Weekly Vulnerabilities Reports > November 16 to 22, 2015

Overview

81 new vulnerabilities reported during this period, including 6 critical vulnerabilities and 15 high severity vulnerabilities. This weekly summary report vulnerabilities in 81 products from 45 vendors including Cisco, Canonical, Linux, Debian, and Apple. Vulnerabilities are notably categorized as "Improper Input Validation", "Information Exposure", "Cross-site Scripting", "Permissions, Privileges, and Access Controls", and "Improper Restriction of Operations within the Bounds of a Memory Buffer".

  • 65 reported vulnerabilities are remotely exploitables.
  • 7 reported vulnerabilities have public exploit available.
  • 14 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 73 reported vulnerabilities are exploitable by an anonymous user.
  • Cisco has the most reported vulnerabilities, with 11 reported vulnerabilities.
  • Google has the most reported critical vulnerabilities, with 1 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

6 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2015-11-21 CVE-2015-7912 Tibbo Unspecified vulnerability in Tibbo Aggregate 5.21.02

The Ice Faces servlet in ag_server_service.exe in the AggreGate Server Service in Tibbo AggreGate before 5.30.06 allows remote attackers to upload and execute arbitrary Java code via a crafted XML document.

10.0
2015-11-19 CVE-2015-8236 Arista Permissions, Privileges, and Access Controls vulnerability in Arista EOS

Arista EOS before 4.11.12, 4.12 before 4.12.11, 4.13 before 4.13.14M, 4.14 before 4.14.5FX.5, and 4.15 before 4.15.0FX1.1 allows remote attackers to execute arbitrary code as root by leveraging management-plane access, aka Bug 138716.

10.0
2015-11-18 CVE-2015-8051 Adobe Security vulnerability in Adobe Premiere Clip

The Adobe Premiere Clip app before 1.2.1 for iOS mishandles unspecified input, which has unknown impact and attack vectors.

10.0
2015-11-17 CVE-2015-8221 Google Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Google Picasa

Integer overflow in Google Picasa before 3.9.140 Build 259 allows remote attackers to execute arbitrary code via the CAMF section in a FOVb image, which triggers a heap-based buffer overflow.

10.0
2015-11-21 CVE-2015-7289 Arris Credentials Management vulnerability in Arris NA Model 862 GW Mono Firmware

Arris DG860A, TG862A, and TG862G devices with firmware TS0703128_100611 through TS0705125D_031115 have a hardcoded administrator password derived from a serial number, which makes it easier for remote attackers to obtain access via the web management interface, SSH, TELNET, or SNMP.

9.3
2015-11-17 CVE-2015-7805 Opensuse
Mega Nerd
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Heap-based buffer overflow in libsndfile 1.0.25 allows remote attackers to have unspecified impact via the headindex value in the header in an AIFF file.

9.3

15 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2015-11-19 CVE-2015-8083 Huawei Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Huawei Espace Firmware

An unspecified module in Huawei eSpace U1910, U1911, U1930, U1960, U1980, and U1981 unified gateways with software before V200R003C00SPC300 does not properly initialize memory when processing timeout messages, which allows remote attackers to cause a denial of service (out-of-bounds memory access and device restart) via unknown vectors.

7.8
2015-11-19 CVE-2015-7910 Exemys Improper Access Control vulnerability in Exemys Telemetry web Server

Exemys Telemetry Web Server relies on an HTTP Location header to indicate that a client is unauthorized, which allows remote attackers to bypass intended access restrictions by disregarding this header and processing the response body.

7.8
2015-11-22 CVE-2015-7036 Apple Improper Input Validation vulnerability in Apple Iphone OS and mac OS X

The fts3_tokenizer function in SQLite, as used in Apple iOS before 8.4 and OS X before 10.10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a SQL command that triggers an API call with a crafted pointer value in the second argument.

7.5
2015-11-18 CVE-2015-4852 Oracle Command Injection vulnerability in Oracle Virtual Desktop Infrastructure and Weblogic Server

The WLS Security component in Oracle WebLogic Server 10.3.6.0, 12.1.2.0, 12.1.3.0, and 12.2.1.0 allows remote attackers to execute arbitrary commands via a crafted serialized Java object in T3 protocol traffic to TCP port 7001, related to oracle_common/modules/com.bea.core.apache.commons.collections.jar.

