Weekly Vulnerabilities Reports > October 26 to November 1, 2015
Overview
94 new vulnerabilities reported during this period, including 7 critical vulnerabilities and 14 high severity vulnerabilities. This weekly summary report vulnerabilities in 53 products from 32 vendors including Cisco, IBM, XEN, Infinite Automation Systems, and Janitza. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Information Exposure", "Cross-site Scripting", "SQL Injection", and "Permissions, Privileges, and Access Controls".
- 77 reported vulnerabilities are remotely exploitables.
- 6 reported vulnerabilities have public exploit available.
- 26 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 74 reported vulnerabilities are exploitable by an anonymous user.
- Cisco has the most reported vulnerabilities, with 13 reported vulnerabilities.
- Qolsys has the most reported critical vulnerabilities, with 2 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
7 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2015-10-28 | CVE-2015-7649 | Adobe | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Adobe Shockwave Player Adobe Shockwave Player before 12.2.1.171 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. | 10.0 |
2015-10-28 | CVE-2015-6490 | Rockwellautomation | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Rockwellautomation Micrologix 1100 Firmware and Micrologix 1400 Firmware Stack-based buffer overflow on Allen-Bradley MicroLogix 1100 devices before B FRN 15.000 and 1400 devices through B FRN 15.003 allows remote attackers to execute arbitrary code via unspecified vectors. | 10.0 |
2015-10-28 | CVE-2015-3972 | Janitza | 7PK - Security Features vulnerability in Janitza products The web interface on Janitza UMG 508, 509, 511, 604, and 605 devices supports only short PIN values for authentication, which makes it easier for remote attackers to obtain access via a brute-force attack. | 10.0 |
2015-10-31 | CVE-2015-6033 | Qolsys | Cryptographic Issues vulnerability in Qolsys IQ Panel Qolsys IQ Panel (aka QOL) before 1.5.1 does not verify the digital signatures of software updates, which allows man-in-the-middle attackers to bypass intended access restrictions via a modified update. | 9.3 |
2015-10-31 | CVE-2015-6032 | Qolsys | Credentials Management vulnerability in Qolsys IQ Panel Qolsys IQ Panel (aka QOL) before 1.5.1 has hardcoded cryptographic keys, which allows remote attackers to create digital signatures for code by leveraging knowledge of a key from a different installation. | 9.3 |
2015-10-26 | CVE-2015-5014 | IBM | Improper Input Validation vulnerability in IBM Cognos Disclosure Management IBM Cognos Disclosure Management (CDM) 10.1.x and 10.2.x before 10.2.4 IF10 allows man-in-the-middle attackers to obtain access by spoofing an executable file during a client upload operation. | 9.3 |
2015-10-26 | CVE-2015-7699 | Owncloud | Improper Input Validation vulnerability in Owncloud The files_external app in ownCloud Server before 7.0.9, 8.0.x before 8.0.7, and 8.1.x before 8.1.2 allows remote authenticated users to instantiate arbitrary classes and possibly execute arbitrary code via a crafted mount point option, related to "objectstore." | 9.0 |
14 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2015-10-28 | CVE-2015-6492 | Rockwellautomation | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Rockwellautomation Micrologix 1100 Firmware and Micrologix 1400 Firmware Allen-Bradley MicroLogix 1100 devices before B FRN 15.000 and 1400 devices before B FRN 15.003 allow remote attackers to cause a denial of service (memory corruption and device crash) via a crafted HTTP request. | 7.8 |
2015-10-29 | CVE-2015-7858 | Joomla | SQL Injection vulnerability in Joomla Joomla! SQL injection vulnerability in Joomla! 3.2 before 3.4.4 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2015-7297. | 7.5 |
2015-10-29 | CVE-2015-7857 | Joomla | SQL Injection vulnerability in Joomla Joomla! SQL injection vulnerability in the getListQuery function in administrator/components/com_contenthistory/models/history.php in Joomla! 3.2 before 3.4.5 allows remote attackers to execute arbitrary SQL commands via the list[select] parameter to index.php. | 7.5 |
