Weekly Vulnerabilities Reports > October 26 to November 1, 2015

Overview

94 new vulnerabilities reported during this period, including 7 critical vulnerabilities and 14 high severity vulnerabilities. This weekly summary report vulnerabilities in 53 products from 32 vendors including Cisco, IBM, XEN, Infinite Automation Systems, and Janitza. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Information Exposure", "Cross-site Scripting", "SQL Injection", and "Permissions, Privileges, and Access Controls".

  • 77 reported vulnerabilities are remotely exploitables.
  • 6 reported vulnerabilities have public exploit available.
  • 26 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 74 reported vulnerabilities are exploitable by an anonymous user.
  • Cisco has the most reported vulnerabilities, with 13 reported vulnerabilities.
  • Qolsys has the most reported critical vulnerabilities, with 2 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

7 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2015-10-28 CVE-2015-7649 Adobe Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Adobe Shockwave Player

Adobe Shockwave Player before 12.2.1.171 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.

10.0
2015-10-28 CVE-2015-6490 Rockwellautomation Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Rockwellautomation Micrologix 1100 Firmware and Micrologix 1400 Firmware

Stack-based buffer overflow on Allen-Bradley MicroLogix 1100 devices before B FRN 15.000 and 1400 devices through B FRN 15.003 allows remote attackers to execute arbitrary code via unspecified vectors.

10.0
2015-10-28 CVE-2015-3972 Janitza 7PK - Security Features vulnerability in Janitza products

The web interface on Janitza UMG 508, 509, 511, 604, and 605 devices supports only short PIN values for authentication, which makes it easier for remote attackers to obtain access via a brute-force attack.

10.0
2015-10-31 CVE-2015-6033 Qolsys Cryptographic Issues vulnerability in Qolsys IQ Panel

Qolsys IQ Panel (aka QOL) before 1.5.1 does not verify the digital signatures of software updates, which allows man-in-the-middle attackers to bypass intended access restrictions via a modified update.

9.3
2015-10-31 CVE-2015-6032 Qolsys Credentials Management vulnerability in Qolsys IQ Panel

Qolsys IQ Panel (aka QOL) before 1.5.1 has hardcoded cryptographic keys, which allows remote attackers to create digital signatures for code by leveraging knowledge of a key from a different installation.

9.3
2015-10-26 CVE-2015-5014 IBM Improper Input Validation vulnerability in IBM Cognos Disclosure Management

IBM Cognos Disclosure Management (CDM) 10.1.x and 10.2.x before 10.2.4 IF10 allows man-in-the-middle attackers to obtain access by spoofing an executable file during a client upload operation.

9.3
2015-10-26 CVE-2015-7699 Owncloud Improper Input Validation vulnerability in Owncloud

The files_external app in ownCloud Server before 7.0.9, 8.0.x before 8.0.7, and 8.1.x before 8.1.2 allows remote authenticated users to instantiate arbitrary classes and possibly execute arbitrary code via a crafted mount point option, related to "objectstore."

9.0

14 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2015-10-28 CVE-2015-6492 Rockwellautomation Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Rockwellautomation Micrologix 1100 Firmware and Micrologix 1400 Firmware

Allen-Bradley MicroLogix 1100 devices before B FRN 15.000 and 1400 devices before B FRN 15.003 allow remote attackers to cause a denial of service (memory corruption and device crash) via a crafted HTTP request.

7.8
2015-10-29 CVE-2015-7858 Joomla SQL Injection vulnerability in Joomla Joomla!

SQL injection vulnerability in Joomla! 3.2 before 3.4.4 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2015-7297.

7.5
2015-10-29 CVE-2015-7857 Joomla SQL Injection vulnerability in Joomla Joomla!

SQL injection vulnerability in the getListQuery function in administrator/components/com_contenthistory/models/history.php in Joomla! 3.2 before 3.4.5 allows remote attackers to execute arbitrary SQL commands via the list[select] parameter to index.php.

7.5
2015-10-29 CVE-2015-7297 Joomla SQL Injection vulnerability in Joomla Joomla!

SQL injection vulnerability in Joomla! 3.2 before 3.4.4 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2015-7858.

