Weekly Vulnerabilities Reports > November 2 to 8, 2015
Overview
101 new vulnerabilities reported during this period, including 11 critical vulnerabilities and 26 high severity vulnerabilities. This weekly summary report vulnerabilities in 122 products from 39 vendors including Mozilla, IBM, Google, Cisco, and Debian. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Information Exposure", "Permissions, Privileges, and Access Controls", "Cross-site Scripting", and "Resource Management Errors".
- 92 reported vulnerabilities are remotely exploitables.
- 2 reported vulnerabilities have public exploit available.
- 18 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 87 reported vulnerabilities are exploitable by an anonymous user.
- Mozilla has the most reported vulnerabilities, with 23 reported vulnerabilities.
- Google has the most reported critical vulnerabilities, with 6 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
11 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2015-11-07 | CVE-2015-6476 | Advantech | Hardcoded Credentials Security Bypass vulnerability in Multiple Advantech EKI Products Advantech EKI-122x-BE devices with firmware before 1.65, EKI-132x devices with firmware before 1.98, and EKI-136x devices with firmware before 1.27 have hardcoded SSH keys, which makes it easier for remote attackers to obtain access via an SSH session. | 10.0 |
2015-11-06 | CVE-2015-5672 | Typemoon | OS Command Injection vulnerability in Typemoon products TYPE-MOON Fate/stay night, Fate/hollow ataraxia, Witch on the Holy Night, and Fate/stay night + hollow ataraxia set allow remote attackers to execute arbitrary OS commands via crafted saved data. | 10.0 |
2015-11-04 | CVE-2015-7253 | Commvault | OS Command Injection vulnerability in Commvault Edge Server 10 The Web Console in Commvault Edge Server 10 R2 allows remote attackers to execute arbitrary OS commands via crafted serialized data in a cookie. | 10.0 |
2015-11-03 | CVE-2015-8073 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android 4.4/5.1 mediaserver in Android 4.4 and 5.1 before 5.1.1 LMY48X allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 14388161, a different vulnerability than CVE-2015-6608 and CVE-2015-8072. | 10.0 | |
2015-11-03 | CVE-2015-8072 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android 4.4/5.1 mediaserver in Android 4.4 through 5.x before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23881715, a different vulnerability than CVE-2015-6608 and CVE-2015-8073. | 10.0 | |
2015-11-03 | CVE-2015-6610 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android libstagefright in Android before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows attackers to gain privileges or cause a denial of service (memory corruption) via a crafted application, aka internal bug 23707088. | 10.0 | |
2015-11-03 | CVE-2015-6609 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android libutils in Android before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted audio file, aka internal bug 22953624. | 10.0 | |
2015-11-03 | CVE-2015-6608 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android mediaserver in Android 5.x before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bugs 19779574, 23680780, 23876444, and 23658148, a different vulnerability than CVE-2015-8072 and CVE-2015-8073. | 10.0 | |
2015-11-03 | CVE-2015-6612 | Permissions, Privileges, and Access Controls vulnerability in Google Android libmedia in Android before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows attackers to gain privileges via a crafted application, aka internal bug 23540426. | 9.3 | |
2015-11-06 | CVE-2015-7394 | F5 | Permissions, Privileges, and Access Controls vulnerability in F5 products The datastor kernel module in F5 BIG-IP Analytics, APM, ASM, Link Controller, and LTM 11.1.0 before 12.0.0, BIG-IP AAM 11.4.0 before 12.0.0, BIG-IP AFM, PEM 11.3.0 before 12.0.0, BIG-IP Edge Gateway, WebAccelerator, and WOM 11.1.0 through 11.3.0, BIG-IP GTM 11.1.0 through 11.6.0, BIG-IP PSM 11.1.0 through 11.4.1, BIG-IQ Cloud and Security 4.0.0 through 4.5.0, BIG-IQ Device 4.2.0 through 4.5.0, BIG-IQ ADC 4.5.0, and Enterprise Manager 3.0.0 through 3.1.1 allows remote authenticated users to cause a denial of service or gain privileges by leveraging permission to upload and execute code. | 9.0 |
2015-11-06 | CVE-2015-6298 | Cisco | OS Command Injection vulnerability in Cisco web Security Appliance 8.5.0497 The admin web interface in Cisco AsyncOS 8.x before 8.0.8-113, 8.1.x and 8.5.x before 8.5.3-051, 8.6.x and 8.7.x before 8.7.0-171-LD, and 8.8.x before 8.8.0-085 on Web Security Appliance (WSA) devices allows remote authenticated users to obtain root privileges via crafted certificate-generation arguments, aka Bug ID CSCus83445. | 9.0 |