7.5
2015-11-17 CVE-2015-8220 Solarwinds Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Solarwinds Dameware Mini Remote Control

Stack-based buffer overflow in the URI handler in DWRCC.exe in SolarWinds DameWare Mini Remote Control before 12.0 HotFix 1 allows remote attackers to execute arbitrary code via a crafted commandline argument in a link.

7.5
2015-11-17 CVE-2015-8219 Ffmpeg Improper Input Validation vulnerability in Ffmpeg

The init_tile function in libavcodec/jpeg2000dec.c in FFmpeg before 2.8.2 does not enforce minimum-value and maximum-value constraints on tile coordinates, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JPEG 2000 data.

7.5
2015-11-17 CVE-2015-8217 Ffmpeg Improper Input Validation vulnerability in Ffmpeg

The ff_hevc_parse_sps function in libavcodec/hevc_ps.c in FFmpeg before 2.8.2 does not validate the Chroma Format Indicator, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted High Efficiency Video Coding (HEVC) data.

7.5
2015-11-17 CVE-2015-8216 Ffmpeg Code vulnerability in Ffmpeg

The ljpeg_decode_yuv_scan function in libavcodec/mjpegdec.c in FFmpeg before 2.8.2 omits certain width and height checks, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted MJPEG data.

7.5
2015-11-16 CVE-2015-7897 Samsung Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Samsung Galaxy S6

The media scanning functionality in the face recognition library in android.media.process in Samsung Galaxy S6 Edge before G925VVRU4B0G9 allows remote attackers to gain privileges or cause a denial of service (memory corruption) via a crafted BMP image file.

7.5
2015-11-16 CVE-2015-7816 Matomo Unspecified vulnerability in Matomo

The DisplayTopKeywords function in plugins/Referrers/Controller.php in Piwik before 2.15.0 allows remote attackers to conduct PHP object injection attacks, conduct Server-Side Request Forgery (SSRF) attacks, and execute arbitrary PHP code via a crafted HTTP header.

7.5
2015-11-16 CVE-2015-7815 Matomo Path Traversal vulnerability in Matomo

Directory traversal vulnerability in core/ViewDataTable/Factory.php in Piwik before 2.15.0 allows remote attackers to include and execute arbitrary local files via the viewDataTable parameter.

7.5
2015-11-21 CVE-2015-7913 Tibbo Unspecified vulnerability in Tibbo Aggregate 5.21.02

ag_server_service.exe in the AggreGate Server Service in Tibbo AggreGate before 5.30.06 allows local users to execute arbitrary Java code with SYSTEM privileges by using the Apache Axis AdminService deployment method to publish a class.

7.2
2015-11-19 CVE-2015-0794 Opensuse
Dracut Project
Link Following vulnerability in multiple products

modules.d/90crypt/module-setup.sh in the dracut package before 037-17.30.1 in openSUSE 13.2 allows local users to have unspecified impact via a symlink attack on /tmp/dracut_block_uuid.map.

7.2
2015-11-19 CVE-2015-6370 Cisco OS Command Injection vulnerability in Cisco Firepower Extensible Operating System 1.1(1.160)

The Management I/O (MIO) component in Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower 9000 devices allows local users to execute arbitrary OS commands as root via crafted CLI input, aka Bug ID CSCux10578.

7.2
2015-11-17 CVE-2015-5602 Sudo Project Permissions, Privileges, and Access Controls vulnerability in Sudo Project Sudo

sudoedit in Sudo before 1.8.15 allows local users to gain privileges via a symlink attack on a file whose full path is defined using multiple wildcards in /etc/sudoers, as demonstrated by "/home/*/*/file.txt."

7.2

54 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2015-11-16 CVE-2015-2925 Linux 7PK - Security Features vulnerability in Linux Kernel

The prepend_path function in fs/dcache.c in the Linux kernel before 4.2.4 does not properly handle rename actions inside a bind mount, which allows local users to bypass an intended container protection mechanism by renaming a directory, related to a "double-chroot attack."