7.5
2015-10-29 CVE-2015-6006 Medicomp Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Medicomp Medcin Engine 2.22.20153.223

The AddUserFinding implementation in Medicomp MEDCIN Engine 2.22.20153.x before 2.22.20153.226 might allow remote attackers to execute arbitrary code or cause a denial of service (integer truncation and heap-based buffer overflow) via a crafted packet on port 8190.

7.5
2015-10-29 CVE-2015-5668 Techno Project Japan SQL Injection vulnerability in Techno Project Japan Enisys GW

SQL injection vulnerability in Techno Project Japan Enisys Gw before 1.4.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2015-10-29 CVE-2015-5040 IBM Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in IBM Domino

Buffer overflow in IBM Domino 8.5.1 through 8.5.3 before 8.5.3 FP6 IF10 and 9.x before 9.0.1 FP4 IF3 allows remote attackers to execute arbitrary code or cause a denial of service (SMTP daemon crash) via a crafted GIF image, aka SPRs KLYH9ZDKRE and KLYH9ZTLEZ, a different vulnerability than CVE-2015-4994.

7.5
2015-10-29 CVE-2015-4994 IBM Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in IBM Domino

Buffer overflow in IBM Domino 8.5.1 through 8.5.3 before 8.5.3 FP6 IF10 and 9.x before 9.0.1 FP4 IF3 allows remote attackers to execute arbitrary code or cause a denial of service (SMTP daemon crash) via a crafted GIF image, aka SPRs KLYH9ZDKRE and KLYH9ZTLEZ, a different vulnerability than CVE-2015-5040.

7.5
2015-10-28 CVE-2015-3971 Janitza Improper Access Control vulnerability in Janitza products

The debug interface on Janitza UMG 508, 509, 511, 604, and 605 devices does not require authentication, which allows remote attackers to read or write to files, or execute arbitrary JASIC code, via a session on TCP port 1239.

7.5
2015-10-28 CVE-2015-3968 Janitza Credentials Management vulnerability in Janitza products

The FTP service on Janitza UMG 508, 509, 511, 604, and 605 devices has a default password, which makes it easier for remote attackers to read or write to files via a session on TCP port 21.

7.5
2015-10-27 CVE-2015-7986 SAP Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in SAP Hana 1.0/1.00

The index server (hdbindexserver) in SAP HANA 1.00.095 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via an HTTP request, aka SAP Security Note 2197428.

7.5
2015-10-26 CVE-2015-6500 Owncloud Path Traversal vulnerability in Owncloud

Directory traversal vulnerability in ownCloud Server before 8.0.6 and 8.1.x before 8.1.1 allows remote authenticated users to list directory contents and possibly cause a denial of service (CPU consumption) via a ..

7.5
2015-10-30 CVE-2015-7835 XEN Improper Input Validation vulnerability in XEN

The mod_l2_entry function in arch/x86/mm.c in Xen 3.4 through 4.6.x does not properly validate level 2 page table entries, which allows local PV guest administrators to gain privileges via a crafted superpage mapping.

7.2
2015-10-26 CVE-2015-4974 IBM Command Injection vulnerability in IBM General Parallel File System and Spectrum Scale

IBM General Parallel File System (GPFS) 3.5.x before 3.5.0.27 and 4.1.x before 4.1.1.2 and Spectrum Scale 4.1.1.x before 4.1.1.2 allow local users to obtain root privileges for command execution via unspecified vectors.

7.2

59 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2015-10-28 CVE-2015-6034 Epson Permissions, Privileges, and Access Controls vulnerability in Epson Network Utility 4.10

EPSON Network Utility 4.10 uses weak permissions (Everyone: Full Control) for eEBSVC.exe, which allows local users to gain privileges via a Trojan horse file.

6.9
2015-10-30 CVE-2015-8030 SAP Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in SAP 3D Visual Enterprise Viewer

SAP 3D Visual Enterprise Viewer (VEV) allows remote attackers to execute arbitrary code via a crafted (1) U3D, (2) LWO, (3) JPEG2000, or (4) FBX file, aka "Out-Of-Bounds Indexing" vulnerabilities.