2015-10-29 | CVE-2015-7297 | Joomla | SQL Injection vulnerability in Joomla Joomla! SQL injection vulnerability in Joomla! 3.2 before 3.4.4 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2015-7858. | 7.5 |
2015-10-29 | CVE-2015-6006 | Medicomp | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Medicomp Medcin Engine 2.22.20153.223 The AddUserFinding implementation in Medicomp MEDCIN Engine 2.22.20153.x before 2.22.20153.226 might allow remote attackers to execute arbitrary code or cause a denial of service (integer truncation and heap-based buffer overflow) via a crafted packet on port 8190. | 7.5 |
2015-10-29 | CVE-2015-5668 | Techno Project Japan | SQL Injection vulnerability in Techno Project Japan Enisys GW SQL injection vulnerability in Techno Project Japan Enisys Gw before 1.4.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
2015-10-29 | CVE-2015-5040 | IBM | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in IBM Domino Buffer overflow in IBM Domino 8.5.1 through 8.5.3 before 8.5.3 FP6 IF10 and 9.x before 9.0.1 FP4 IF3 allows remote attackers to execute arbitrary code or cause a denial of service (SMTP daemon crash) via a crafted GIF image, aka SPRs KLYH9ZDKRE and KLYH9ZTLEZ, a different vulnerability than CVE-2015-4994. | 7.5 |
2015-10-29 | CVE-2015-4994 | IBM | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in IBM Domino Buffer overflow in IBM Domino 8.5.1 through 8.5.3 before 8.5.3 FP6 IF10 and 9.x before 9.0.1 FP4 IF3 allows remote attackers to execute arbitrary code or cause a denial of service (SMTP daemon crash) via a crafted GIF image, aka SPRs KLYH9ZDKRE and KLYH9ZTLEZ, a different vulnerability than CVE-2015-5040. | 7.5 |
2015-10-28 | CVE-2015-3971 | Janitza | Improper Access Control vulnerability in Janitza products The debug interface on Janitza UMG 508, 509, 511, 604, and 605 devices does not require authentication, which allows remote attackers to read or write to files, or execute arbitrary JASIC code, via a session on TCP port 1239. | 7.5 |
2015-10-28 | CVE-2015-3968 | Janitza | Credentials Management vulnerability in Janitza products The FTP service on Janitza UMG 508, 509, 511, 604, and 605 devices has a default password, which makes it easier for remote attackers to read or write to files via a session on TCP port 21. | 7.5 |
2015-10-27 | CVE-2015-7986 | SAP | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in SAP Hana 1.0/1.00 The index server (hdbindexserver) in SAP HANA 1.00.095 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via an HTTP request, aka SAP Security Note 2197428. | 7.5 |
2015-10-26 | CVE-2015-6500 | Owncloud | Path Traversal vulnerability in Owncloud Directory traversal vulnerability in ownCloud Server before 8.0.6 and 8.1.x before 8.1.1 allows remote authenticated users to list directory contents and possibly cause a denial of service (CPU consumption) via a .. | 7.5 |
2015-10-30 | CVE-2015-7835 | XEN | Improper Input Validation vulnerability in XEN The mod_l2_entry function in arch/x86/mm.c in Xen 3.4 through 4.6.x does not properly validate level 2 page table entries, which allows local PV guest administrators to gain privileges via a crafted superpage mapping. | 7.2 |
2015-10-26 | CVE-2015-4974 | IBM | Command Injection vulnerability in IBM General Parallel File System and Spectrum Scale IBM General Parallel File System (GPFS) 3.5.x before 3.5.0.27 and 4.1.x before 4.1.1.2 and Spectrum Scale 4.1.1.x before 4.1.1.2 allow local users to obtain root privileges for command execution via unspecified vectors. | 7.2 |
59 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2015-10-28 | CVE-2015-6034 | Epson | Permissions, Privileges, and Access Controls vulnerability in Epson Network Utility 4.10 EPSON Network Utility 4.10 uses weak permissions (Everyone: Full Control) for eEBSVC.exe, which allows local users to gain privileges via a Trojan horse file. | 6.9 |
2015-10-30 | CVE-2015-8030 | SAP | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in SAP 3D Visual Enterprise Viewer SAP 3D Visual Enterprise Viewer (VEV) allows remote attackers to execute arbitrary code via a crafted (1) U3D, (2) LWO, (3) JPEG2000, or (4) FBX file, aka "Out-Of-Bounds Indexing" vulnerabilities. | 6.8 |