26 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2015-11-08 | CVE-2015-5005 | IBM | Permissions, Privileges, and Access Controls vulnerability in IBM Powerha System Mirror CSPOC in IBM PowerHA SystemMirror on AIX 6.1 and 7.1 allows remote authenticated users to perform an "su root" action by leveraging presence on the cluster-wide password-change list. | 8.5 |
2015-11-06 | CVE-2015-6292 | Cisco | Resource Management Errors vulnerability in Cisco web Security Appliance The proxy-cache implementation in Cisco AsyncOS 8.0.x before 8.0.7-151, 8.1.x and 8.5.x before 8.5.2-004, 8.6.x and 8.7.x before 8.7.0-171-LD, and 8.8.x before 8.8.0-085 on Web Security Appliance (WSA) devices allows remote attackers to cause a denial of service (memory consumption) via multiple proxy connections, aka Bug ID CSCus10922. | 7.8 |
2015-11-06 | CVE-2015-6321 | Cisco | Resource Management Errors vulnerability in Cisco products Cisco AsyncOS before 8.5.7-042, 9.x before 9.1.0-032, 9.1.x before 9.1.1-023, and 9.5.x and 9.6.x before 9.6.0-042 on Email Security Appliance (ESA) devices; before 9.1.0-032, 9.1.1 before 9.1.1-005, and 9.5.x before 9.5.0-025 on Content Security Management Appliance (SMA) devices; and before 7.7.0-725 and 8.x before 8.0.8-113 on Web Security Appliance (WSA) devices allows remote attackers to cause a denial of service (memory consumption) via a flood of TCP packets, aka Bug IDs CSCus79774, CSCus79777, and CSCzv95795. | 7.8 |
2015-11-06 | CVE-2015-6293 | Cisco | Resource Management Errors vulnerability in Cisco web Security Appliance Cisco AsyncOS 8.x before 8.0.8-113, 8.1.x and 8.5.x before 8.5.3-051, 8.6.x and 8.7.x before 8.7.0-171-LD, and 8.8.x before 8.8.0-085 on Web Security Appliance (WSA) devices allows remote attackers to cause a denial of service (memory consumption) via multiple file-range requests, aka Bug ID CSCur39155. | 7.8 |
2015-11-06 | CVE-2015-6291 | Cisco | Improper Input Validation vulnerability in Cisco Email Security Appliance Cisco AsyncOS before 8.5.7-043, 9.x before 9.1.1-023, and 9.5.x and 9.6.x before 9.6.0-046 on Email Security Appliance (ESA) devices mishandles malformed fields during body-contains, attachment-contains, every-attachment-contains, attachment-binary-contains, dictionary-match, and attachment-dictionary-match filtering, which allows remote attackers to cause a denial of service (memory consumption) via a crafted attachment in an e-mail message, aka Bug ID CSCuv47151. | 7.8 |
2015-11-02 | CVE-2015-5470 | Powerdns | Resource Management Errors vulnerability in Powerdns Authoritative and Recursor The label decompression functionality in PowerDNS Recursor before 3.6.4 and 3.7.x before 3.7.3 and Authoritative (Auth) Server before 3.3.3 and 3.4.x before 3.4.5 allows remote attackers to cause a denial of service (CPU consumption or crash) via a request with a long name that refers to itself. | 7.8 |
2015-11-08 | CVE-2015-4963 | IBM | Code vulnerability in IBM Security Access Manager for web IBM Security Access Manager for Web 7.x before 7.0.0.16 and 8.x before 8.0.1.3 mishandles WebSEAL HTTPTransformation requests, which allows remote attackers to read or write to arbitrary files via unspecified vectors. | 7.5 |
2015-11-06 | CVE-2015-8082 | Login Disable Project | Code vulnerability in Login Disable Project Login Disable 6.X1.0/7.X1.0/7.X1.1 The Login Disable module 6.x-1.x before 6.x-1.1 and 7.x-1.x before 7.x-1.2 for Drupal does not properly load the user_logout function, which allows remote attackers to bypass the logout protection mechanism by leveraging a contributed user authentication module, as demonstrated by the CAS and URL Login modules. | 7.5 |
2015-11-05 | CVE-2015-7200 | Mozilla | Code vulnerability in Mozilla Firefox and Firefox ESR The CryptoKey interface implementation in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 lacks status checking, which allows attackers to have an unspecified impact via vectors related to a cryptographic key. | 7.5 |
2015-11-05 | CVE-2015-7199 | Mozilla | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mozilla Firefox and Firefox ESR The (1) AddWeightedPathSegLists and (2) SVGPathSegListSMILType::Interpolate functions in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 lack status checking, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted SVG document. | 7.5 |