6.8
2015-10-30 CVE-2015-8029 SAP Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in SAP 3D Visual Enterprise Viewer

SAP 3D Visual Enterprise Viewer (VEV) allows remote attackers to execute arbitrary code via a crafted Filmbox document, which triggers memory corruption.

6.8
2015-10-30 CVE-2015-8028 SAP Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in SAP 3D Visual Enterprise Viewer

Multiple buffer overflows in SAP 3D Visual Enterprise Viewer (VEV) allow remote attackers to execute arbitrary code via a crafted (1) 3DM or (2) Flic Animation file.

6.8
2015-10-29 CVE-2015-4997 IBM Permissions, Privileges, and Access Controls vulnerability in IBM Websphere Portal 8.5.0.0

IBM WebSphere Portal 8.5.0 before CF08 allows remote attackers to bypass intended access restrictions via a crafted request.

6.8
2015-10-29 CVE-2015-2901 Medicomp Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Medicomp Medcin Engine 2.22.20142.166

Multiple stack-based buffer overflows in Medicomp MEDCIN Engine 2.22.20142.166 might allow remote attackers to execute arbitrary code via a crafted packet on port 8190, related to (1) the GetProperty info_getproperty function and (2) the GetProperty UdfCodeList function.

6.8
2015-10-29 CVE-2015-2900 Medicomp Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Medicomp Medcin Engine

The AddUserFinding add_userfinding2 function in Medicomp MEDCIN Engine before 2.22.20153.226 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted packet on port 8190.

6.8
2015-10-29 CVE-2015-2899 Medicomp Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Medicomp Medcin Engine

Heap-based buffer overflow in the QualifierList retrieve_qualifier_list function in Medicomp MEDCIN Engine before 2.22.20153.226 might allow remote attackers to execute arbitrary code via a long list name in a packet on port 8190.

6.8
2015-10-29 CVE-2015-2898 Medicomp Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Medicomp Medcin Engine

Multiple stack-based buffer overflows in Medicomp MEDCIN Engine before 2.22.20153.226 might allow remote attackers to execute arbitrary code via a crafted packet on port 8190, related to (1) the SetGroupSequenceEx na_setgroupsequenceex function, (2) the FormatDate julptostr function, and (3) the UserFindingCodes addtocl function.

6.8
2015-10-28 CVE-2015-6493 Infinite Automation Systems Cross-Site Request Forgery (CSRF) vulnerability in Infinite Automation Systems Mango Automation 2.5.0/2.5.5/2.6.0

Cross-site request forgery (CSRF) vulnerability in Infinite Automation Mango Automation 2.5.x and 2.6.x through 2.6.0 build 430 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors.

6.8
2015-10-28 CVE-2015-3967 Janitza Cross-Site Request Forgery (CSRF) vulnerability in Janitza products

Cross-site request forgery (CSRF) vulnerability on Janitza UMG 508, 509, 511, 604, and 605 devices allows remote attackers to hijack the authentication of arbitrary users.

6.8
2015-10-26 CVE-2015-7674 Canonical
Gnome
Opensuse
Numeric Errors vulnerability in multiple products

Integer overflow in the pixops_scale_nearest function in pixops/pixops.c in gdk-pixbuf before 2.32.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted GIF image file, which triggers a heap-based buffer overflow.

6.8
2015-10-26 CVE-2015-7673 Opensuse
Gnome
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

io-tga.c in gdk-pixbuf before 2.32.0 uses heap memory after its allocation failed, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) and possibly execute arbitrary code via a crafted Truevision TGA (TARGA) file.

6.8
2015-10-30 CVE-2015-6350 Cisco SQL Injection vulnerability in Cisco Prime Service Catalog 11.0Base

SQL injection vulnerability in the web framework in Cisco Prime Service Catalog 11.0 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuw50843.

6.5
2015-10-30 CVE-2015-6345 Cisco SQL Injection vulnerability in Cisco Secure Access Control Server 5.7.0.15

SQL injection vulnerability in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCuw24700.

