Weekly Vulnerabilities Reports > November 2 to 8, 2015

Overview

103 new vulnerabilities reported during this period, including 11 critical vulnerabilities and 27 high severity vulnerabilities. This weekly summary report vulnerabilities in 125 products from 40 vendors including Mozilla, IBM, Google, Cisco, and Debian. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Information Exposure", "Permissions, Privileges, and Access Controls", "Cross-site Scripting", and "Resource Management Errors".

  • 93 reported vulnerabilities are remotely exploitables.
  • 2 reported vulnerabilities have public exploit available.
  • 19 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 89 reported vulnerabilities are exploitable by an anonymous user.
  • Mozilla has the most reported vulnerabilities, with 23 reported vulnerabilities.
  • Google has the most reported critical vulnerabilities, with 6 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

11 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2015-11-07 CVE-2015-6476 Advantech Hardcoded Credentials Security Bypass vulnerability in Multiple Advantech EKI Products

Advantech EKI-122x-BE devices with firmware before 1.65, EKI-132x devices with firmware before 1.98, and EKI-136x devices with firmware before 1.27 have hardcoded SSH keys, which makes it easier for remote attackers to obtain access via an SSH session.

10.0
2015-11-06 CVE-2015-5672 Typemoon OS Command Injection vulnerability in Typemoon products

TYPE-MOON Fate/stay night, Fate/hollow ataraxia, Witch on the Holy Night, and Fate/stay night + hollow ataraxia set allow remote attackers to execute arbitrary OS commands via crafted saved data.

10.0
2015-11-04 CVE-2015-7253 Commvault OS Command Injection vulnerability in Commvault Edge Server 10

The Web Console in Commvault Edge Server 10 R2 allows remote attackers to execute arbitrary OS commands via crafted serialized data in a cookie.

10.0
2015-11-03 CVE-2015-8073 Google Buffer Errors vulnerability in Google Android 4.4/5.1

mediaserver in Android 4.4 and 5.1 before 5.1.1 LMY48X allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 14388161, a different vulnerability than CVE-2015-6608 and CVE-2015-8072.

10.0
2015-11-03 CVE-2015-8072 Google Buffer Errors vulnerability in Google Android 4.4/5.1

mediaserver in Android 4.4 through 5.x before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23881715, a different vulnerability than CVE-2015-6608 and CVE-2015-8073.

10.0
2015-11-03 CVE-2015-6610 Google Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Google Android

libstagefright in Android before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows attackers to gain privileges or cause a denial of service (memory corruption) via a crafted application, aka internal bug 23707088.

10.0
2015-11-03 CVE-2015-6609 Google Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Google Android

libutils in Android before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted audio file, aka internal bug 22953624.

10.0
2015-11-03 CVE-2015-6608 Google Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Google Android

mediaserver in Android 5.x before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bugs 19779574, 23680780, 23876444, and 23658148, a different vulnerability than CVE-2015-8072 and CVE-2015-8073.

10.0
2015-11-03 CVE-2015-6612 Google Permissions, Privileges, and Access Controls vulnerability in Google Android

libmedia in Android before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows attackers to gain privileges via a crafted application, aka internal bug 23540426.

9.3
2015-11-06 CVE-2015-7394 F5 Permissions, Privileges, and Access Controls vulnerability in F5 products

The datastor kernel module in F5 BIG-IP Analytics, APM, ASM, Link Controller, and LTM 11.1.0 before 12.0.0, BIG-IP AAM 11.4.0 before 12.0.0, BIG-IP AFM, PEM 11.3.0 before 12.0.0, BIG-IP Edge Gateway, WebAccelerator, and WOM 11.1.0 through 11.3.0, BIG-IP GTM 11.1.0 through 11.6.0, BIG-IP PSM 11.1.0 through 11.4.1, BIG-IQ Cloud and Security 4.0.0 through 4.5.0, BIG-IQ Device 4.2.0 through 4.5.0, BIG-IQ ADC 4.5.0, and Enterprise Manager 3.0.0 through 3.1.1 allows remote authenticated users to cause a denial of service or gain privileges by leveraging permission to upload and execute code.

9.0
2015-11-06 CVE-2015-6298 Cisco OS Command Injection vulnerability in Cisco web Security Appliance 8.5.0497

The admin web interface in Cisco AsyncOS 8.x before 8.0.8-113, 8.1.x and 8.5.x before 8.5.3-051, 8.6.x and 8.7.x before 8.7.0-171-LD, and 8.8.x before 8.8.0-085 on Web Security Appliance (WSA) devices allows remote authenticated users to obtain root privileges via crafted certificate-generation arguments, aka Bug ID CSCus83445.