6.9
2015-11-21 CVE-2015-7291 Arris Cross-Site Request Forgery (CSRF) vulnerability in Arris NA Model 862 GW Mono Firmware

Cross-site request forgery (CSRF) vulnerability in adv_pwd_cgi in the web management interface on Arris DG860A, TG862A, and TG862G devices with firmware TS0703128_100611 through TS0705125D_031115 allows remote attackers to hijack the authentication of arbitrary users.

6.8
2015-11-21 CVE-2015-6376 Cisco Cross-Site Request Forgery (CSRF) vulnerability in Cisco Telepresence Video Communication Server Software X8.5.1

Cross-site request forgery (CSRF) vulnerability in Cisco TelePresence Video Communication Server (VCS) X8.5.1 allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuv72412.

6.8
2015-11-19 CVE-2015-7984 Horde
Debian
Cross-Site Request Forgery (CSRF) vulnerability in multiple products

Multiple cross-site request forgery (CSRF) vulnerabilities in Horde before 5.2.8, Horde Groupware before 5.2.11, and Horde Groupware Webmail Edition before 5.2.11 allow remote attackers to hijack the authentication of administrators for requests that execute arbitrary (1) commands via the cmd parameter to admin/cmdshell.php, (2) SQL queries via the sql parameter to admin/sqlshell.php, or (3) PHP code via the php parameter to admin/phpshell.php.

6.8
2015-11-18 CVE-2015-7942 HP
Debian
Apple
Canonical
Xmlsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

The xmlParseConditionalSections function in parser.c in libxml2 does not properly skip intermediary entities when it stops parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via crafted XML data, a different vulnerability than CVE-2015-7941.

6.8
2015-11-18 CVE-2015-5999 D Link Cross-Site Request Forgery (CSRF) vulnerability in D-Link Dir-816L Firmware 2.05.B02

Multiple cross-site request forgery (CSRF) vulnerabilities in the D-Link DIR-816L Wireless Router with firmware before 2.06.B09_BETA allow remote attackers to hijack the authentication of administrators for requests that (1) change the admin password, (2) change the network policy, or (3) possibly have other unspecified impact via crafted requests to hedwig.cgi and pigwidgeon.cgi.

6.8
2015-11-18 CVE-2015-6373 Cisco Cross-Site Request Forgery (CSRF) vulnerability in Cisco Firepower Extensible Operating System 1.1(1.160)

Cross-site request forgery (CSRF) vulnerability in Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower 9000 devices allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCux10611.

6.8
2015-11-18 CVE-2015-6357 Cisco Improper Input Validation vulnerability in Cisco Firesight System Software

The rule-update feature in Cisco FireSIGHT Management Center (MC) 5.2 through 5.4.0.1 does not verify the X.509 certificate of the support.sourcefire.com SSL server, which allows man-in-the-middle attackers to spoof this server and provide an invalid package, and consequently execute arbitrary code, via a crafted certificate, aka Bug ID CSCuw06444.

6.8
2015-11-18 CVE-2015-6330 Cisco Cross-Site Request Forgery (CSRF) vulnerability in Cisco Prime Collaboration Assurance 10.5.1/10.6.0

Cross-site request forgery (CSRF) vulnerability in Cisco Prime Collaboration Assurance 10.5(1) and 10.6 allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCus62712.

6.8
2015-11-17 CVE-2015-8218 Ffmpeg Improper Input Validation vulnerability in Ffmpeg

The decode_uncompressed function in libavcodec/faxcompr.c in FFmpeg before 2.8.2 does not validate uncompressed runs, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted CCITT FAX data.

6.8
2015-11-20 CVE-2015-7773 Bastian Allgeier Arbitrary File Creation vulnerability in Kirby

Unrestricted file upload vulnerability in the Panel component in Bastian Allgeier Kirby before 2.1.2 allows remote authenticated users to execute arbitrary PHP code by uploading a file that lacks an extension, and then renaming this file to have a .php extension.

6.5
2015-11-16 CVE-2015-7712 Atutor Unspecified vulnerability in Atutor

Multiple eval injection vulnerabilities in mods/_standard/gradebook/edit_marks.php in ATutor 2.2 and earlier allow remote authenticated users with the AT_PRIV_GRADEBOOK privilege to execute arbitrary PHP code via the (1) asc or (2) desc parameter.