6.5
2015-10-29 CVE-2015-5669 Techno Project Japan Arbitrary File Creation vulnerability in Enisys Gw

Techno Project Japan Enisys Gw before 1.4.1 allows remote authenticated users to write to arbitrary files and consequently execute arbitrary code via unspecified vectors.

6.5
2015-10-28 CVE-2015-7904 Infinite Automation Systems Unspecified vulnerability in Infinite Automation Systems Mango Automation 2.5.0/2.5.5/2.6.0

Unrestricted file upload vulnerability in Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 build 430 allows remote authenticated users to execute arbitrary JSP code via vectors involving an upload of an image file.

6.5
2015-10-28 CVE-2015-7903 Infinite Automation Systems SQL Injection vulnerability in Infinite Automation Systems Mango Automation 2.5.0/2.5.5/2.6.0

SQL injection vulnerability in Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 build 430 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

6.5
2015-10-28 CVE-2015-7901 Infinite Automation Systems OS Command Injection vulnerability in Infinite Automation Systems Mango Automation 2.5.0/2.5.5/2.6.0

Infinite Automation Mango Automation 2.5.x and 2.6.x through 2.6.0 build 430 allows remote authenticated users to execute arbitrary OS commands via unspecified vectors.

6.5
2015-10-28 CVE-2015-6486 Rockwellautomation SQL Injection vulnerability in Rockwellautomation Micrologix 1100 Firmware and Micrologix 1400 Firmware

SQL injection vulnerability on Allen-Bradley MicroLogix 1100 devices before B FRN 15.000 and 1400 devices before B FRN 15.003 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

6.5
2015-10-26 CVE-2015-5288 Postgresql Information Exposure vulnerability in Postgresql

The crypt function in contrib/pgcrypto in PostgreSQL before 9.0.23, 9.1.x before 9.1.19, 9.2.x before 9.2.14, 9.3.x before 9.3.10, and 9.4.x before 9.4.5 allows attackers to cause a denial of service (server crash) or read arbitrary server memory via a "too-short" salt.

6.4
2015-10-26 CVE-2014-8242 Librsync Project Cryptographic Issues vulnerability in Librsync Project Librsync

librsync before 1.0.0 uses a truncated MD4 checksum to match blocks, which makes it easier for remote attackers to modify transmitted data via a birthday attack.

5.8
2015-10-27 CVE-2015-5665 Lockon Cross-Site Request Forgery (CSRF) vulnerability in Lockon Ec-Cube

Cross-site request forgery (CSRF) vulnerability in LOCKON EC-CUBE 2.11.0 through 2.13.3 allows remote attackers to hijack the authentication of arbitrary users for requests that write to PHP scripts, related to the doValidToken function.

5.1
2015-10-26 CVE-2015-7298 Owncloud
QT
ownCloud Desktop Client before 2.0.1, when compiled with a Qt release after 5.3.x, does not call QNetworkReply::ignoreSslErrors with the list of errors to be ignored, which makes it easier for remote attackers to conduct man-in-the-middle (MITM) attacks by leveraging a server using a self-signed certificate.
5.1
2015-10-31 CVE-2015-6343 Cisco Resource Management Errors vulnerability in Cisco IOS 15.5(3)M

The SIP implementation in Cisco IOS 15.5(3)M on Cisco Unified Border Element (CUBE) devices allows remote attackers to cause a denial of service via crafted SIP messages, aka Bug ID CSCuv79202.

5.0
2015-10-30 CVE-2015-6351 Cisco Improper Input Validation vulnerability in Cisco ASR 5000 Software 19.1.0.61559/19.2.0

Cisco ASR 5500 System Architecture Evolution (SAE) Gateway devices with software 19.1.0.61559 and 19.2.0 allow remote attackers to cause a denial of service (BGP process restart) via a crafted header in a BGP packet, aka Bug ID CSCuw65781.

5.0
2015-10-29 CVE-2015-7899 Joomla Improper Access Control vulnerability in Joomla Joomla!

The com_content component in Joomla! 3.x before 3.4.5 does not properly check ACLs, which allows remote attackers to obtain sensitive information via unspecified vectors.

5.0
2015-10-29 CVE-2015-7859 Joomla Information Exposure vulnerability in Joomla Joomla!