2015-10-30 | CVE-2015-8029 | SAP | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in SAP 3D Visual Enterprise Viewer SAP 3D Visual Enterprise Viewer (VEV) allows remote attackers to execute arbitrary code via a crafted Filmbox document, which triggers memory corruption. | 6.8 |
2015-10-30 | CVE-2015-8028 | SAP | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in SAP 3D Visual Enterprise Viewer Multiple buffer overflows in SAP 3D Visual Enterprise Viewer (VEV) allow remote attackers to execute arbitrary code via a crafted (1) 3DM or (2) Flic Animation file. | 6.8 |
2015-10-29 | CVE-2015-4997 | IBM | Permissions, Privileges, and Access Controls vulnerability in IBM Websphere Portal 8.5.0.0 IBM WebSphere Portal 8.5.0 before CF08 allows remote attackers to bypass intended access restrictions via a crafted request. | 6.8 |
2015-10-29 | CVE-2015-2901 | Medicomp | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Medicomp Medcin Engine 2.22.20142.166 Multiple stack-based buffer overflows in Medicomp MEDCIN Engine 2.22.20142.166 might allow remote attackers to execute arbitrary code via a crafted packet on port 8190, related to (1) the GetProperty info_getproperty function and (2) the GetProperty UdfCodeList function. | 6.8 |
2015-10-29 | CVE-2015-2900 | Medicomp | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Medicomp Medcin Engine The AddUserFinding add_userfinding2 function in Medicomp MEDCIN Engine before 2.22.20153.226 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted packet on port 8190. | 6.8 |
2015-10-29 | CVE-2015-2899 | Medicomp | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Medicomp Medcin Engine Heap-based buffer overflow in the QualifierList retrieve_qualifier_list function in Medicomp MEDCIN Engine before 2.22.20153.226 might allow remote attackers to execute arbitrary code via a long list name in a packet on port 8190. | 6.8 |
2015-10-29 | CVE-2015-2898 | Medicomp | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Medicomp Medcin Engine Multiple stack-based buffer overflows in Medicomp MEDCIN Engine before 2.22.20153.226 might allow remote attackers to execute arbitrary code via a crafted packet on port 8190, related to (1) the SetGroupSequenceEx na_setgroupsequenceex function, (2) the FormatDate julptostr function, and (3) the UserFindingCodes addtocl function. | 6.8 |
2015-10-28 | CVE-2015-6493 | Infinite Automation Systems | Cross-Site Request Forgery (CSRF) vulnerability in Infinite Automation Systems Mango Automation 2.5.0/2.5.5/2.6.0 Cross-site request forgery (CSRF) vulnerability in Infinite Automation Mango Automation 2.5.x and 2.6.x through 2.6.0 build 430 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors. | 6.8 |
2015-10-28 | CVE-2015-3967 | Janitza | Cross-Site Request Forgery (CSRF) vulnerability in Janitza products Cross-site request forgery (CSRF) vulnerability on Janitza UMG 508, 509, 511, 604, and 605 devices allows remote attackers to hijack the authentication of arbitrary users. | 6.8 |
2015-10-26 | CVE-2015-7674 | Canonical Gnome Opensuse | Numeric Errors vulnerability in multiple products Integer overflow in the pixops_scale_nearest function in pixops/pixops.c in gdk-pixbuf before 2.32.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted GIF image file, which triggers a heap-based buffer overflow. | 6.8 |
2015-10-26 | CVE-2015-7673 | Opensuse Gnome | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products io-tga.c in gdk-pixbuf before 2.32.0 uses heap memory after its allocation failed, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) and possibly execute arbitrary code via a crafted Truevision TGA (TARGA) file. | 6.8 |
2015-10-30 | CVE-2015-6350 | Cisco | SQL Injection vulnerability in Cisco Prime Service Catalog 11.0Base SQL injection vulnerability in the web framework in Cisco Prime Service Catalog 11.0 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuw50843. | 6.5 |
2015-10-30 | CVE-2015-6345 | Cisco | SQL Injection vulnerability in Cisco Secure Access Control Server 5.7.0.15 SQL injection vulnerability in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCuw24700. | 6.5 |