2015-11-05 | CVE-2015-7198 | Mozilla | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mozilla Firefox and Firefox ESR Buffer overflow in the rx::TextureStorage11 class in ANGLE, as used in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted texture data. | 7.5 |
2015-11-05 | CVE-2015-7194 | Mozilla | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mozilla Firefox and Firefox ESR Buffer underflow in libjar in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted ZIP archive. | 7.5 |
2015-11-05 | CVE-2015-7193 | Mozilla | 7PK - Security Features vulnerability in Mozilla Firefox and Firefox ESR Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 improperly follow the CORS cross-origin request algorithm for the POST method in situations involving an unspecified Content-Type header manipulation, which allows remote attackers to bypass the Same Origin Policy by leveraging the lack of a preflight-request step. | 7.5 |
2015-11-05 | CVE-2015-7192 | Mozilla Apple | Code vulnerability in Mozilla Firefox The accessibility-tools feature in Mozilla Firefox before 42.0 on OS X improperly interacts with the implementation of the TABLE element, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code by using an NSAccessibilityIndexAttribute value to reference a row index. | 7.5 |
2015-11-05 | CVE-2015-7188 | Mozilla | 7PK - Security Features vulnerability in Mozilla Firefox and Firefox ESR Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 allow remote attackers to bypass the Same Origin Policy for an IP address origin, and conduct cross-site scripting (XSS) attacks, by appending whitespace characters to an IP address string. | 7.5 |
2015-11-05 | CVE-2015-7183 | Mozilla | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mozilla Firefox, Firefox ESR and Network Security Services Integer overflow in the PL_ARENA_ALLOCATE implementation in Netscape Portable Runtime (NSPR) in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors. | 7.5 |
2015-11-05 | CVE-2015-7182 | Oracle Mozilla | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Heap-based buffer overflow in the ASN.1 decoder in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OCTET STRING data. | 7.5 |
2015-11-05 | CVE-2015-7181 | Mozilla | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mozilla Firefox, Firefox ESR and Network Security Services The sec_asn1d_parse_leaf function in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, improperly restricts access to an unspecified data structure, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OCTET STRING data, related to a "use-after-poison" issue. | 7.5 |
2015-11-05 | CVE-2015-4514 | Mozilla | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mozilla Firefox and Firefox ESR Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 42.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | 7.5 |
2015-11-05 | CVE-2015-4513 | Mozilla | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mozilla Firefox and Firefox ESR Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | 7.5 |
2015-11-04 | CVE-2015-7244 | Mobatek | Improper Access Control vulnerability in Mobatek Mobaxterm 2.2/8.2 The default configuration of the server in MobaXterm before 8.3 has a disabled Access Control setting and consequently does not require authentication for X11 connections, which allows remote attackers to execute arbitrary commands or obtain sensitive information via X11 packets. | 7.5 |
2015-11-04 | CVE-2015-6867 | HP | Improper Access Control vulnerability in HP Vertica 7.1.1 The vertica-udx-zygote process in HP Vertica 7.1.1 UDx does not require authentication, which allows remote attackers to execute arbitrary commands via a crafted packet, aka ZDI-CAN-2914. | 7.5 |
2015-11-02 | CVE-2015-5308 | WP Championship Project | SQL Injection vulnerability in Wp-Championship Project Wp-Championship 5.8 Multiple SQL injection vulnerabilities in cs_admin_users.php in the wp-championship plugin 5.8 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) user, (2) isadmin, (3) mail service, (4) mailresceipt, (5) stellv, (6) champtipp, (7) tippgroup, or (8) userid parameter. | 7.5 |
2015-11-08 | CVE-2015-5043 | IBM | Permissions, Privileges, and Access Controls vulnerability in IBM Security Guardium diag in IBM Security Guardium 8.2 before p6015, 9.0 before p6015, 9.1, 9.5, and 10.0 before p6015 allows local users to obtain root access via unspecified key sequences. | 7.2 |
2015-11-04 | CVE-2015-6030 | HP Microfocus | Permissions, Privileges, and Access Controls vulnerability in multiple products HP ArcSight Logger 6.0.0.7307.1, ArcSight Command Center 6.8.0.1896.0, and ArcSight Connector Appliance 6.4.0.6881.3 use the root account to execute files owned by the arcsight user, which might allow local users to gain privileges by leveraging arcsight account access. | 7.2 |