The com_contenthistory component in Joomla! 3.2 before 3.4.5 does not properly check ACLs, which allows remote attackers to obtain sensitive information via unspecified vectors.

5.0
2015-10-29 CVE-2015-5955 Owncloud Insufficiently Protected Credentials vulnerability in Owncloud

ownCloud iOS app before 3.4.4 does not properly switch state between multiple instances, which might allow remote instance administrators to obtain sensitive credential and cookie information by reading authentication headers.

5.0
2015-10-29 CVE-2015-5285 Kallithea Unspecified vulnerability in Kallithea-Scm Kallithea 0.1/0.2

CRLF injection vulnerability in Kallithea before 0.3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the came_from parameter to _admin/login.

5.0
2015-10-29 CVE-2015-5671 Techno Project Japan Permissions, Privileges, and Access Controls vulnerability in Techno Project Japan Enisys GW

Techno Project Japan Enisys Gw before 1.4.1 allows remote attackers to bypass intended access restrictions and read arbitrary uploaded files via unspecified vectors.

5.0
2015-10-28 CVE-2014-8912 IBM Improper Access Control vulnerability in IBM Websphere Portal

IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 through 8.0.0.1 CF18, and 8.5.0 before CF08 improperly restricts resource access, which allows remote attackers to obtain sensitive information via unspecified vectors, as demonstrated by configuration information.

5.0
2015-10-28 CVE-2015-7902 Infinite Automation Systems Information Exposure vulnerability in Infinite Automation Systems Mango Automation 2.5.0/2.5.5/2.6.0

Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 build 430 provides different error messages for failed login attempts in unspecified circumstances, which allows remote attackers to obtain sensitive information via a series of requests.

5.0
2015-10-28 CVE-2015-7873 Phpmyadmin 7PK - Security Features vulnerability in PHPmyadmin

The redirection feature in url.php in phpMyAdmin 4.4.x before 4.4.15.1 and 4.5.x before 4.5.1 allows remote attackers to spoof content via the url parameter.

5.0
2015-10-28 CVE-2015-5713 Tibco Information Exposure vulnerability in Tibco products

Spotfire Parsing Library and Spotfire Security Filter in TIBCO Spotfire Server 5.5.x before 5.5.4, 6.0.x before 6.0.5, 6.5.x before 6.5.4, and 7.0.x before 7.0.1 and Spotfire Analytics Platform before 7.0.2 for AWS Marketplace allow remote attackers to obtain sensitive log information by visiting an unspecified URL.

5.0
2015-10-28 CVE-2015-3973 Janitza 7PK - Security Features vulnerability in Janitza products

Janitza UMG 508, 509, 511, 604, and 605 devices improperly generate session tokens, which makes it easier for remote attackers to determine a PIN value via unspecified computations on session-token values.

5.0
2015-10-28 CVE-2015-3969 Janitza Information Exposure vulnerability in Janitza products

Janitza UMG 508, 509, 511, 604, and 605 devices allow remote attackers to obtain sensitive network-connection information via a request to UDP port (1) 1234 or (2) 1235.

5.0
2015-10-27 CVE-2015-6340 Cisco Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco ASR 5000 Software 19.0.M0.60737

The Proxy Mobile IPv6 (PMIPv6) component in the CDMA implementation on Cisco ASR 5000 devices with software 19.0.M0.60737 allows remote attackers to cause a denial of service (hamgr process restart) via a crafted header in a PMIPv6 packet, aka Bug ID CSCuv63280.

5.0
2015-10-26 CVE-2015-5223 Openstack Information Exposure vulnerability in Openstack Swift

OpenStack Object Storage (Swift) before 2.4.0 allows attackers to obtain sensitive information via a PUT tempurl and a DLO object manifest that references an object in another container.

5.0
2015-10-30 CVE-2015-7970 XEN Resource Management Errors vulnerability in XEN

The p2m_pod_emergency_sweep function in arch/x86/mm/p2m-pod.c in Xen 3.4.x, 3.5.x, and 3.6.x is not preemptible, which allows local x86 HVM guest administrators to cause a denial of service (CPU consumption and possibly reboot) via crafted memory contents that triggers a "time-consuming linear scan," related to Populate-on-Demand.