2015-10-29 | CVE-2015-5669 | Techno Project Japan | Arbitrary File Creation vulnerability in Enisys Gw Techno Project Japan Enisys Gw before 1.4.1 allows remote authenticated users to write to arbitrary files and consequently execute arbitrary code via unspecified vectors. | 6.5 |
2015-10-28 | CVE-2015-7904 | Infinite Automation Systems | Unspecified vulnerability in Infinite Automation Systems Mango Automation 2.5.0/2.5.5/2.6.0 Unrestricted file upload vulnerability in Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 build 430 allows remote authenticated users to execute arbitrary JSP code via vectors involving an upload of an image file. | 6.5 |
2015-10-28 | CVE-2015-7903 | Infinite Automation Systems | SQL Injection vulnerability in Infinite Automation Systems Mango Automation 2.5.0/2.5.5/2.6.0 SQL injection vulnerability in Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 build 430 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | 6.5 |
2015-10-28 | CVE-2015-7901 | Infinite Automation Systems | OS Command Injection vulnerability in Infinite Automation Systems Mango Automation 2.5.0/2.5.5/2.6.0 Infinite Automation Mango Automation 2.5.x and 2.6.x through 2.6.0 build 430 allows remote authenticated users to execute arbitrary OS commands via unspecified vectors. | 6.5 |
2015-10-28 | CVE-2015-6486 | Rockwellautomation | SQL Injection vulnerability in Rockwellautomation Micrologix 1100 Firmware and Micrologix 1400 Firmware SQL injection vulnerability on Allen-Bradley MicroLogix 1100 devices before B FRN 15.000 and 1400 devices before B FRN 15.003 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | 6.5 |
2015-10-26 | CVE-2015-5288 | Postgresql | Information Exposure vulnerability in Postgresql The crypt function in contrib/pgcrypto in PostgreSQL before 9.0.23, 9.1.x before 9.1.19, 9.2.x before 9.2.14, 9.3.x before 9.3.10, and 9.4.x before 9.4.5 allows attackers to cause a denial of service (server crash) or read arbitrary server memory via a "too-short" salt. | 6.4 |
2015-10-26 | CVE-2014-8242 | Librsync Project | Cryptographic Issues vulnerability in Librsync Project Librsync librsync before 1.0.0 uses a truncated MD4 checksum to match blocks, which makes it easier for remote attackers to modify transmitted data via a birthday attack. | 5.8 |
2015-10-27 | CVE-2015-5665 | Lockon | Cross-Site Request Forgery (CSRF) vulnerability in Lockon Ec-Cube Cross-site request forgery (CSRF) vulnerability in LOCKON EC-CUBE 2.11.0 through 2.13.3 allows remote attackers to hijack the authentication of arbitrary users for requests that write to PHP scripts, related to the doValidToken function. | 5.1 |
2015-10-26 | CVE-2015-7298 | Owncloud QT | ownCloud Desktop Client before 2.0.1, when compiled with a Qt release after 5.3.x, does not call QNetworkReply::ignoreSslErrors with the list of errors to be ignored, which makes it easier for remote attackers to conduct man-in-the-middle (MITM) attacks by leveraging a server using a self-signed certificate. | 5.1 |
2015-10-31 | CVE-2015-6343 | Cisco | Resource Management Errors vulnerability in Cisco IOS 15.5(3)M The SIP implementation in Cisco IOS 15.5(3)M on Cisco Unified Border Element (CUBE) devices allows remote attackers to cause a denial of service via crafted SIP messages, aka Bug ID CSCuv79202. | 5.0 |
2015-10-30 | CVE-2015-6351 | Cisco | Improper Input Validation vulnerability in Cisco ASR 5000 Software 19.1.0.61559/19.2.0 Cisco ASR 5500 System Architecture Evolution (SAE) Gateway devices with software 19.1.0.61559 and 19.2.0 allow remote attackers to cause a denial of service (BGP process restart) via a crafted header in a BGP packet, aka Bug ID CSCuw65781. | 5.0 |
2015-10-29 | CVE-2015-7899 | Joomla | Improper Access Control vulnerability in Joomla Joomla! The com_content component in Joomla! 3.x before 3.4.5 does not properly check ACLs, which allows remote attackers to obtain sensitive information via unspecified vectors. | 5.0 |