9.0

27 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2015-11-08 CVE-2015-5005 IBM Permissions, Privileges, and Access Controls vulnerability in IBM Powerha System Mirror

CSPOC in IBM PowerHA SystemMirror on AIX 6.1 and 7.1 allows remote authenticated users to perform an "su root" action by leveraging presence on the cluster-wide password-change list.

8.5
2015-11-06 CVE-2015-6292 Cisco Resource Management Errors vulnerability in Cisco web Security Appliance

The proxy-cache implementation in Cisco AsyncOS 8.0.x before 8.0.7-151, 8.1.x and 8.5.x before 8.5.2-004, 8.6.x and 8.7.x before 8.7.0-171-LD, and 8.8.x before 8.8.0-085 on Web Security Appliance (WSA) devices allows remote attackers to cause a denial of service (memory consumption) via multiple proxy connections, aka Bug ID CSCus10922.

7.8
2015-11-06 CVE-2015-6321 Cisco Resource Management Errors vulnerability in Cisco products

Cisco AsyncOS before 8.5.7-042, 9.x before 9.1.0-032, 9.1.x before 9.1.1-023, and 9.5.x and 9.6.x before 9.6.0-042 on Email Security Appliance (ESA) devices; before 9.1.0-032, 9.1.1 before 9.1.1-005, and 9.5.x before 9.5.0-025 on Content Security Management Appliance (SMA) devices; and before 7.7.0-725 and 8.x before 8.0.8-113 on Web Security Appliance (WSA) devices allows remote attackers to cause a denial of service (memory consumption) via a flood of TCP packets, aka Bug IDs CSCus79774, CSCus79777, and CSCzv95795.

7.8
2015-11-06 CVE-2015-6293 Cisco Resource Management Errors vulnerability in Cisco web Security Appliance

Cisco AsyncOS 8.x before 8.0.8-113, 8.1.x and 8.5.x before 8.5.3-051, 8.6.x and 8.7.x before 8.7.0-171-LD, and 8.8.x before 8.8.0-085 on Web Security Appliance (WSA) devices allows remote attackers to cause a denial of service (memory consumption) via multiple file-range requests, aka Bug ID CSCur39155.

7.8
2015-11-06 CVE-2015-6291 Cisco Improper Input Validation vulnerability in Cisco Email Security Appliance

Cisco AsyncOS before 8.5.7-043, 9.x before 9.1.1-023, and 9.5.x and 9.6.x before 9.6.0-046 on Email Security Appliance (ESA) devices mishandles malformed fields during body-contains, attachment-contains, every-attachment-contains, attachment-binary-contains, dictionary-match, and attachment-dictionary-match filtering, which allows remote attackers to cause a denial of service (memory consumption) via a crafted attachment in an e-mail message, aka Bug ID CSCuv47151.

7.8
2015-11-02 CVE-2015-5470 Powerdns Resource Management Errors vulnerability in Powerdns Authoritative and Recursor

The label decompression functionality in PowerDNS Recursor before 3.6.4 and 3.7.x before 3.7.3 and Authoritative (Auth) Server before 3.3.3 and 3.4.x before 3.4.5 allows remote attackers to cause a denial of service (CPU consumption or crash) via a request with a long name that refers to itself.

7.8
2015-11-08 CVE-2015-4963 IBM Code vulnerability in IBM Security Access Manager for web

IBM Security Access Manager for Web 7.x before 7.0.0.16 and 8.x before 8.0.1.3 mishandles WebSEAL HTTPTransformation requests, which allows remote attackers to read or write to arbitrary files via unspecified vectors.

7.5
2015-11-06 CVE-2015-8082 Login Disable Project Code vulnerability in Login Disable Project Login Disable 6.X1.0/7.X1.0/7.X1.1

The Login Disable module 6.x-1.x before 6.x-1.1 and 7.x-1.x before 7.x-1.2 for Drupal does not properly load the user_logout function, which allows remote attackers to bypass the logout protection mechanism by leveraging a contributed user authentication module, as demonstrated by the CAS and URL Login modules.

7.5
2015-11-05 CVE-2015-7200 Mozilla Code vulnerability in Mozilla Firefox and Firefox ESR

The CryptoKey interface implementation in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 lacks status checking, which allows attackers to have an unspecified impact via vectors related to a cryptographic key.

7.5
2015-11-05 CVE-2015-7199 Mozilla Buffer Errors vulnerability in Mozilla Firefox and Firefox ESR

The (1) AddWeightedPathSegLists and (2) SVGPathSegListSMILType::Interpolate functions in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 lack status checking, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted SVG document.