4.9
2015-10-30 CVE-2015-7969 XEN Resource Management Errors vulnerability in XEN

Multiple memory leaks in Xen 4.0 through 4.6.x allow local guest administrators or domains with certain permission to cause a denial of service (memory consumption) via a large number of "teardowns" of domains with the vcpu pointer array allocated using the (1) XEN_DOMCTL_max_vcpus hypercall or the xenoprofile state vcpu pointer array allocated using the (2) XENOPROF_get_buffer or (3) XENOPROF_set_passive hypercall.

4.9
2015-10-30 CVE-2015-7814 XEN Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in XEN

Race condition in the relinquish_memory function in arch/arm/domain.c in Xen 4.6.x and earlier allows local domains with partial management control to cause a denial of service (host crash) via vectors involving the destruction of a domain and using XENMEM_decrease_reservation to reduce the memory of the domain.

4.7
2015-10-26 CVE-2015-4625 Fedoraproject
Opensuse
Polkit Project
Numeric Errors vulnerability in multiple products

Integer overflow in the authentication_agent_new_cookie function in PolicyKit (aka polkit) before 0.113 allows local users to gain privileges by creating a large number of connections, which triggers the issuance of a duplicate cookie value.

4.6
2015-10-26 CVE-2015-3256 Polkit Project
Opensuse
Permissions, Privileges, and Access Controls vulnerability in multiple products

PolicyKit (aka polkit) before 0.113 allows local users to cause a denial of service (memory corruption and polkitd daemon crash) and possibly gain privileges via unspecified vectors, related to "javascript rule evaluation."

4.6
2015-10-26 CVE-2015-3255 Polkit Project Permissions, Privileges, and Access Controls vulnerability in Polkit Project Polkit

The polkit_backend_action_pool_init function in polkitbackend/polkitbackendactionpool.c in PolicyKit (aka polkit) before 0.113 might allow local users to gain privileges via duplicate action IDs in action descriptions.

4.6
2015-10-30 CVE-2015-6352 Cisco Information Exposure vulnerability in Cisco products

Cisco Unified Communications Domain Manager before 10.6(1) provides different error messages for pathname access attempts depending on whether the pathname exists, which allows remote attackers to map a filesystem via a series of requests, aka Bug ID CSCut67891.

4.3
2015-10-30 CVE-2015-6349 Cisco Cross-site Scripting vulnerability in Cisco Secure Access Control Server 5.7.0.15

Cross-site scripting (XSS) vulnerability in the web interface in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

4.3
2015-10-30 CVE-2015-6346 Cisco Cross-site Scripting vulnerability in Cisco Secure Access Control Server 5.7.0.15

Cross-site scripting (XSS) vulnerability in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

4.3
2015-10-29 CVE-2015-5670 Techno Project Japan Cross-site Scripting vulnerability in Techno Project Japan Enisys GW

Cross-site scripting (XSS) vulnerability in Techno Project Japan Enisys Gw before 1.4.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2015-10-28 CVE-2015-7900 Infinite Automation Systems Information Exposure vulnerability in Infinite Automation Systems Mango Automation 2.5.0/2.5.5/2.6.0

Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 build 430 allows remote attackers to obtain sensitive debugging information by entering a crafted URL to trigger an exception, and then visiting a certain status page.

4.3
2015-10-28 CVE-2015-6488 Rockwellautomation Cross-site Scripting vulnerability in Rockwellautomation Micrologix 1100 Firmware and Micrologix 1400 Firmware

Cross-site scripting (XSS) vulnerability in the web server on Allen-Bradley MicroLogix 1100 devices before B FRN 15.000 and 1400 devices before B FRN 15.003 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2015-10-28 CVE-2015-3970 Janitza Cross-site Scripting vulnerability in Janitza products

Multiple cross-site scripting (XSS) vulnerabilities in the web interface on Janitza UMG 508, 509, 511, 604, and 605 devices allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2015-10-27 CVE-2015-3996 Afnetworking Project 7PK - Security Features vulnerability in Afnetworking Project Afnetworking 2.5.2

The default AFSecurityPolicy.validatesDomainName configuration for AFSSLPinningModeNone in the AFNetworking framework before 2.5.3, as used in the ownCloud iOS Library, disables verification of a server hostname against the domain name in the subject's Common Name (CN) of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

4.3
2015-10-30 CVE-2015-6348 Cisco Permissions, Privileges, and Access Controls vulnerability in Cisco Secure Access Control Server 5.7.0.15

The report-generation web interface in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote authenticated users to bypass intended RBAC restrictions, and read report or status information, by visiting an unspecified web page.