2015-10-29 | CVE-2015-7859 | Joomla | Information Exposure vulnerability in Joomla Joomla! The com_contenthistory component in Joomla! 3.2 before 3.4.5 does not properly check ACLs, which allows remote attackers to obtain sensitive information via unspecified vectors. | 5.0 |
2015-10-29 | CVE-2015-5955 | Owncloud | Insufficiently Protected Credentials vulnerability in Owncloud ownCloud iOS app before 3.4.4 does not properly switch state between multiple instances, which might allow remote instance administrators to obtain sensitive credential and cookie information by reading authentication headers. | 5.0 |
2015-10-29 | CVE-2015-5285 | Kallithea | Unspecified vulnerability in Kallithea-Scm Kallithea 0.1/0.2 CRLF injection vulnerability in Kallithea before 0.3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the came_from parameter to _admin/login. | 5.0 |
2015-10-29 | CVE-2015-5671 | Techno Project Japan | Permissions, Privileges, and Access Controls vulnerability in Techno Project Japan Enisys GW Techno Project Japan Enisys Gw before 1.4.1 allows remote attackers to bypass intended access restrictions and read arbitrary uploaded files via unspecified vectors. | 5.0 |
2015-10-28 | CVE-2014-8912 | IBM | Improper Access Control vulnerability in IBM Websphere Portal IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 through 8.0.0.1 CF18, and 8.5.0 before CF08 improperly restricts resource access, which allows remote attackers to obtain sensitive information via unspecified vectors, as demonstrated by configuration information. | 5.0 |
2015-10-28 | CVE-2015-7902 | Infinite Automation Systems | Information Exposure vulnerability in Infinite Automation Systems Mango Automation 2.5.0/2.5.5/2.6.0 Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 build 430 provides different error messages for failed login attempts in unspecified circumstances, which allows remote attackers to obtain sensitive information via a series of requests. | 5.0 |
2015-10-28 | CVE-2015-7873 | Phpmyadmin | 7PK - Security Features vulnerability in PHPmyadmin The redirection feature in url.php in phpMyAdmin 4.4.x before 4.4.15.1 and 4.5.x before 4.5.1 allows remote attackers to spoof content via the url parameter. | 5.0 |
2015-10-28 | CVE-2015-5713 | Tibco | Information Exposure vulnerability in Tibco products Spotfire Parsing Library and Spotfire Security Filter in TIBCO Spotfire Server 5.5.x before 5.5.4, 6.0.x before 6.0.5, 6.5.x before 6.5.4, and 7.0.x before 7.0.1 and Spotfire Analytics Platform before 7.0.2 for AWS Marketplace allow remote attackers to obtain sensitive log information by visiting an unspecified URL. | 5.0 |
2015-10-28 | CVE-2015-3973 | Janitza | 7PK - Security Features vulnerability in Janitza products Janitza UMG 508, 509, 511, 604, and 605 devices improperly generate session tokens, which makes it easier for remote attackers to determine a PIN value via unspecified computations on session-token values. | 5.0 |
2015-10-28 | CVE-2015-3969 | Janitza | Information Exposure vulnerability in Janitza products Janitza UMG 508, 509, 511, 604, and 605 devices allow remote attackers to obtain sensitive network-connection information via a request to UDP port (1) 1234 or (2) 1235. | 5.0 |
2015-10-27 | CVE-2015-6340 | Cisco | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco ASR 5000 Software 19.0.M0.60737 The Proxy Mobile IPv6 (PMIPv6) component in the CDMA implementation on Cisco ASR 5000 devices with software 19.0.M0.60737 allows remote attackers to cause a denial of service (hamgr process restart) via a crafted header in a PMIPv6 packet, aka Bug ID CSCuv63280. | 5.0 |
2015-10-26 | CVE-2015-5223 | Openstack | Information Exposure vulnerability in Openstack Swift OpenStack Object Storage (Swift) before 2.4.0 allows attackers to obtain sensitive information via a PUT tempurl and a DLO object manifest that references an object in another container. | 5.0 |
2015-10-30 | CVE-2015-7970 | XEN | Resource Management Errors vulnerability in XEN The p2m_pod_emergency_sweep function in arch/x86/mm/p2m-pod.c in Xen 3.4.x, 3.5.x, and 3.6.x is not preemptible, which allows local x86 HVM guest administrators to cause a denial of service (CPU consumption and possibly reboot) via crafted memory contents that triggers a "time-consuming linear scan," related to Populate-on-Demand. | 4.9 |