7.5
2015-11-05 CVE-2015-7198 Mozilla Buffer Errors vulnerability in Mozilla Firefox and Firefox ESR

Buffer overflow in the rx::TextureStorage11 class in ANGLE, as used in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted texture data.

7.5
2015-11-05 CVE-2015-7194 Mozilla Buffer Errors vulnerability in Mozilla Firefox and Firefox ESR

Buffer underflow in libjar in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted ZIP archive.

7.5
2015-11-05 CVE-2015-7193 Mozilla 7PK - Security Features vulnerability in Mozilla Firefox and Firefox ESR

Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 improperly follow the CORS cross-origin request algorithm for the POST method in situations involving an unspecified Content-Type header manipulation, which allows remote attackers to bypass the Same Origin Policy by leveraging the lack of a preflight-request step.

7.5
2015-11-05 CVE-2015-7192 Mozilla
Apple
Code vulnerability in Mozilla Firefox

The accessibility-tools feature in Mozilla Firefox before 42.0 on OS X improperly interacts with the implementation of the TABLE element, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code by using an NSAccessibilityIndexAttribute value to reference a row index.

7.5
2015-11-05 CVE-2015-7188 Mozilla 7PK - Security Features vulnerability in Mozilla Firefox and Firefox ESR

Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 allow remote attackers to bypass the Same Origin Policy for an IP address origin, and conduct cross-site scripting (XSS) attacks, by appending whitespace characters to an IP address string.

7.5
2015-11-05 CVE-2015-7183 Mozilla Buffer Errors vulnerability in Mozilla Firefox, Firefox ESR and Network Security Services

Integer overflow in the PL_ARENA_ALLOCATE implementation in Netscape Portable Runtime (NSPR) in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors.

7.5
2015-11-05 CVE-2015-7182 Oracle
Mozilla
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Heap-based buffer overflow in the ASN.1 decoder in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OCTET STRING data.

7.5
2015-11-05 CVE-2015-7181 Mozilla Buffer Errors vulnerability in Mozilla Firefox, Firefox ESR and Network Security Services

The sec_asn1d_parse_leaf function in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, improperly restricts access to an unspecified data structure, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OCTET STRING data, related to a "use-after-poison" issue.

7.5
2015-11-05 CVE-2015-4514 Mozilla Buffer Errors vulnerability in Mozilla Firefox and Firefox ESR

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 42.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

7.5
2015-11-05 CVE-2015-4513 Mozilla Buffer Errors vulnerability in Mozilla Firefox and Firefox ESR

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

7.5
2015-11-04 CVE-2015-7244 Mobatek Improper Access Control vulnerability in Mobatek Mobaxterm 2.2/8.2

The default configuration of the server in MobaXterm before 8.3 has a disabled Access Control setting and consequently does not require authentication for X11 connections, which allows remote attackers to execute arbitrary commands or obtain sensitive information via X11 packets.

7.5
2015-11-04 CVE-2015-6867 HP Improper Access Control vulnerability in HP Vertica 7.1.1

The vertica-udx-zygote process in HP Vertica 7.1.1 UDx does not require authentication, which allows remote attackers to execute arbitrary commands via a crafted packet, aka ZDI-CAN-2914.

7.5
2015-11-02 CVE-2015-5308 WP Championship Project SQL Injection vulnerability in Wp-Championship Project Wp-Championship 5.8

Multiple SQL injection vulnerabilities in cs_admin_users.php in the wp-championship plugin 5.8 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) user, (2) isadmin, (3) mail service, (4) mailresceipt, (5) stellv, (6) champtipp, (7) tippgroup, or (8) userid parameter.

7.5
2015-11-08 CVE-2015-5043 IBM Permissions, Privileges, and Access Controls vulnerability in IBM Security Guardium

diag in IBM Security Guardium 8.2 before p6015, 9.0 before p6015, 9.1, 9.5, and 10.0 before p6015 allows local users to obtain root access via unspecified key sequences.

7.2
2015-11-06 CVE-2015-5225 Redhat
Fedoraproject
Qemu
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Buffer overflow in the vnc_refresh_server_surface function in the VNC display driver in QEMU before 2.4.0.1 allows guest users to cause a denial of service (heap memory corruption and process crash) or possibly execute arbitrary code on the host via unspecified vectors, related to refreshing the server display surface.

7.2
2015-11-04 CVE-2015-6030 HP
Microfocus
Permissions, Privileges, and Access Controls vulnerability in multiple products

HP ArcSight Logger 6.0.0.7307.1, ArcSight Command Center 6.8.0.1896.0, and ArcSight Connector Appliance 6.4.0.6881.3 use the root account to execute files owned by the arcsight user, which might allow local users to gain privileges by leveraging arcsight account access.