6.5
2015-11-16 CVE-2014-9752 Atutor Unspecified vulnerability in Atutor

Unrestricted file upload vulnerability in mods/_core/properties/lib/course.inc.php in ATutor before 2.2 patch 6 allows remote authenticated users to execute arbitrary PHP code by uploading a file with a PHP extension as a customicon for a new course, then accessing it via a direct request to the file in content/.

6.5
2015-11-17 CVE-2015-5301 Ipsilon Project Permissions, Privileges, and Access Controls vulnerability in Ipsilon Project Ipsilon

providers/saml2/admin.py in the Identity Provider (IdP) server in Ipsilon 0.1.0 before 1.0.2 and 1.1.x before 1.1.1 does not properly check permissions, which allows remote authenticated users to cause a denial of service by deleting a SAML2 Service Provider (SP).

5.5
2015-11-19 CVE-2015-8087 Huawei Resource Management Errors vulnerability in Huawei NE Router Software

Huawei NE20E-S, NE40E-M, and NE40E-M2 routers with software before V800R007C10SPC100 and NE40E and NE80E routers with software before V800R007C00SPC100 allows remote attackers to send packets to other VPNs and conduct flooding attacks via a crafted MPLS forwarding packet, aka a "VPN routing and forwarding (VRF) hopping vulnerability."

5.0
2015-11-19 CVE-2015-7845 Huawei Improper Input Validation vulnerability in Huawei Espace Firmware

The exception handling mechanism in the CLI Module in Huawei eSpace U1910, U1911, U1930, U1960, U1980, and U1981 unified gateways with software before V100R001C20SPH605 allows remote attackers to cause a denial of service (CLI outage) via crafted SSH packets.

5.0
2015-11-19 CVE-2014-9756 Libsndfile Project
Canonical
Opensuse
Divide BY Zero vulnerability in multiple products

The psf_fwrite function in file_io.c in libsndfile allows attackers to cause a denial of service (divide-by-zero error and application crash) via unspecified vectors related to the headindex variable.

5.0
2015-11-19 CVE-2015-6368 Cisco Information Exposure vulnerability in Cisco Firepower Extensible Operating System 1.1(1.160)

Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower 9000 devices allows remote attackers to read files via a crafted HTTP request, aka Bug ID CSCux10608.

5.0
2015-11-18 CVE-2015-8023 Canonical
Strongswan
Improper Input Validation vulnerability in multiple products

The server implementation of the EAP-MSCHAPv2 protocol in the eap-mschapv2 plugin in strongSwan 4.2.12 through 5.x before 5.3.4 does not properly validate local state, which allows remote attackers to bypass authentication via an empty Success message in response to an initial Challenge message.

5.0
2015-11-17 CVE-2015-7998 Citrix Information Exposure vulnerability in Citrix products

The administration UI in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.1 Build 133.9, 10.5 before Build 58.11, and 10.5.e before Build 56.1505.e on NetScaler Service Delivery Appliance Service VM (SVM) devices allows attackers to obtain sensitive information via unspecified vectors.

5.0
2015-11-17 CVE-2015-7996 Citrix Information Exposure vulnerability in Citrix products

The Nitro API in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.1 Build 133.9, 10.5 before Build 58.11, and 10.5.e before Build 56.1505.e on NetScaler Service Delivery Appliance Service VM (SVM) devices allow attackers to obtain credentials via the browser cache.

5.0
2015-11-17 CVE-2015-7995 Apple
Xmlsoft
Remote Denial of Service vulnerability in libxslt 'libxslt/preproc.c' Type Confusion

The xsltStylePreCompute function in preproc.c in libxslt 1.1.28 does not check if the parent node is an element, which allows attackers to cause a denial of service via a crafted XML file, related to a "type confusion" issue.

5.0
2015-11-17 CVE-2015-5311 Powerdns Improper Input Validation vulnerability in Powerdns Authoritative 3.4.4/3.4.5/3.4.6

PowerDNS (aka pdns) Authoritative Server 3.4.4 before 3.4.7 allows remote attackers to cause a denial of service (assertion failure and server crash) via crafted query packets.

5.0
2015-11-17 CVE-2015-5276 GNU Information Exposure vulnerability in GNU GCC

The std::random_device class in libstdc++ in the GNU Compiler Collection (aka GCC) before 4.9.4 does not properly handle short reads from blocking sources, which makes it easier for context-dependent attackers to predict the random values via unspecified vectors.