2015-10-30 | CVE-2015-7969 | XEN | Resource Management Errors vulnerability in XEN Multiple memory leaks in Xen 4.0 through 4.6.x allow local guest administrators or domains with certain permission to cause a denial of service (memory consumption) via a large number of "teardowns" of domains with the vcpu pointer array allocated using the (1) XEN_DOMCTL_max_vcpus hypercall or the xenoprofile state vcpu pointer array allocated using the (2) XENOPROF_get_buffer or (3) XENOPROF_set_passive hypercall. | 4.9 |
2015-10-30 | CVE-2015-7814 | XEN | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in XEN Race condition in the relinquish_memory function in arch/arm/domain.c in Xen 4.6.x and earlier allows local domains with partial management control to cause a denial of service (host crash) via vectors involving the destruction of a domain and using XENMEM_decrease_reservation to reduce the memory of the domain. | 4.7 |
2015-10-26 | CVE-2015-4625 | Fedoraproject Opensuse Polkit Project | Numeric Errors vulnerability in multiple products Integer overflow in the authentication_agent_new_cookie function in PolicyKit (aka polkit) before 0.113 allows local users to gain privileges by creating a large number of connections, which triggers the issuance of a duplicate cookie value. | 4.6 |
2015-10-26 | CVE-2015-3256 | Polkit Project Opensuse | Permissions, Privileges, and Access Controls vulnerability in multiple products PolicyKit (aka polkit) before 0.113 allows local users to cause a denial of service (memory corruption and polkitd daemon crash) and possibly gain privileges via unspecified vectors, related to "javascript rule evaluation." | 4.6 |
2015-10-26 | CVE-2015-3255 | Polkit Project | Permissions, Privileges, and Access Controls vulnerability in Polkit Project Polkit The polkit_backend_action_pool_init function in polkitbackend/polkitbackendactionpool.c in PolicyKit (aka polkit) before 0.113 might allow local users to gain privileges via duplicate action IDs in action descriptions. | 4.6 |
2015-10-30 | CVE-2015-6352 | Cisco | Information Exposure vulnerability in Cisco products Cisco Unified Communications Domain Manager before 10.6(1) provides different error messages for pathname access attempts depending on whether the pathname exists, which allows remote attackers to map a filesystem via a series of requests, aka Bug ID CSCut67891. | 4.3 |
2015-10-30 | CVE-2015-6349 | Cisco | Cross-site Scripting vulnerability in Cisco Secure Access Control Server 5.7.0.15 Cross-site scripting (XSS) vulnerability in the web interface in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | 4.3 |
2015-10-30 | CVE-2015-6346 | Cisco | Cross-site Scripting vulnerability in Cisco Secure Access Control Server 5.7.0.15 Cross-site scripting (XSS) vulnerability in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | 4.3 |
2015-10-29 | CVE-2015-5670 | Techno Project Japan | Cross-site Scripting vulnerability in Techno Project Japan Enisys GW Cross-site scripting (XSS) vulnerability in Techno Project Japan Enisys Gw before 1.4.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2015-10-28 | CVE-2015-7900 | Infinite Automation Systems | Information Exposure vulnerability in Infinite Automation Systems Mango Automation 2.5.0/2.5.5/2.6.0 Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 build 430 allows remote attackers to obtain sensitive debugging information by entering a crafted URL to trigger an exception, and then visiting a certain status page. | 4.3 |
2015-10-28 | CVE-2015-6488 | Rockwellautomation | Cross-site Scripting vulnerability in Rockwellautomation Micrologix 1100 Firmware and Micrologix 1400 Firmware Cross-site scripting (XSS) vulnerability in the web server on Allen-Bradley MicroLogix 1100 devices before B FRN 15.000 and 1400 devices before B FRN 15.003 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2015-10-28 | CVE-2015-3970 | Janitza | Cross-site Scripting vulnerability in Janitza products Multiple cross-site scripting (XSS) vulnerabilities in the web interface on Janitza UMG 508, 509, 511, 604, and 605 devices allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2015-10-27 | CVE-2015-3996 | Afnetworking Project | 7PK - Security Features vulnerability in Afnetworking Project Afnetworking 2.5.2 The default AFSecurityPolicy.validatesDomainName configuration for AFSSLPinningModeNone in the AFNetworking framework before 2.5.3, as used in the ownCloud iOS Library, disables verification of a server hostname against the domain name in the subject's Common Name (CN) of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | 4.3 |