7.2
2015-11-04 CVE-2015-4927 IBM Permissions, Privileges, and Access Controls vulnerability in IBM Tivoli Storage Manager

The Reporting and Monitoring component in Tivoli Monitoring in IBM Tivoli Storage Manager 6.3 before 6.3.6 and 7.1 before 7.1.3 on Linux and AIX uses world-writable permissions for unspecified files, which allows local users to gain privileges by writing to a file.

7.2

60 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2015-11-06 CVE-2015-4282 Cisco Permissions, Privileges, and Access Controls vulnerability in Cisco Mobility Services Engine

Cisco Mobility Services Engine (MSE) through 8.0.120.7 uses weak permissions for unspecified binary files, which allows local users to obtain root privileges by writing to a file, aka Bug ID CSCuv40504.

6.9
2015-11-04 CVE-2015-2903 HP Unspecified vulnerability in HP Arcsight Smartconnectors

The CWSAPI SOAP service in HP ArcSight SmartConnectors before 7.1.6 has a hardcoded password, which makes it easier for remote attackers to obtain administrative access by leveraging knowledge of this password.

6.9
2015-11-08 CVE-2015-1997 IBM Cross-Site Request Forgery (CSRF) vulnerability in IBM Security Qradar Incident Forensics

Cross-site request forgery (CSRF) vulnerability in IBM Security QRadar Vulnerability Manager 7.2.x before 7.2.5 Patch 5 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.

6.8
2015-11-06 CVE-2015-7809 Symfony Permissions, Privileges, and Access Controls vulnerability in Symfony Twig

The displayBlock function Template.php in Sensio Labs Twig before 1.20.0, when Sandbox mode is enabled, allows remote attackers to execute arbitrary code via the _self variable in a template.

6.8
2015-11-06 CVE-2015-7696 Canonical
Debian
Unzip Project
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Info-ZIP UnZip 6.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly execute arbitrary code via a crafted password-protected ZIP archive, possibly related to an Extra-Field size value.

6.8
2015-11-05 CVE-2015-7196 Mozilla Code vulnerability in Mozilla Firefox and Firefox ESR

Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4, when a Java plugin is enabled, allow remote attackers to cause a denial of service (incorrect garbage collection and application crash) or possibly execute arbitrary code via a crafted Java applet that deallocates an in-use JavaScript wrapper.

6.8
2015-11-05 CVE-2015-7189 Mozilla Buffer Errors vulnerability in Mozilla Firefox and Firefox ESR

Race condition in the JPEGEncoder function in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow) via vectors involving a CANVAS element and crafted JavaScript code.

6.8
2015-11-04 CVE-2015-7650 Adobe
Apple
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe products

Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (out-of-bounds read and memory corruption) via a crafted CMAP table in a PDF document, a different vulnerability than CVE-2015-6685, CVE-2015-6686, CVE-2015-6693, CVE-2015-6694, CVE-2015-6695, and CVE-2015-7622.

6.8
2015-11-04 CVE-2015-2902 HP Cryptographic Issues vulnerability in HP Arcsight Smartconnectors

HP ArcSight SmartConnectors before 7.1.6 do not verify X.509 certificates from Logger devices, which allows man-in-the-middle attackers to spoof devices and obtain sensitive information via a crafted certificate.

6.8
2015-11-02 CVE-2015-8040 Samsung Improper Input Validation vulnerability in Samsung Smartviewer

The rtsp_getdlsendtime method in the CNC_Ctrl control in Samsung SmartViewer allows remote attackers to execute arbitrary code via an index value.

6.8
2015-11-02 CVE-2015-8039 Samsung Remote Code Execution vulnerability in Samsung SmartViewer

Samsung SmartViewer allows remote attackers to execute arbitrary code via unspecified vectors to the (1) DVRSetupSave method in the STWAxConfig control or (2) SendCustomPacket method in the STWAxConfigNVR control, which trigger an untrusted pointer dereference.

6.8
2015-11-02 CVE-2015-8036 ARM
Polarssl
Debian
Fedoraproject
Opensuse
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Heap-based buffer overflow in ARM mbed TLS (formerly PolarSSL) 1.3.x before 1.3.14 and 2.x before 2.1.2 allows remote SSL servers to cause a denial of service (client crash) and possibly execute arbitrary code via a long session ticket name to the session ticket extension, which is not properly handled when creating a ClientHello message to resume a session.

6.8
2015-11-02 CVE-2015-6031 Miniupnp Project
Debian
Canonical
Opensuse
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Buffer overflow in the IGDstartelt function in igd_desc_parse.c in the MiniUPnP client (aka MiniUPnPc) before 1.9.20150917 allows remote UPNP servers to cause a denial of service (application crash) and possibly execute arbitrary code via an "oversized" XML element name.