5.0
2015-11-17 CVE-2015-0272 Gnome Improper Input Validation vulnerability in Gnome Networkmanager

GNOME NetworkManager allows remote attackers to cause a denial of service (IPv6 traffic disruption) via a crafted MTU value in an IPv6 Router Advertisement (RA) message, a different vulnerability than CVE-2015-8215.

5.0
2015-11-16 CVE-2015-8215 Linux Improper Input Validation vulnerability in Linux Kernel

net/ipv6/addrconf.c in the IPv6 stack in the Linux kernel before 4.0 does not validate attempted changes to the MTU value, which allows context-dependent attackers to cause a denial of service (packet loss) via a value that is (1) smaller than the minimum compliant value or (2) larger than the MTU of an interface, as demonstrated by a Router Advertisement (RA) message that is not validated by a daemon, a different vulnerability than CVE-2015-0272.

5.0
2015-11-19 CVE-2015-6369 Cisco Improper Input Validation vulnerability in Cisco Firepower Extensible Operating System 1.1(1.160)

The USB driver in Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower 9000 devices allows physically proximate attackers to cause a denial of service via a crafted USB device that triggers invalid USB commands, aka Bug ID CSCux10531.

4.9
2015-11-17 CVE-2015-7812 XEN 7PK - Security Features vulnerability in XEN

The hypercall_create_continuation function in arch/arm/domain.c in Xen 4.4.x through 4.6.x allows local guest users to cause a denial of service (host crash) via a preemptible hypercall to the multicall interface.

4.9
2015-11-16 CVE-2015-5307 Linux
XEN
Oracle
Debian
Canonical
Resource Management Errors vulnerability in Linux Kernel

The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host OS panic or hang) by triggering many #AC (aka Alignment Check) exceptions, related to svm.c and vmx.c.

4.9
2015-11-16 CVE-2015-5257 Linux Local Denial of Service vulnerability in Linux Kernel 'drivers/usb/serial/whiteheat.c'

drivers/usb/serial/whiteheat.c in the Linux kernel before 4.2.4 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact via a crafted USB device.

4.9
2015-11-16 CVE-2015-8104 XEN
Oracle
Linux
Debian
Canonical
Resource Management Errors vulnerability in multiple products

The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host OS panic or hang) by triggering many #DB (aka Debug) exceptions, related to svm.c.

4.7
2015-11-17 CVE-2015-8222 Canonical Permissions, Privileges, and Access Controls vulnerability in Canonical Ubuntu Linux 15.10

The lxd-unix.socket systemd unit file in the Ubuntu lxd package before 0.20-0ubuntu4.1 uses world-readable permissions for /var/lib/lxd/unix.socket, which allows local users to gain privileges via unspecified vectors.

4.6
2015-11-16 CVE-2015-7312 Linux
Canonical
Debian
USE After Free vulnerability in multiple products

Multiple race conditions in the Advanced Union Filesystem (aufs) aufs3-mmap.patch and aufs4-mmap.patch patches for the Linux kernel 3.x and 4.x allow local users to cause a denial of service (use-after-free and BUG) or possibly gain privileges via a (1) madvise or (2) msync system call, related to mm/madvise.c and mm/msync.c.

4.4
2015-11-22 CVE-2015-5859 Apple Information Exposure vulnerability in Apple Iphone OS and mac OS X

The CFNetwork HTTPProtocol component in Apple iOS before 9 and OS X before 10.11 does not properly recognize the HSTS preload list during a Safari private-browsing session, which makes it easier for remote attackers to obtain sensitive information by sniffing the network.

4.3
2015-11-22 CVE-2015-5787 Apple Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS

The kernel in Apple iOS before 8.4.1 does not properly restrict debugging features, which allows attackers to bypass background-execution limitations via a crafted app.

4.3
2015-11-21 CVE-2015-7777 Void Project Cross-Site Scripting vulnerability in Void Project Void

Cross-site scripting (XSS) vulnerability in index.php in JosephErnest Void before 2015-10-02 allows remote attackers to inject arbitrary web script or HTML via a crafted URI.