4.0
2015-10-30 CVE-2015-6347 Cisco Permissions, Privileges, and Access Controls vulnerability in Cisco Secure Access Control Server 5.7.0.15

The Solution Engine in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote authenticated users to bypass intended RBAC restrictions, and create a dashboard or portlet, by visiting an unspecified web page.

4.0
2015-10-30 CVE-2015-6344 Cisco Information Exposure vulnerability in Cisco ASA CX Context-Aware Security Software 9.3.4.1.11

The web-based GUI in Cisco Adaptive Security Appliance (ASA) CX Context-Aware Security 9.3(4.1.11) allows remote authenticated users to bypass intended access restrictions and obtain sensitive user information via an unspecified HTTP request, aka Bug ID CSCuv74105.

4.0
2015-10-28 CVE-2015-6491 Rockwellautomation Unspecified vulnerability in Rockwellautomation Micrologix 1100 Firmware and Micrologix 1400 Firmware

Allen-Bradley MicroLogix 1100 devices before B FRN 15.000 and 1400 devices before B FRN 15.003 allow remote authenticated users to insert the content of an arbitrary file into a FRAME element via unspecified vectors.

4.0
2015-10-28 CVE-2015-5712 Tibco Information Exposure vulnerability in Tibco products

Spotfire Parsing Library and Spotfire Security Filter in TIBCO Spotfire Server 5.5.x before 5.5.4, 6.0.x before 6.0.5, 6.5.x before 6.5.4, and 7.0.x before 7.0.1 and Spotfire Analytics Platform before 7.0.2 for AWS Marketplace allow remote authenticated users to obtain sensitive system information by visiting an unspecified URL.

4.0
2015-10-26 CVE-2015-6670 Owncloud Unauthorized Access vulnerability in ownCloud

ownCloud Server before 7.0.8, 8.0.x before 8.0.6, and 8.1.x before 8.1.1 does not properly check ownership of calendars, which allows remote authenticated users to read arbitrary calendars via the calid parameter to apps/calendar/export.php.

4.0

14 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2015-10-31 CVE-2015-6354 Cisco Cross-site Scripting vulnerability in Cisco Firesight System Software 5.4.1.3/6.0.0

Multiple cross-site scripting (XSS) vulnerabilities in Cisco FireSight Management Center (MC) 5.4.1.3 and 6.0 allow remote authenticated users to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuv73338.

3.5
2015-10-31 CVE-2015-6353 Cisco Cross-site Scripting vulnerability in Cisco Firesight System Software

Multiple cross-site scripting (XSS) vulnerabilities in Cisco FireSight Management Center (MC) 5.3.1.5 and 5.4.x through 5.4.1.3 allow remote authenticated users to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuu28922.

3.5
2015-10-28 CVE-2015-6494 Infinite Automation Systems Cross-site Scripting vulnerability in Infinite Automation Systems Mango Automation 2.5.0/2.5.5/2.6.0

Cross-site scripting (XSS) vulnerability in Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 build 430 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

3.5
2015-10-26 CVE-2015-7881 Colorbox Project Improper Access Control vulnerability in Colorbox Project Colorbox

The Colorbox module 7.x-2.x before 7.x-2.10 for Drupal allows remote authenticated users with certain permissions to bypass intended access restrictions and "add unexpected content to a Colorbox" via unspecified vectors, possibly related to a link in a comment.

3.5
2015-10-28 CVE-2015-7836 Siemens Information Exposure vulnerability in Siemens Ruggedcom Rugged Operating System

Siemens RUGGEDCOM ROS before 4.2.1 allows remote attackers to obtain sensitive information by sniffing the network for VLAN data within the padding section of an Ethernet frame.