6.8
2015-11-02 CVE-2015-5534 Oxwall Cross-Site Request Forgery (CSRF) vulnerability in Oxwall

Multiple cross-site request forgery (CSRF) vulnerabilities in Oxwall before 1.8 allow remote attackers to hijack the authentication of administrators for requests that (1) put the website under maintenance via the maintenance_enable parameter or (2) conduct cross-site scripting (XSS) attacks via the maintenance_text parameter to admin/pages/maintenance.

6.8
2015-11-02 CVE-2015-5291 ARM
Polarssl
Debian
Fedoraproject
Opensuse
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Heap-based buffer overflow in PolarSSL 1.x before 1.2.17 and ARM mbed TLS (formerly PolarSSL) 1.3.x before 1.3.14 and 2.x before 2.1.2 allows remote SSL servers to cause a denial of service (client crash) and possibly execute arbitrary code via a long hostname to the server name indication (SNI) extension, which is not properly handled when creating a ClientHello message.

6.8
2015-11-08 CVE-2015-4966 IBM Credentials Management vulnerability in IBM products

IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.9 FP009, and 7.6.0 before 7.6.0.2 IFIX001; Maximo Asset Management 7.5.0 before 7.5.0.9 FP009, 7.5.1, and 7.6.0 before 7.6.0.2 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products have a default administrator account, which makes it easier for remote authenticated users to obtain access via unspecified vectors.

6.5
2015-11-08 CVE-2015-1989 IBM SQL Injection vulnerability in IBM Security Qradar Incident Forensics

SQL injection vulnerability in IBM Security QRadar Incident Forensics 7.2.x before 7.2.5 Patch 5 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

6.5
2015-11-06 CVE-2015-6316 Cisco Credentials Management vulnerability in Cisco Mobility Services Engine

The default configuration of sshd_config in Cisco Mobility Services Engine (MSE) through 8.0.120.7 allows logins by the oracle account, which makes it easier for remote attackers to obtain access by entering this account's hardcoded password in an SSH session, aka Bug ID CSCuv40501.

6.5
2015-11-04 CVE-2015-5673 Isucon OS Command Injection vulnerability in Isucon 5 Qualifier Eventapp

eventapp/lib/gcloud.rb in the ISUCON5 qualifier portal (aka eventapp) web application before 2015-10-30 makes improper popen calls, which allows remote attackers to execute arbitrary commands via an HTTP request that includes shell metacharacters in an argument to a "gcloud compute" command.

6.5
2015-11-02 CVE-2015-3270 Apache Permissions, Privileges, and Access Controls vulnerability in Apache Ambari

Apache Ambari before 2.0.2 or 2.1.x before 2.1.1 allows remote authenticated users to gain administrative privileges via unspecified vectors, possibly related to changing passwords.

6.5
2015-11-06 CVE-2015-5305 Redhat Path Traversal vulnerability in Redhat Openshift 3.0

Directory traversal vulnerability in Kubernetes, as used in Red Hat OpenShift Enterprise 3.0, allows attackers to write to arbitrary files via a crafted object type name, which is not properly handled before passing it to etcd.

6.4
2015-11-06 CVE-2015-6546 F5 Improper Input Validation vulnerability in F5 products

The vCMP host in F5 BIG-IP Analytics, APM, ASM, GTM, Link Controller, and LTM 11.0.0 before 11.6.0, BIG-IP AAM 11.4.0 before 11.6.0, BIG-IP AFM and PEM 11.3.0 before 11.6.0, BIG-IP Edge Gateway, WebAccelerator, and WOM 11.0.0 through 11.3.0, BIG-IP PSM 11.0.0 through 11.4.1 allows remote attackers to cause a denial of service via "malicious traffic."

6.1
2015-11-03 CVE-2015-6614 Google Permissions, Privileges, and Access Controls vulnerability in Google Android 5.0/5.1

Telephony in Android 5.x before 5.1.1 LMY48X allows attackers to gain privileges, and consequently bypass intended network-interface restrictions, perform expensive data transfers, or cause a denial of service (call-reception outage or mute manipulation), via a crafted application, aka internal bug 21900139.

5.8
2015-11-02 CVE-2015-5210 Apache Unspecified vulnerability in Apache Ambari

Open redirect vulnerability in Apache Ambari before 2.1.2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the targetURI parameter.

