PeopleSoft Enterprise FIN Expenses component in Oracle PeopleSoft Products 9.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Expense Report General.

3.5
2015-10-21 CVE-2015-4807 Oracle
Opensuse
Mariadb
Fedoraproject
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier, when running on Windows, allows remote authenticated users to affect availability via unknown vectors related to Server : Query Cache.
3.5
2015-10-21 CVE-2015-4797 Oracle Remote Security vulnerability in Oracle Supply Chain products Suite 9.3.3

Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.3 allows remote authenticated users to affect integrity via unknown vectors related to Security.

3.5
2015-10-21 CVE-2015-4791 Oracle Remote Security vulnerability in Oracle MySQL Server

Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Privileges.

3.5
2015-10-21 CVE-2015-5953 Owncloud Cross-site Scripting vulnerability in Owncloud

Cross-site scripting (XSS) vulnerability in the activity application in ownCloud Server before 7.0.5 and 8.0.x before 8.0.4 allows remote authenticated users to inject arbitrary web script or HTML via a " (double quote) character in a filename in a shared folder.

3.5
2015-10-21 CVE-2015-4812 Oracle Remote Security vulnerability in Oracle Fusion Middleware 11.1.1.9

Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 11.1.1.9 allows remote attackers to affect confidentiality via vectors related to OSSL Module.

2.6
2015-10-25 CVE-2015-1005 Ininet Solutions Information Exposure vulnerability in Ininet Solutions Scada web Server

IniNet embeddedWebServer (aka eWebServer) before 2.02 for Windows CE uses cleartext for password storage, which allows context-dependent attackers to obtain sensitive information via unspecified vectors.

2.1
2015-10-23 CVE-2015-6987 Apple Improper Input Validation vulnerability in Apple mac OS X

The File Bookmark component in Apple OS X before 10.11.1 allows local users to cause a denial of service (application crash) via crafted bookmark metadata in a folder.

2.1
2015-10-23 CVE-2015-7000 Apple Information Exposure vulnerability in Apple Iphone OS

Notification Center in Apple iOS before 9.1 mishandles changes to "Show on Lock Screen" settings, which allows physically proximate attackers to obtain sensitive information by looking for a (1) Phone or (2) Messages notification on the lock screen soon after a setting was disabled.

2.1
2015-10-22 CVE-2015-4910 Oracle
Redhat
Remote Security vulnerability in Oracle Mysql

Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Memcached.

2.1
2015-10-21 CVE-2015-4865 Oracle Remote Security vulnerability in Oracle E-Business Suite 12.1.3/12.2.3/12.2.4

Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 12.1.3, 12.2.3, and 12.2.4 allows remote authenticated users to affect confidentiality via vectors related to Business Objects - BC4J.

2.1
2015-10-21 CVE-2015-4824 Oracle Remote Security vulnerability in Oracle Supply Chain products Suite 9.3.4

Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 allows remote authenticated users to affect confidentiality via unknown vectors related to Security.

2.1
2015-10-21 CVE-2015-4813 Oracle
Debian
Local Security vulnerability in Oracle VM VirtualBox

Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 4.0.34, 4.1.42, 4.2.34, 4.3.32, and 5.0.8, when using a Windows guest, allows local users to affect availability via unknown vectors related to Core.

2.1
2015-10-21 CVE-2015-4801 Oracle Local Security vulnerability in Oracle Solaris 11.2

Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect confidentiality via unknown vectors related to Solaris Kernel Zones.

2.1
2015-10-19 CVE-2015-6252 Linux Resource Management Errors vulnerability in Linux Kernel

The vhost_dev_ioctl function in drivers/vhost/vhost.c in the Linux kernel before 4.1.5 allows local users to cause a denial of service (memory consumption) via a VHOST_SET_LOG_FD ioctl call that triggers permanent file-descriptor allocation.

2.1
2015-10-21 CVE-2015-4766 Oracle Local Security vulnerability in Oracle MySQL Server

Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows local users to affect availability via unknown vectors related to Server : Security : Firewall.

1.9
2015-10-21 CVE-2015-4792 Opensuse
Redhat
Oracle
Mariadb
Debian
Fedoraproject
Canonical
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition, a different vulnerability than CVE-2015-4802.
1.7
2015-10-21 CVE-2015-4878 Oracle Local Security vulnerability in Oracle Fusion Middleware 8.5.0/8.5.1/8.5.2

Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows local users to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2015-4877.

1.5
2015-10-21 CVE-2015-4877 Oracle Local Security vulnerability in Oracle Fusion Middleware 8.5.0/8.5.1/8.5.2

Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows local users to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2015-4878.

1.5
2015-10-21 CVE-2015-4811 Oracle Local Security vulnerability in Oracle Fusion Middleware 8.5.0/8.5.1/8.5.2

Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows local users to affect availability via vectors related to Outside In PDF Export SDKutside In PDF Export SDK, a different vulnerability than CVE-2015-4809.

1.5
2015-10-21 CVE-2015-4809 Oracle Local Security vulnerability in Oracle Fusion Middleware 8.5.0/8.5.1/8.5.2

Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows local users to affect availability via vectors related to Outside In PDF Export SDK, a different vulnerability than CVE-2015-4811.

1.5
2015-10-21 CVE-2015-4823 Oracle Local Security vulnerability in Oracle Hyperion 11.1.2.3

Unspecified vulnerability in the Hyperion Installation Technology component in Oracle Hyperion 11.1.2.3 allows local users to affect confidentiality via unknown vectors related to Essbase Rapid Deploy.

1.2
2015-10-21 CVE-2015-4822 Oracle Local Security vulnerability in Oracle Solaris 11.2

Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect availability via unknown vectors related to Solaris Kernel Zones, a different vulnerability than CVE-2015-4831.

1.2