2015-11-04 | CVE-2015-4927 | IBM | Permissions, Privileges, and Access Controls vulnerability in IBM Tivoli Storage Manager The Reporting and Monitoring component in Tivoli Monitoring in IBM Tivoli Storage Manager 6.3 before 6.3.6 and 7.1 before 7.1.3 on Linux and AIX uses world-writable permissions for unspecified files, which allows local users to gain privileges by writing to a file. | 7.2 |
59 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2015-11-06 | CVE-2015-4282 | Cisco | Permissions, Privileges, and Access Controls vulnerability in Cisco Mobility Services Engine Cisco Mobility Services Engine (MSE) through 8.0.120.7 uses weak permissions for unspecified binary files, which allows local users to obtain root privileges by writing to a file, aka Bug ID CSCuv40504. | 6.9 |
2015-11-04 | CVE-2015-2903 | HP | Unspecified vulnerability in HP Arcsight Smartconnectors The CWSAPI SOAP service in HP ArcSight SmartConnectors before 7.1.6 has a hardcoded password, which makes it easier for remote attackers to obtain administrative access by leveraging knowledge of this password. | 6.9 |
2015-11-08 | CVE-2015-1997 | IBM | Cross-Site Request Forgery (CSRF) vulnerability in IBM Security Qradar Incident Forensics Cross-site request forgery (CSRF) vulnerability in IBM Security QRadar Vulnerability Manager 7.2.x before 7.2.5 Patch 5 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. | 6.8 |
2015-11-06 | CVE-2015-7809 | Symfony | Permissions, Privileges, and Access Controls vulnerability in Symfony Twig The displayBlock function Template.php in Sensio Labs Twig before 1.20.0, when Sandbox mode is enabled, allows remote attackers to execute arbitrary code via the _self variable in a template. | 6.8 |
2015-11-06 | CVE-2015-7696 | Canonical Debian Unzip Project | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Info-ZIP UnZip 6.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly execute arbitrary code via a crafted password-protected ZIP archive, possibly related to an Extra-Field size value. | 6.8 |
2015-11-05 | CVE-2015-7196 | Mozilla | Code vulnerability in Mozilla Firefox and Firefox ESR Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4, when a Java plugin is enabled, allow remote attackers to cause a denial of service (incorrect garbage collection and application crash) or possibly execute arbitrary code via a crafted Java applet that deallocates an in-use JavaScript wrapper. | 6.8 |
2015-11-05 | CVE-2015-7189 | Mozilla | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mozilla Firefox and Firefox ESR Race condition in the JPEGEncoder function in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow) via vectors involving a CANVAS element and crafted JavaScript code. | 6.8 |
2015-11-04 | CVE-2015-7650 | Adobe | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Adobe products Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (out-of-bounds read and memory corruption) via a crafted CMAP table in a PDF document, a different vulnerability than CVE-2015-6685, CVE-2015-6686, CVE-2015-6693, CVE-2015-6694, CVE-2015-6695, and CVE-2015-7622. | 6.8 |
2015-11-04 | CVE-2015-2902 | HP | Cryptographic Issues vulnerability in HP Arcsight Smartconnectors HP ArcSight SmartConnectors before 7.1.6 do not verify X.509 certificates from Logger devices, which allows man-in-the-middle attackers to spoof devices and obtain sensitive information via a crafted certificate. | 6.8 |
2015-11-02 | CVE-2015-8040 | Samsung | Improper Input Validation vulnerability in Samsung Smartviewer The rtsp_getdlsendtime method in the CNC_Ctrl control in Samsung SmartViewer allows remote attackers to execute arbitrary code via an index value. | 6.8 |
2015-11-02 | CVE-2015-8039 | Samsung | Remote Code Execution vulnerability in Samsung SmartViewer Samsung SmartViewer allows remote attackers to execute arbitrary code via unspecified vectors to the (1) DVRSetupSave method in the STWAxConfig control or (2) SendCustomPacket method in the STWAxConfigNVR control, which trigger an untrusted pointer dereference. | 6.8 |
2015-11-02 | CVE-2015-8036 | ARM Polarssl Debian Fedoraproject Opensuse | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Heap-based buffer overflow in ARM mbed TLS (formerly PolarSSL) 1.3.x before 1.3.14 and 2.x before 2.1.2 allows remote SSL servers to cause a denial of service (client crash) and possibly execute arbitrary code via a long session ticket name to the session ticket extension, which is not properly handled when creating a ClientHello message to resume a session. | 6.8 |