5.8
2015-11-08 CVE-2015-5019 IBM Permissions, Privileges, and Access Controls vulnerability in IBM Sterling B2B Integrator and Sterling Integrator

IBM Sterling Integrator 5.1 before 5010004_8 and Sterling B2B Integrator 5.2 before 5020500_9 allow remote authenticated users to read or upload files by leveraging a password-change requirement.

5.5
2015-11-04 CVE-2015-5021 IBM Permissions, Privileges, and Access Controls vulnerability in IBM Infosphere Information Server 11.3/11.5

IBM InfoSphere Information Server 11.3 and 11.5 allows remote authenticated DataStage users to bypass intended job-execution restrictions or obtain sensitive information via unspecified vectors.

5.5
2015-11-02 CVE-2015-1775 Apache Server Side Request Forgery Security Bypass vulnerability in Apache Ambari

Server-side request forgery (SSRF) vulnerability in the proxy endpoint (api/v1/proxy) in Apache Ambari before 2.1.0 allows remote authenticated users to conduct port scans and access unsecured services via a crafted REST call.

5.5
2015-11-03 CVE-2015-6613 Google Command Injection vulnerability in Google Android

Bluetooth in Android before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows attackers to send commands to a debugging port, and consequently gain privileges, via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 24371736.

5.1
2015-11-08 CVE-2015-5015 IBM Information Exposure vulnerability in IBM Websphere Commerce Enterprise

IBM WebSphere Commerce Enterprise 7.0.0.9 and 8.x before Feature Pack 8 allows remote attackers to obtain sensitive information via a crafted REST URL.

5.0
2015-11-08 CVE-2015-1999 IBM Information Exposure vulnerability in IBM Security Qradar Incident Forensics

IBM Security QRadar Incident Forensics 7.2.x before 7.2.5 Patch 5 places session IDs in https URLs, which allows remote attackers to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history.

5.0
2015-11-08 CVE-2015-1994 IBM Information Exposure vulnerability in IBM Security Qradar Incident Forensics

IBM Security QRadar Incident Forensics 7.2.x before 7.2.5 Patch 5 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.

5.0
2015-11-08 CVE-2015-1993 IBM Unspecified vulnerability in IBM Security Qradar Incident Forensics

IBM Security QRadar Incident Forensics 7.2.x before 7.2.5 Patch 5 does not set the secure flag for unspecified cookies in an https session, which makes it easier for remote attackers to capture these cookies by intercepting their transmission within an http session.

5.0
2015-11-07 CVE-2015-7254 Huawei Path Traversal vulnerability in Huawei Hg532E, Hg532N and Hg532S

Directory traversal vulnerability on Huawei HG532e, HG532n, and HG532s devices allows remote attackers to read arbitrary files via a ..

5.0
2015-11-06 CVE-2015-8081 Field AS Block Project Information Exposure vulnerability in Field AS Block Project Field AS Block

The Field as Block module 7.x-1.x before 7.x-1.4 for Drupal might allow remote attackers to obtain sensitive field information by reading a cached block.

5.0
2015-11-06 CVE-2015-7763 Openafs Information Exposure vulnerability in Openafs

rx/rx.c in OpenAFS 1.5.75 through 1.5.78, 1.6.x before 1.6.15, and 1.7.x before 1.7.33 does not properly initialize padding at the end of an Rx acknowledgement (ACK) packet, which allows remote attackers to obtain sensitive information by (1) conducting a replay attack or (2) sniffing the network.

5.0
2015-11-06 CVE-2015-7762 Openafs
Debian
Information Exposure vulnerability in multiple products

rx/rx.c in OpenAFS before 1.6.15 and 1.7.x before 1.7.33 does not properly initialize the padding of a data structure when constructing an Rx acknowledgement (ACK) packet, which allows remote attackers to obtain sensitive information by (1) conducting a replay attack or (2) sniffing the network.

5.0
2015-11-06 CVE-2015-6855 Qemu
Debian
Fedoraproject
Suse
Canonical
Divide BY Zero vulnerability in multiple products

hw/ide/core.c in QEMU does not properly restrict the commands accepted by an ATAPI device, which allows guest users to cause a denial of service or possibly have unspecified other impact via certain IDE commands, as demonstrated by a WIN_READ_NATIVE_MAX command to an empty drive, which triggers a divide-by-zero error and instance crash.

5.0
2015-11-06 CVE-2015-7770 Dell Improper Input Validation vulnerability in Dell Sonicwall Totalsecure TZ 100 Firmware

Dell SonicWall TotalSecure TZ 100 devices with firmware before 5.9.1.0-22o allow remote attackers to cause a denial of service via a crafted packet.

5.0
2015-11-05 CVE-2015-7197 Mozilla Permissions, Privileges, and Access Controls vulnerability in Mozilla Firefox and Firefox ESR

Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 improperly control the ability of a web worker to create a WebSocket object, which allows remote attackers to bypass intended mixed-content restrictions via crafted JavaScript code.