4.3
2015-11-21 CVE-2015-7290 Arris Cross-Site Scripting vulnerability in Arris NA Model 862 GW Mono Firmware

Cross-site scripting (XSS) vulnerability in adv_pwd_cgi in the web management interface on Arris DG860A, TG862A, and TG862G devices with firmware TS0703128_100611 through TS0705125D_031115 allows remote attackers to inject arbitrary web script or HTML via the pwd parameter.

4.3
2015-11-21 CVE-2009-5149 Arris Credentials Management vulnerability in Arris NA Model 862 GW Mono Firmware

Arris DG860A, TG862A, and TG862G devices with firmware TS0703128_100611 through TS0705125D_031115 have predictable technician passwords, which makes it easier for remote attackers to obtain access via the web management interface, related to a "password of the day" issue.

4.3
2015-11-20 CVE-2015-7772 Newphoria Corporation Cross-Site Scripting vulnerability in Newphoria Corporation Applican

Cross-site scripting (XSS) vulnerability in the runtime engine in the Newphoria applican framework before 1.13.0 for Android and iOS allows remote attackers to inject arbitrary web script or HTML via a crafted URL that triggers WebView anchor attachment in an applican application, a different vulnerability than CVE-2015-7771.

4.3
2015-11-20 CVE-2015-7771 Newphoria Corporation Cross-Site Scripting vulnerability in Newphoria Corporation Applican

Cross-site scripting (XSS) vulnerability in the runtime engine in the Newphoria applican framework before 1.13.0 for Android and iOS allows remote attackers to inject arbitrary web script or HTML via a crafted SSID that is encountered by an applican application, a different vulnerability than CVE-2015-7772.

4.3
2015-11-19 CVE-2015-7385 Open Xchange Cross-Site Scripting vulnerability in Open-Xchange OX Guard 2.0.0

Cross-site scripting (XSS) vulnerability in Open-Xchange OX Guard before 2.0.0-rev11 allows remote attackers to inject arbitrary web script or HTML via the uid field in a PGP public key, which is not properly handled in "Guard PGP Settings."

4.3
2015-11-19 CVE-2015-4112 Blackberry 7PK - Security Features vulnerability in Blackberry Enterprise Server 12.0/12.1

The Management Console in BlackBerry Enterprise Server (BES) 12 before 12.2 does not properly restrict use of FRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site, related to a "cross frame scripting" issue.

4.3
2015-11-19 CVE-2015-6374 Cisco Improper Input Validation vulnerability in Cisco Firepower Extensible Operating System 1.1(1.160)

The web interface in Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower 9000 devices does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, aka Bug ID CSCux10604.

4.3
2015-11-18 CVE-2015-8053 Adobe Cross-Site Scripting vulnerability in Adobe Coldfusion 10.0/11.0

Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 10 before Update 18 and 11 before Update 7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-8052.

4.3
2015-11-18 CVE-2015-8052 Adobe Cross-Site Scripting vulnerability in Adobe Coldfusion 10.0/11.0

Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 10 before Update 18 and 11 before Update 7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-8053.

4.3
2015-11-18 CVE-2015-5255 HP
Adobe
Improper Input Validation vulnerability in multiple products

Adobe BlazeDS, as used in ColdFusion 10 before Update 18 and 11 before Update 7 and LiveCycle Data Services 3.0.x before 3.0.0.354175, 3.1.x before 3.1.0.354180, 4.5.x before 4.5.1.354177, 4.6.2.x before 4.6.2.354178, and 4.7.x before 4.7.0.354178, allows remote attackers to send HTTP traffic to intranet servers via a crafted XML document, related to a Server-Side Request Forgery (SSRF) issue.

4.3
2015-11-18 CVE-2015-7941 Canonical
Xmlsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

libxml2 2.9.2 does not properly stop parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and libxml2 crash) via crafted XML data to the (1) xmlParseEntityDecl or (2) xmlParseConditionalSections function in parser.c, as demonstrated by non-terminated entities.

4.3
2015-11-18 CVE-2015-6372 Cisco Cross-Site Scripting vulnerability in Cisco Firepower Extensible Operating System 1.1(1.160)

Cross-site scripting (XSS) vulnerability in the web-based management interface in Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower 9000 devices allows remote attackers to inject arbitrary web script or HTML via a crafted value, aka Bug ID CSCux10614.