2015-11-02 | CVE-2015-6031 | Miniupnp Project Debian Canonical Opensuse | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Buffer overflow in the IGDstartelt function in igd_desc_parse.c in the MiniUPnP client (aka MiniUPnPc) before 1.9.20150917 allows remote UPNP servers to cause a denial of service (application crash) and possibly execute arbitrary code via an "oversized" XML element name. | 6.8 |
2015-11-02 | CVE-2015-5534 | Oxwall | Cross-Site Request Forgery (CSRF) vulnerability in Oxwall Multiple cross-site request forgery (CSRF) vulnerabilities in Oxwall before 1.8 allow remote attackers to hijack the authentication of administrators for requests that (1) put the website under maintenance via the maintenance_enable parameter or (2) conduct cross-site scripting (XSS) attacks via the maintenance_text parameter to admin/pages/maintenance. | 6.8 |
2015-11-02 | CVE-2015-5291 | ARM Polarssl Debian Fedoraproject Opensuse | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Heap-based buffer overflow in PolarSSL 1.x before 1.2.17 and ARM mbed TLS (formerly PolarSSL) 1.3.x before 1.3.14 and 2.x before 2.1.2 allows remote SSL servers to cause a denial of service (client crash) and possibly execute arbitrary code via a long hostname to the server name indication (SNI) extension, which is not properly handled when creating a ClientHello message. | 6.8 |
2015-11-08 | CVE-2015-4966 | IBM | Credentials Management vulnerability in IBM products IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.9 FP009, and 7.6.0 before 7.6.0.2 IFIX001; Maximo Asset Management 7.5.0 before 7.5.0.9 FP009, 7.5.1, and 7.6.0 before 7.6.0.2 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products have a default administrator account, which makes it easier for remote authenticated users to obtain access via unspecified vectors. | 6.5 |
2015-11-08 | CVE-2015-1989 | IBM | SQL Injection vulnerability in IBM Security Qradar Incident Forensics SQL injection vulnerability in IBM Security QRadar Incident Forensics 7.2.x before 7.2.5 Patch 5 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | 6.5 |
2015-11-06 | CVE-2015-6316 | Cisco | Credentials Management vulnerability in Cisco Mobility Services Engine The default configuration of sshd_config in Cisco Mobility Services Engine (MSE) through 8.0.120.7 allows logins by the oracle account, which makes it easier for remote attackers to obtain access by entering this account's hardcoded password in an SSH session, aka Bug ID CSCuv40501. | 6.5 |
2015-11-04 | CVE-2015-5673 | Isucon | OS Command Injection vulnerability in Isucon 5 Qualifier Eventapp eventapp/lib/gcloud.rb in the ISUCON5 qualifier portal (aka eventapp) web application before 2015-10-30 makes improper popen calls, which allows remote attackers to execute arbitrary commands via an HTTP request that includes shell metacharacters in an argument to a "gcloud compute" command. | 6.5 |
2015-11-02 | CVE-2015-3270 | Apache | Permissions, Privileges, and Access Controls vulnerability in Apache Ambari Apache Ambari before 2.0.2 or 2.1.x before 2.1.1 allows remote authenticated users to gain administrative privileges via unspecified vectors, possibly related to changing passwords. | 6.5 |
2015-11-06 | CVE-2015-6546 | F5 | Improper Input Validation vulnerability in F5 products The vCMP host in F5 BIG-IP Analytics, APM, ASM, GTM, Link Controller, and LTM 11.0.0 before 11.6.0, BIG-IP AAM 11.4.0 before 11.6.0, BIG-IP AFM and PEM 11.3.0 before 11.6.0, BIG-IP Edge Gateway, WebAccelerator, and WOM 11.0.0 through 11.3.0, BIG-IP PSM 11.0.0 through 11.4.1 allows remote attackers to cause a denial of service via "malicious traffic." | 6.1 |
2015-11-03 | CVE-2015-6614 | Permissions, Privileges, and Access Controls vulnerability in Google Android 5.0/5.1 Telephony in Android 5.x before 5.1.1 LMY48X allows attackers to gain privileges, and consequently bypass intended network-interface restrictions, perform expensive data transfers, or cause a denial of service (call-reception outage or mute manipulation), via a crafted application, aka internal bug 21900139. | 5.8 | |
2015-11-02 | CVE-2015-5210 | Apache | Unspecified vulnerability in Apache Ambari Open redirect vulnerability in Apache Ambari before 2.1.2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the targetURI parameter. | 5.8 |
2015-11-08 | CVE-2015-5019 | IBM | Permissions, Privileges, and Access Controls vulnerability in IBM Sterling B2B Integrator and Sterling Integrator IBM Sterling Integrator 5.1 before 5010004_8 and Sterling B2B Integrator 5.2 before 5020500_9 allow remote authenticated users to read or upload files by leveraging a password-change requirement. | 5.5 |