5.0
2015-11-05 CVE-2015-7195 Mozilla Information Exposure vulnerability in Mozilla Firefox

The URL parsing implementation in Mozilla Firefox before 42.0 improperly recognizes escaped characters in hostnames within Location headers, which allows remote attackers to obtain sensitive information via vectors involving a redirect.

5.0
2015-11-05 CVE-2015-7190 Mozilla
Google
Information Exposure vulnerability in Mozilla Firefox

The Search feature in Mozilla Firefox before 42.0 on Android through 4.4 supports search-engine URL registration through an intent and can access this URL in a privileged context in conjunction with the crash reporter, which allows attackers to read log files and visit file: URLs of HTML documents via a crafted application.

5.0
2015-11-04 CVE-2015-6355 Cisco Information Exposure vulnerability in Cisco Unified Computing System 2.2(5B)A

The web interface in Cisco Unified Computing System (UCS) 2.2(5b)A on blade servers allows remote attackers to obtain potentially sensitive version information by visiting an unspecified URL, aka Bug ID CSCuw87226.

5.0
2015-11-04 CVE-2015-6029 HP 7PK - Security Features vulnerability in HP Arcsight Logger 6.0.0.7307.1

HP ArcSight Logger before 6.0 P2 does not limit attempts to authenticate to the SOAP interface, which makes it easier for remote attackers to obtain access via a brute-force approach.

5.0
2015-11-03 CVE-2015-8074 Google Information Exposure vulnerability in Google Android

mediaserver in Android before 5.1.1 LMY48X allows remote attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via unknown vectors, aka internal bugs 23540907 and 23515142, a different vulnerability than CVE-2015-6611.

5.0
2015-11-03 CVE-2015-6611 Google Information Exposure vulnerability in Google Android

mediaserver in Android before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows remote attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via unknown vectors, aka internal bugs 23905951, 23912202, 23953967, 23696300, 23600291, 23756261, 23541506, 23284974, 23542351, and 23542352, a different vulnerability than CVE-2015-8074.

5.0
2015-11-08 CVE-2015-4928 Apache
IBM
Information Exposure vulnerability in Apache Ambari

Apache Ambari before 2.1, as used in IBM Infosphere BigInsights 4.x before 4.1, includes cleartext passwords on a Configs screen, which allows physically proximate attackers to obtain sensitive information by reading password fields.

4.3
2015-11-08 CVE-2015-2017 IBM HTTP Response Splitting vulnerability in Multiple IBM Products

CRLF injection vulnerability in IBM WebSphere Application Server (WAS) 6.1 through 6.1.0.47, 7.0 before 7.0.0.39, 8.0 before 8.0.0.12, and 8.5 before 8.5.5.8 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL.

4.3
2015-11-08 CVE-2015-1995 IBM Cross-Site Scripting vulnerability in IBM Security Qradar Incident Forensics

Multiple cross-site scripting (XSS) vulnerabilities in IBM Security QRadar Incident Forensics 7.2.x before 7.2.5 Patch 5 allow remote attackers to inject arbitrary web script or HTML via a crafted URL.

4.3
2015-11-06 CVE-2015-7697 Canonical
Debian
Unzip Project
Resource Management Errors vulnerability in multiple products

Info-ZIP UnZip 6.0 allows remote attackers to cause a denial of service (infinite loop) via empty bzip2 data in a ZIP archive.

4.3
2015-11-05 CVE-2015-7191 Mozilla
Google
Cross-Site Scripting vulnerability in Mozilla Firefox

Mozilla Firefox before 42.0 on Android improperly restricts URL strings in intents, which allows attackers to conduct cross-site scripting (XSS) attacks via vectors involving an intent: URL and fallback navigation, aka "Universal XSS (UXSS)."

4.3
2015-11-05 CVE-2015-7187 Mozilla 7PK - Security Features vulnerability in Mozilla Firefox

The Add-on SDK in Mozilla Firefox before 42.0 misinterprets a "script: false" panel setting, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via inline JavaScript code that is executed within a third-party extension.

4.3
2015-11-05 CVE-2015-7186 Mozilla
Google
Information Exposure vulnerability in Mozilla Firefox

Mozilla Firefox before 42.0 on Android allows user-assisted remote attackers to bypass the Same Origin Policy and trigger (1) a download or (2) cached profile-data reading via a file: URL in a saved HTML document.