4.3
2015-11-17 CVE-2015-8232 UC Profile Project Information Exposure vulnerability in UC Profile Project UC Profile 6.X1.1/6.X1.2

The UC Profile module 6.x-1.x before 6.x-1.3 for Drupal does not properly check access to profiles in certain circumstances, which might allow remote attackers to obtain sensitive information from the anonymous user profile via unspecified vectors.

4.3
2015-11-17 CVE-2015-7997 Citrix Cross-Site Scripting vulnerability in Citrix products

Multiple cross-site scripting (XSS) vulnerabilities in the Nitro API in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.1 Build 133.9, 10.5 before Build 58.11, and 10.5.e before Build 56.1505.e on NetScaler Service Delivery Appliance Service VM (SVM) devices allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2015-11-19 CVE-2015-6371 Cisco Information Exposure vulnerability in Cisco Firepower Extensible Operating System 1.1(1.160)

Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower 9000 devices allows remote authenticated users to read arbitrary files via crafted parameters to unspecified scripts, aka Bug ID CSCux10621.

4.0
2015-11-18 CVE-2015-8090 Tibco Information Exposure vulnerability in Tibco Loglogic Unity

The Web Server component in TIBCO LogLogic Unity before 1.1.1 allows remote authenticated users to gain privileges, and consequently obtain sensitive information, via an HTTP request.

4.0
2015-11-18 CVE-2015-5253 Apache Permissions, Privileges, and Access Controls vulnerability in Apache CXF

The SAML Web SSO module in Apache CXF before 2.7.18, 3.0.x before 3.0.7, and 3.1.x before 3.1.3 allows remote authenticated users to bypass authentication via a crafted SAML response with a valid signed assertion, related to a "wrapping attack."

4.0
2015-11-17 CVE-2015-5217 Ipsilon Project Permissions, Privileges, and Access Controls vulnerability in Ipsilon Project Ipsilon

providers/saml2/admin.py in the Identity Provider (IdP) server in Ipsilon 0.1.0 before 1.0.1 does not properly check permissions to update the SAML2 Service Provider (SP) owner, which allows remote authenticated users to cause a denial of service via a duplicate SP name.

4.0

6 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2015-11-16 CVE-2015-2924 Networkmanager Project Improper Input Validation vulnerability in Networkmanager Project Networkmanager

The receive_ra function in rdisc/nm-lndp-rdisc.c in the Neighbor Discovery (ND) protocol implementation in the IPv6 stack in NetworkManager 1.x allows remote attackers to reconfigure a hop-limit setting via a small hop_limit value in a Router Advertisement (RA) message, a similar issue to CVE-2015-2922.

3.3
2015-11-18 CVE-2015-8035 Debian
Xmlsoft
Apple
Canonical
Resource Management Errors vulnerability in multiple products

The xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly detect compression errors, which allows context-dependent attackers to cause a denial of service (process hang) via crafted XML data.

2.6
2015-11-17 CVE-2015-8233 Mayo Project Cross-Site Scripting vulnerability in Mayo Project Mayo

Cross-site scripting (XSS) vulnerability in the MAYO theme 7.x-1.x before 7.x-1.4 and 7.x-2.x before 7.x-2.6 for Drupal allows remote administrators with the "Administer themes" permission to inject arbitrary web script or HTML via unspecified vectors related to theme settings.

2.6
2015-11-21 CVE-2015-6375 Cisco Information Exposure vulnerability in Cisco IOS 15.2(2)E3

The debug-logging (aka debug cns) feature in Cisco Networking Services (CNS) for IOS 15.2(2)E3 allows local users to obtain sensitive information by reading an unspecified file, aka Bug ID CSCux18010.

2.1
2015-11-18 CVE-2015-6847 EMC Information Exposure vulnerability in EMC Vplex Geosynchrony 5.4

The default configuration of EMC VPLEX GeoSynchrony 5.4 SP1 before P3 stores cleartext NAVISPHERE GUI passwords in a log file, which allows local users to obtain sensitive information by reading this file.

2.1
2015-11-16 CVE-2015-7872 Linux Improper Input Validation vulnerability in Linux Kernel

The key_gc_unused_keys function in security/keys/gc.c in the Linux kernel through 4.2.6 allows local users to cause a denial of service (OOPS) via crafted keyctl commands.

2.1