2015-10-30 | CVE-2015-6348 | Cisco | Permissions, Privileges, and Access Controls vulnerability in Cisco Secure Access Control Server 5.7.0.15 The report-generation web interface in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote authenticated users to bypass intended RBAC restrictions, and read report or status information, by visiting an unspecified web page. | 4.0 |
2015-10-30 | CVE-2015-6347 | Cisco | Permissions, Privileges, and Access Controls vulnerability in Cisco Secure Access Control Server 5.7.0.15 The Solution Engine in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote authenticated users to bypass intended RBAC restrictions, and create a dashboard or portlet, by visiting an unspecified web page. | 4.0 |
2015-10-30 | CVE-2015-6344 | Cisco | Information Exposure vulnerability in Cisco ASA CX Context-Aware Security Software 9.3.4.1.11 The web-based GUI in Cisco Adaptive Security Appliance (ASA) CX Context-Aware Security 9.3(4.1.11) allows remote authenticated users to bypass intended access restrictions and obtain sensitive user information via an unspecified HTTP request, aka Bug ID CSCuv74105. | 4.0 |
2015-10-28 | CVE-2015-6491 | Rockwellautomation | Unspecified vulnerability in Rockwellautomation Micrologix 1100 Firmware and Micrologix 1400 Firmware Allen-Bradley MicroLogix 1100 devices before B FRN 15.000 and 1400 devices before B FRN 15.003 allow remote authenticated users to insert the content of an arbitrary file into a FRAME element via unspecified vectors. | 4.0 |
2015-10-28 | CVE-2015-5712 | Tibco | Information Exposure vulnerability in Tibco products Spotfire Parsing Library and Spotfire Security Filter in TIBCO Spotfire Server 5.5.x before 5.5.4, 6.0.x before 6.0.5, 6.5.x before 6.5.4, and 7.0.x before 7.0.1 and Spotfire Analytics Platform before 7.0.2 for AWS Marketplace allow remote authenticated users to obtain sensitive system information by visiting an unspecified URL. | 4.0 |
2015-10-26 | CVE-2015-6670 | Owncloud | Unauthorized Access vulnerability in ownCloud ownCloud Server before 7.0.8, 8.0.x before 8.0.6, and 8.1.x before 8.1.1 does not properly check ownership of calendars, which allows remote authenticated users to read arbitrary calendars via the calid parameter to apps/calendar/export.php. | 4.0 |
14 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2015-10-31 | CVE-2015-6354 | Cisco | Cross-site Scripting vulnerability in Cisco Firesight System Software 5.4.1.3/6.0.0 Multiple cross-site scripting (XSS) vulnerabilities in Cisco FireSight Management Center (MC) 5.4.1.3 and 6.0 allow remote authenticated users to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuv73338. | 3.5 |
2015-10-31 | CVE-2015-6353 | Cisco | Cross-site Scripting vulnerability in Cisco Firesight System Software Multiple cross-site scripting (XSS) vulnerabilities in Cisco FireSight Management Center (MC) 5.3.1.5 and 5.4.x through 5.4.1.3 allow remote authenticated users to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuu28922. | 3.5 |
2015-10-28 | CVE-2015-6494 | Infinite Automation Systems | Cross-site Scripting vulnerability in Infinite Automation Systems Mango Automation 2.5.0/2.5.5/2.6.0 Cross-site scripting (XSS) vulnerability in Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 build 430 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 3.5 |
2015-10-26 | CVE-2015-7881 | Colorbox Project | Improper Access Control vulnerability in Colorbox Project Colorbox The Colorbox module 7.x-2.x before 7.x-2.10 for Drupal allows remote authenticated users with certain permissions to bypass intended access restrictions and "add unexpected content to a Colorbox" via unspecified vectors, possibly related to a link in a comment. | 3.5 |