4.3
2015-11-05 CVE-2015-7185 Mozilla
Google
7PK - Security Features vulnerability in Mozilla Firefox

Mozilla Firefox before 42.0 on Android does not ensure that the address bar is restored upon fullscreen-mode exit, which allows remote attackers to spoof the address bar via crafted JavaScript code.

4.3
2015-11-05 CVE-2015-4518 Mozilla Cross-Site Scripting vulnerability in Mozilla Firefox

The Reader View implementation in Mozilla Firefox before 42.0 has an improper whitelist, which makes it easier for remote attackers to bypass the Content Security Policy (CSP) protection mechanism and conduct cross-site scripting (XSS) attacks via vectors involving SVG animations and the about:reader URL.

4.3
2015-11-05 CVE-2015-4515 Mozilla Information Exposure vulnerability in Mozilla Firefox

Mozilla Firefox before 42.0, when NTLM v1 is enabled for HTTP authentication, allows remote attackers to obtain sensitive hostname information by constructing a crafted web site that sends an NTLM request and reads the Workstation field of an NTLM type 3 message.

4.3
2015-11-04 CVE-2015-6356 Cisco Cross-Site Scripting vulnerability in Cisco Socialminer 10.0(1)

Cross-site scripting (XSS) vulnerability in the WeChat page in Cisco Social Miner 10.0(1) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCuw60212.

4.3
2015-11-02 CVE-2015-8038 Fortinet Cross-Site Scripting vulnerability in Fortinet Fortimanager Firmware

Multiple cross-site scripting (XSS) vulnerabilities in the Graphical User Interface (GUI) in Fortinet FortiManager before 5.2.4 allow remote attackers to inject arbitrary web script or HTML via the (1) sharedjobmanager or (2) SOMServiceObjDialog.

4.3
2015-11-02 CVE-2015-8037 Fortinet Cross-Site Scripting vulnerability in Fortinet Fortimanager Firmware

Multiple cross-site scripting (XSS) vulnerabilities in the Graphical User Interface (GUI) in Fortinet FortiManager before 5.2.4 allow remote attackers to inject arbitrary web script or HTML via the (1) SOMVpnSSLPortalDialog or (2) FGDMngUpdHistory.

4.3
2015-11-08 CVE-2015-7395 IBM Improper Access Control vulnerability in IBM products

IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX005, and 7.6.0 before 7.6.0.2 FP002; Maximo Asset Management 7.5.0 before 7.5.0.8 IFIX005, 7.5.1, and 7.6.0 before 7.6.0.2 FP002 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allow remote authenticated users to bypass intended work-order change restrictions via unspecified vectors.

4.0
2015-11-06 CVE-2014-9749 Squid Cache
Opensuse
Permissions, Privileges, and Access Controls vulnerability in multiple products

Squid 3.4.4 through 3.4.11 and 3.5.0.1 through 3.5.1, when Digest authentication is used, allow remote authenticated users to retain access by leveraging a stale nonce, aka "Nonce replay vulnerability."

4.0

5 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2015-11-02 CVE-2015-3186 Apache Cross-Site Scripting vulnerability in Apache Ambari

Cross-site scripting (XSS) vulnerability in Apache Ambari before 2.1.0 allows remote authenticated cluster operator users to inject arbitrary web script or HTML via the note field in a configuration change.

3.5
2015-11-08 CVE-2015-5044 IBM Improper Input Validation vulnerability in IBM Qradar Security Information and Event Manager

The Flow Collector in IBM Security QRadar QFLOW 7.1.x before 7.1 MR2 Patch 11 IF3 and 7.2.x before 7.2.5 Patch 4 IF3 allows remote attackers to cause a denial of service via unspecified packets.

3.3
2015-11-08 CVE-2015-7412 IBM Information Exposure vulnerability in IBM Datapower Gateway

The GatewayScript modules on IBM DataPower Gateways with software 7.2.0.x before 7.2.0.1, when the GatewayScript decryption API or a JWE decrypt action is enabled, do not require signed ciphertext data, which makes it easier for remote attackers to obtain plaintext data via a padding-oracle attack.

2.6
2015-11-08 CVE-2015-4940 Apache
IBM
Information Exposure vulnerability in Apache Ambari

Apache Ambari before 2.1, as used in IBM Infosphere BigInsights 4.x before 4.1, stores a cleartext BigSheets password in a configuration file, which allows local users to obtain sensitive information by reading this file.

2.1
2015-11-08 CVE-2015-1996 IBM Information Exposure vulnerability in IBM Security Qradar Incident Forensics

IBM Security QRadar Incident Forensics 7.2.x before 7.2.5 Patch 5 does not prevent caching of HTTPS responses, which allows physically proximate attackers to obtain sensitive local-cache information by leveraging an unattended workstation.

2.1