2015-11-04 | CVE-2015-5021 | IBM | Permissions, Privileges, and Access Controls vulnerability in IBM Infosphere Information Server 11.3/11.5 IBM InfoSphere Information Server 11.3 and 11.5 allows remote authenticated DataStage users to bypass intended job-execution restrictions or obtain sensitive information via unspecified vectors. | 5.5 |
2015-11-02 | CVE-2015-1775 | Apache | Server Side Request Forgery Security Bypass vulnerability in Apache Ambari Server-side request forgery (SSRF) vulnerability in the proxy endpoint (api/v1/proxy) in Apache Ambari before 2.1.0 allows remote authenticated users to conduct port scans and access unsecured services via a crafted REST call. | 5.5 |
2015-11-03 | CVE-2015-6613 | Command Injection vulnerability in Google Android Bluetooth in Android before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows attackers to send commands to a debugging port, and consequently gain privileges, via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 24371736. | 5.1 | |
2015-11-08 | CVE-2015-5015 | IBM | Information Exposure vulnerability in IBM Websphere Commerce Enterprise IBM WebSphere Commerce Enterprise 7.0.0.9 and 8.x before Feature Pack 8 allows remote attackers to obtain sensitive information via a crafted REST URL. | 5.0 |
2015-11-08 | CVE-2015-1999 | IBM | Information Exposure vulnerability in IBM Security Qradar Incident Forensics IBM Security QRadar Incident Forensics 7.2.x before 7.2.5 Patch 5 places session IDs in https URLs, which allows remote attackers to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history. | 5.0 |
2015-11-08 | CVE-2015-1994 | IBM | Information Exposure vulnerability in IBM Security Qradar Incident Forensics IBM Security QRadar Incident Forensics 7.2.x before 7.2.5 Patch 5 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie. | 5.0 |
2015-11-08 | CVE-2015-1993 | IBM | Unspecified vulnerability in IBM Security Qradar Incident Forensics IBM Security QRadar Incident Forensics 7.2.x before 7.2.5 Patch 5 does not set the secure flag for unspecified cookies in an https session, which makes it easier for remote attackers to capture these cookies by intercepting their transmission within an http session. | 5.0 |
2015-11-07 | CVE-2015-7254 | Huawei | Path Traversal vulnerability in Huawei Hg532E, Hg532N and Hg532S Directory traversal vulnerability on Huawei HG532e, HG532n, and HG532s devices allows remote attackers to read arbitrary files via a .. | 5.0 |
2015-11-06 | CVE-2015-8081 | Field AS Block Project | Information Exposure vulnerability in Field AS Block Project Field AS Block The Field as Block module 7.x-1.x before 7.x-1.4 for Drupal might allow remote attackers to obtain sensitive field information by reading a cached block. | 5.0 |
2015-11-06 | CVE-2015-7763 | Openafs | Information Exposure vulnerability in Openafs rx/rx.c in OpenAFS 1.5.75 through 1.5.78, 1.6.x before 1.6.15, and 1.7.x before 1.7.33 does not properly initialize padding at the end of an Rx acknowledgement (ACK) packet, which allows remote attackers to obtain sensitive information by (1) conducting a replay attack or (2) sniffing the network. | 5.0 |
2015-11-06 | CVE-2015-7762 | Openafs Debian | Information Exposure vulnerability in multiple products rx/rx.c in OpenAFS before 1.6.15 and 1.7.x before 1.7.33 does not properly initialize the padding of a data structure when constructing an Rx acknowledgement (ACK) packet, which allows remote attackers to obtain sensitive information by (1) conducting a replay attack or (2) sniffing the network. | 5.0 |
2015-11-06 | CVE-2015-6855 | Qemu Debian Fedoraproject Suse Canonical Arista | Divide By Zero vulnerability in multiple products hw/ide/core.c in QEMU does not properly restrict the commands accepted by an ATAPI device, which allows guest users to cause a denial of service or possibly have unspecified other impact via certain IDE commands, as demonstrated by a WIN_READ_NATIVE_MAX command to an empty drive, which triggers a divide-by-zero error and instance crash. | 5.0 |
2015-11-06 | CVE-2015-7770 | Dell | Improper Input Validation vulnerability in Dell Sonicwall Totalsecure TZ 100 Firmware Dell SonicWall TotalSecure TZ 100 devices with firmware before 5.9.1.0-22o allow remote attackers to cause a denial of service via a crafted packet. | 5.0 |