3.3
2015-10-26 CVE-2015-5011 IBM Command Injection vulnerability in IBM Integration BUS and Websphere Message Broker

IBM WebSphere Message Broker 8 before 8.0.0.6 and Integration Bus 9 before 9.0.0.4 do not check authorization for MQSISTARTMSGFLOW and MQSISTOPMSGFLOW commands, which allows local users to bypass intended access restrictions, and start or stop a service, by issuing a command.

3.2
2015-10-31 CVE-2015-5667 Html Scrubber Project Cross-site Scripting vulnerability in Html-Scrubber Project Html-Scrubber 0.14

Cross-site scripting (XSS) vulnerability in the HTML-Scrubber module before 0.15 for Perl, when the comment feature is enabled, allows remote attackers to inject arbitrary web script or HTML via a crafted comment.

2.6
2015-10-26 CVE-2015-4456 Owncloud Certificate Validation Security Bypass vulnerability in ownCloud Desktop Client

ownCloud Desktop Client before 1.8.2 does not call QNetworkReply::ignoreSslErrors with the list of errors to be ignored, which allows man-in-the-middle attackers to bypass the user's certificate distrust decision and obtain sensitive information by leveraging a self-signed certificate and a connection to a server using its own self-signed certificate.

2.6
2015-10-30 CVE-2015-7972 XEN Resource Management Errors vulnerability in XEN

The (1) libxl_set_memory_target function in tools/libxl/libxl.c and (2) libxl__build_post function in tools/libxl/libxl_dom.c in Xen 3.4.x through 4.6.x do not properly calculate the balloon size when using the populate-on-demand (PoD) system, which allows local HVM guest users to cause a denial of service (guest crash) via unspecified vectors related to "heavy memory pressure."

2.1
2015-10-30 CVE-2015-7971 XEN Data Processing Errors vulnerability in XEN

Xen 3.2.x through 4.6.x does not limit the number of printk console messages when logging certain pmu and profiling hypercalls, which allows local guests to cause a denial of service via a sequence of crafted (1) HYPERCALL_xenoprof_op hypercalls, which are not properly handled in the do_xenoprof_op function in common/xenoprof.c, or (2) HYPERVISOR_xenpmu_op hypercalls, which are not properly handled in the do_xenpmu_op function in arch/x86/cpu/vpmu.c.

2.1
2015-10-30 CVE-2015-7813 XEN Resource Management Errors vulnerability in XEN

Xen 4.4.x, 4.5.x, and 4.6.x does not limit the number of printk console messages when reporting unimplemented hypercalls, which allows local guests to cause a denial of service via a sequence of (1) HYPERVISOR_physdev_op hypercalls, which are not properly handled in the do_physdev_op function in arch/arm/physdev.c, or (2) HYPERVISOR_hvm_op hypercalls, which are not properly handled in the do_hvm_op function in arch/arm/hvm.c.

2.1
2015-10-26 CVE-2015-3218 Polkit Project Local Denial of Service vulnerability in polkit

The authentication_agent_new function in polkitbackend/polkitbackendinteractiveauthority.c in PolicyKit (aka polkit) before 0.113 allows local users to cause a denial of service (NULL pointer dereference and polkitd daemon crash) by calling RegisterAuthenticationAgent with an invalid object path.

2.1
2015-10-26 CVE-2015-5448 Numara Information Exposure vulnerability in Numara Asset Manager 9.40/9.41

HP Asset Manager 9.40 and 9.41 before 9.41.11103 P4-rev1 and 9.50 before 9.50.11925 P3 allows local users to obtain sensitive information via unspecified vectors.

2.1
2015-10-26 CVE-2015-4981 IBM Information Exposure vulnerability in IBM General Parallel File System and Spectrum Scale

IBM General Parallel File System (GPFS) 3.5.x before 3.5.0.27 and 4.1.x before 4.1.1.2 and Spectrum Scale 4.1.1.x before 4.1.1.2 allow local users to obtain sensitive information from system memory via unspecified vectors.

2.1