2015-10-28 | CVE-2015-7836 | Siemens | Information Exposure vulnerability in Siemens Ruggedcom Rugged Operating System Siemens RUGGEDCOM ROS before 4.2.1 allows remote attackers to obtain sensitive information by sniffing the network for VLAN data within the padding section of an Ethernet frame. | 3.3 |
2015-10-26 | CVE-2015-5011 | IBM | Command Injection vulnerability in IBM Integration BUS and Websphere Message Broker IBM WebSphere Message Broker 8 before 8.0.0.6 and Integration Bus 9 before 9.0.0.4 do not check authorization for MQSISTARTMSGFLOW and MQSISTOPMSGFLOW commands, which allows local users to bypass intended access restrictions, and start or stop a service, by issuing a command. | 3.2 |
2015-10-31 | CVE-2015-5667 | Html Scrubber Project | Cross-site Scripting vulnerability in Html-Scrubber Project Html-Scrubber 0.14 Cross-site scripting (XSS) vulnerability in the HTML-Scrubber module before 0.15 for Perl, when the comment feature is enabled, allows remote attackers to inject arbitrary web script or HTML via a crafted comment. | 2.6 |
2015-10-26 | CVE-2015-4456 | Owncloud | Certificate Validation Security Bypass vulnerability in ownCloud Desktop Client ownCloud Desktop Client before 1.8.2 does not call QNetworkReply::ignoreSslErrors with the list of errors to be ignored, which allows man-in-the-middle attackers to bypass the user's certificate distrust decision and obtain sensitive information by leveraging a self-signed certificate and a connection to a server using its own self-signed certificate. | 2.6 |
2015-10-30 | CVE-2015-7972 | XEN | Resource Management Errors vulnerability in XEN The (1) libxl_set_memory_target function in tools/libxl/libxl.c and (2) libxl__build_post function in tools/libxl/libxl_dom.c in Xen 3.4.x through 4.6.x do not properly calculate the balloon size when using the populate-on-demand (PoD) system, which allows local HVM guest users to cause a denial of service (guest crash) via unspecified vectors related to "heavy memory pressure." | 2.1 |
2015-10-30 | CVE-2015-7971 | XEN | Data Processing Errors vulnerability in XEN Xen 3.2.x through 4.6.x does not limit the number of printk console messages when logging certain pmu and profiling hypercalls, which allows local guests to cause a denial of service via a sequence of crafted (1) HYPERCALL_xenoprof_op hypercalls, which are not properly handled in the do_xenoprof_op function in common/xenoprof.c, or (2) HYPERVISOR_xenpmu_op hypercalls, which are not properly handled in the do_xenpmu_op function in arch/x86/cpu/vpmu.c. | 2.1 |
2015-10-30 | CVE-2015-7813 | XEN | Resource Management Errors vulnerability in XEN Xen 4.4.x, 4.5.x, and 4.6.x does not limit the number of printk console messages when reporting unimplemented hypercalls, which allows local guests to cause a denial of service via a sequence of (1) HYPERVISOR_physdev_op hypercalls, which are not properly handled in the do_physdev_op function in arch/arm/physdev.c, or (2) HYPERVISOR_hvm_op hypercalls, which are not properly handled in the do_hvm_op function in arch/arm/hvm.c. | 2.1 |
2015-10-26 | CVE-2015-3218 | Polkit Project | Local Denial of Service vulnerability in polkit The authentication_agent_new function in polkitbackend/polkitbackendinteractiveauthority.c in PolicyKit (aka polkit) before 0.113 allows local users to cause a denial of service (NULL pointer dereference and polkitd daemon crash) by calling RegisterAuthenticationAgent with an invalid object path. | 2.1 |
2015-10-26 | CVE-2015-5448 | Numara | Information Exposure vulnerability in Numara Asset Manager 9.40/9.41 HP Asset Manager 9.40 and 9.41 before 9.41.11103 P4-rev1 and 9.50 before 9.50.11925 P3 allows local users to obtain sensitive information via unspecified vectors. | 2.1 |
2015-10-26 | CVE-2015-4981 | IBM | Information Exposure vulnerability in IBM General Parallel File System and Spectrum Scale IBM General Parallel File System (GPFS) 3.5.x before 3.5.0.27 and 4.1.x before 4.1.1.2 and Spectrum Scale 4.1.1.x before 4.1.1.2 allow local users to obtain sensitive information from system memory via unspecified vectors. | 2.1 |