2015-11-05 | CVE-2015-7197 | Mozilla | Permissions, Privileges, and Access Controls vulnerability in Mozilla Firefox and Firefox ESR Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 improperly control the ability of a web worker to create a WebSocket object, which allows remote attackers to bypass intended mixed-content restrictions via crafted JavaScript code. | 5.0 |
2015-11-05 | CVE-2015-7195 | Mozilla | Information Exposure vulnerability in Mozilla Firefox The URL parsing implementation in Mozilla Firefox before 42.0 improperly recognizes escaped characters in hostnames within Location headers, which allows remote attackers to obtain sensitive information via vectors involving a redirect. | 5.0 |
2015-11-05 | CVE-2015-7190 | Mozilla | Information Exposure vulnerability in Mozilla Firefox The Search feature in Mozilla Firefox before 42.0 on Android through 4.4 supports search-engine URL registration through an intent and can access this URL in a privileged context in conjunction with the crash reporter, which allows attackers to read log files and visit file: URLs of HTML documents via a crafted application. | 5.0 |
2015-11-04 | CVE-2015-6355 | Cisco | Information Exposure vulnerability in Cisco Unified Computing System 2.2(5B)A The web interface in Cisco Unified Computing System (UCS) 2.2(5b)A on blade servers allows remote attackers to obtain potentially sensitive version information by visiting an unspecified URL, aka Bug ID CSCuw87226. | 5.0 |
2015-11-04 | CVE-2015-6029 | HP | 7PK - Security Features vulnerability in HP Arcsight Logger 6.0.0.7307.1 HP ArcSight Logger before 6.0 P2 does not limit attempts to authenticate to the SOAP interface, which makes it easier for remote attackers to obtain access via a brute-force approach. | 5.0 |
2015-11-03 | CVE-2015-8074 | Information Exposure vulnerability in Google Android mediaserver in Android before 5.1.1 LMY48X allows remote attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via unknown vectors, aka internal bugs 23540907 and 23515142, a different vulnerability than CVE-2015-6611. | 5.0 | |
2015-11-03 | CVE-2015-6611 | Information Exposure vulnerability in Google Android mediaserver in Android before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows remote attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via unknown vectors, aka internal bugs 23905951, 23912202, 23953967, 23696300, 23600291, 23756261, 23541506, 23284974, 23542351, and 23542352, a different vulnerability than CVE-2015-8074. | 5.0 | |
2015-11-08 | CVE-2015-4928 | Apache IBM | Information Exposure vulnerability in Apache Ambari Apache Ambari before 2.1, as used in IBM Infosphere BigInsights 4.x before 4.1, includes cleartext passwords on a Configs screen, which allows physically proximate attackers to obtain sensitive information by reading password fields. | 4.3 |
2015-11-08 | CVE-2015-2017 | IBM | HTTP Response Splitting vulnerability in Multiple IBM Products CRLF injection vulnerability in IBM WebSphere Application Server (WAS) 6.1 through 6.1.0.47, 7.0 before 7.0.0.39, 8.0 before 8.0.0.12, and 8.5 before 8.5.5.8 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL. | 4.3 |
2015-11-08 | CVE-2015-1995 | IBM | Cross-site Scripting vulnerability in IBM Security Qradar Incident Forensics Multiple cross-site scripting (XSS) vulnerabilities in IBM Security QRadar Incident Forensics 7.2.x before 7.2.5 Patch 5 allow remote attackers to inject arbitrary web script or HTML via a crafted URL. | 4.3 |
2015-11-06 | CVE-2015-7697 | Canonical Debian Unzip Project | Resource Management Errors vulnerability in multiple products Info-ZIP UnZip 6.0 allows remote attackers to cause a denial of service (infinite loop) via empty bzip2 data in a ZIP archive. | 4.3 |
2015-11-05 | CVE-2015-7191 | Mozilla | Cross-site Scripting vulnerability in Mozilla Firefox Mozilla Firefox before 42.0 on Android improperly restricts URL strings in intents, which allows attackers to conduct cross-site scripting (XSS) attacks via vectors involving an intent: URL and fallback navigation, aka "Universal XSS (UXSS)." | 4.3 |
2015-11-05 | CVE-2015-7187 | Mozilla | 7PK - Security Features vulnerability in Mozilla Firefox The Add-on SDK in Mozilla Firefox before 42.0 misinterprets a "script: false" panel setting, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via inline JavaScript code that is executed within a third-party extension. | 4.3 |
2015-11-05 | CVE-2015-7186 | Mozilla | Information Exposure vulnerability in Mozilla Firefox Mozilla Firefox before 42.0 on Android allows user-assisted remote attackers to bypass the Same Origin Policy and trigger (1) a download or (2) cached profile-data reading via a file: URL in a saved HTML document. | 4.3 |
2015-11-05 | CVE-2015-7185 | Mozilla | 7PK - Security Features vulnerability in Mozilla Firefox Mozilla Firefox before 42.0 on Android does not ensure that the address bar is restored upon fullscreen-mode exit, which allows remote attackers to spoof the address bar via crafted JavaScript code. | 4.3 |
2015-11-05 | CVE-2015-4518 | Mozilla | Cross-site Scripting vulnerability in Mozilla Firefox The Reader View implementation in Mozilla Firefox before 42.0 has an improper whitelist, which makes it easier for remote attackers to bypass the Content Security Policy (CSP) protection mechanism and conduct cross-site scripting (XSS) attacks via vectors involving SVG animations and the about:reader URL. | 4.3 |
2015-11-05 | CVE-2015-4515 | Mozilla | Information Exposure vulnerability in Mozilla Firefox Mozilla Firefox before 42.0, when NTLM v1 is enabled for HTTP authentication, allows remote attackers to obtain sensitive hostname information by constructing a crafted web site that sends an NTLM request and reads the Workstation field of an NTLM type 3 message. | 4.3 |
2015-11-04 | CVE-2015-6356 | Cisco | Cross-site Scripting vulnerability in Cisco Socialminer 10.0(1) Cross-site scripting (XSS) vulnerability in the WeChat page in Cisco Social Miner 10.0(1) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCuw60212. | 4.3 |
2015-11-02 | CVE-2015-8038 | Fortinet | Cross-site Scripting vulnerability in Fortinet Fortimanager Firmware Multiple cross-site scripting (XSS) vulnerabilities in the Graphical User Interface (GUI) in Fortinet FortiManager before 5.2.4 allow remote attackers to inject arbitrary web script or HTML via the (1) sharedjobmanager or (2) SOMServiceObjDialog. | 4.3 |
2015-11-02 | CVE-2015-8037 | Fortinet | Cross-site Scripting vulnerability in Fortinet Fortimanager Firmware Multiple cross-site scripting (XSS) vulnerabilities in the Graphical User Interface (GUI) in Fortinet FortiManager before 5.2.4 allow remote attackers to inject arbitrary web script or HTML via the (1) SOMVpnSSLPortalDialog or (2) FGDMngUpdHistory. | 4.3 |
2015-11-08 | CVE-2015-7395 | IBM | Improper Access Control vulnerability in IBM products IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX005, and 7.6.0 before 7.6.0.2 FP002; Maximo Asset Management 7.5.0 before 7.5.0.8 IFIX005, 7.5.1, and 7.6.0 before 7.6.0.2 FP002 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allow remote authenticated users to bypass intended work-order change restrictions via unspecified vectors. | 4.0 |
2015-11-06 | CVE-2014-9749 | Squid Cache Opensuse | Permissions, Privileges, and Access Controls vulnerability in multiple products Squid 3.4.4 through 3.4.11 and 3.5.0.1 through 3.5.1, when Digest authentication is used, allow remote authenticated users to retain access by leveraging a stale nonce, aka "Nonce replay vulnerability." | 4.0 |
5 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2015-11-02 | CVE-2015-3186 | Apache | Cross-site Scripting vulnerability in Apache Ambari Cross-site scripting (XSS) vulnerability in Apache Ambari before 2.1.0 allows remote authenticated cluster operator users to inject arbitrary web script or HTML via the note field in a configuration change. | 3.5 |
2015-11-08 | CVE-2015-5044 | IBM | Improper Input Validation vulnerability in IBM Qradar Security Information and Event Manager The Flow Collector in IBM Security QRadar QFLOW 7.1.x before 7.1 MR2 Patch 11 IF3 and 7.2.x before 7.2.5 Patch 4 IF3 allows remote attackers to cause a denial of service via unspecified packets. | 3.3 |
2015-11-08 | CVE-2015-7412 | IBM | Information Exposure vulnerability in IBM Datapower Gateway The GatewayScript modules on IBM DataPower Gateways with software 7.2.0.x before 7.2.0.1, when the GatewayScript decryption API or a JWE decrypt action is enabled, do not require signed ciphertext data, which makes it easier for remote attackers to obtain plaintext data via a padding-oracle attack. | 2.6 |
2015-11-08 | CVE-2015-4940 | Apache IBM | Information Exposure vulnerability in Apache Ambari Apache Ambari before 2.1, as used in IBM Infosphere BigInsights 4.x before 4.1, stores a cleartext BigSheets password in a configuration file, which allows local users to obtain sensitive information by reading this file. | 2.1 |
2015-11-08 | CVE-2015-1996 | IBM | Information Exposure vulnerability in IBM Security Qradar Incident Forensics IBM Security QRadar Incident Forensics 7.2.x before 7.2.5 Patch 5 does not prevent caching of HTTPS responses, which allows physically proximate attackers to obtain sensitive local-cache information by leveraging an unattended workstation. | 2.1 |