Weekly Vulnerabilities Reports > November 30 to December 6, 2015

Overview

67 new vulnerabilities reported during this period, including 5 critical vulnerabilities and 40 high severity vulnerabilities. This weekly summary report vulnerabilities in 46 products from 16 vendors including Google, Pcre, Fedoraproject, Cisco, and Oracle. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Permissions, Privileges, and Access Controls", "Numeric Errors", "Improper Input Validation", and "Resource Management Errors".

  • 64 reported vulnerabilities are remotely exploitables.
  • 3 reported vulnerabilities have public exploit available.
  • 3 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 67 reported vulnerabilities are exploitable by an anonymous user.
  • Google has the most reported vulnerabilities, with 27 reported vulnerabilities.
  • Google has the most reported critical vulnerabilities, with 3 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

5 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2015-12-06 CVE-2015-8480 Google Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Google Chrome

The VideoFramePool::PoolImpl::CreateFrame function in media/base/video_frame_pool.cc in Google Chrome before 47.0.2526.73 does not initialize memory for a video-frame data structure, which might allow remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspecified other impact by leveraging improper interaction with the vp3_h_loop_filter_c function in libavcodec/vp3dsp.c in FFmpeg.

10.0
2015-12-06 CVE-2015-6787 Google Security vulnerability in Google Chrome

Multiple unspecified vulnerabilities in Google Chrome before 47.0.2526.73 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

10.0
2015-12-06 CVE-2015-6765 Google Multiple Security vulnerability in Google Chrome Prior to 47.0.2526.73

Use-after-free vulnerability in content/browser/appcache/appcache_update_job.cc in Google Chrome before 47.0.2526.73 allows remote attackers to execute arbitrary code or cause a denial of service by leveraging the mishandling of AppCache update jobs.

10.0
2015-12-02 CVE-2015-8024 Mcafee OS Command Injection vulnerability in Mcafee Enterprise Security Manager

McAfee Enterprise Security Manager (ESM), Enterprise Security Manager/Log Manager (ESMLM), and Enterprise Security Manager/Receiver (ESMREC) 9.3.x before 9.3.2MR19, 9.4.x before 9.4.2MR9, and 9.5.x before 9.5.0MR8, when configured to use Active Directory or LDAP authentication sources, allow remote attackers to bypass authentication by logging in with the username "NGCP|NGCP|NGCP;" and any password.

9.3
2015-12-02 CVE-2015-8391 Pcre Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Pcre Perl Compatible Regular Expression Library 8.36/8.37

The pcre_compile function in pcre_compile.c in PCRE before 8.38 mishandles certain [: nesting, which allows remote attackers to cause a denial of service (CPU consumption) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.

9.0

40 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2015-12-05 CVE-2015-6849 EMC Improper Input Validation vulnerability in EMC Networker

EMC NetWorker before 8.0.4.5, 8.1.x before 8.1.3.6, 8.2.x before 8.2.2.2, and 9.0 before build 407 allows remote attackers to cause a denial of service (process outage) via malformed RPC authentication messages.

7.8
2015-12-05 CVE-2015-6391 Cisco Resource Management Errors vulnerability in Cisco Unified SIP Phone 3900 Firmware

Cisco Unified SIP 3905 phones allow remote attackers to cause a denial of service (resource consumption and functionality loss) via a large amount of network traffic, aka Bug ID CSCuh51331.

7.8
2015-12-06 CVE-2015-8479 Google Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Google Chrome

Use-after-free vulnerability in the AudioOutputDevice::OnDeviceAuthorized function in media/audio/audio_output_device.cc in Google Chrome before 47.0.2526.73 allows attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact by triggering access to an unauthorized audio output device.

7.5
2015-12-06 CVE-2015-8478 Google Security vulnerability in Google Chrome

Multiple unspecified vulnerabilities in Google V8 before 4.7.80.23, as used in Google Chrome before 47.0.2526.73, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

7.5
2015-12-06 CVE-2015-6781 Google Numeric Errors vulnerability in Google Chrome

Integer overflow in the FontData::Bound function in data/font_data.cc in Google sfntly, as used in Google Chrome before 47.0.2526.73, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted offset or length value within font data in an SFNT container.

7.5
2015-12-06 CVE-2015-6778 Google Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Google Chrome

The CJBig2_SymbolDict class in fxcodec/jbig2/JBig2_SymbolDict.cpp in PDFium, as used in Google Chrome before 47.0.2526.73, allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspecified other impact via a PDF document containing crafted data with JBIG2 compression.

7.5
2015-12-06 CVE-2015-6777 Google Multiple Security vulnerability in Google Chrome Prior to 47.0.2526.73

Use-after-free vulnerability in the ContainerNode::notifyNodeInsertedInternal function in WebKit/Source/core/dom/ContainerNode.cpp in the DOM implementation in Google Chrome before 47.0.2526.73 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to DOMCharacterDataModified events for certain detached-subtree insertions.

7.5
2015-12-06 CVE-2015-6775 Google Multiple Security vulnerability in Google Chrome Prior to 47.0.2526.73

fpdfsdk/src/jsapi/fxjs_v8.cpp in PDFium, as used in Google Chrome before 47.0.2526.73, does not use signatures, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type confusion." <a href="http://cwe.mitre.org/data/definitions/843.html">CWE-843: Access of Resource Using Incompatible Type ('Type Confusion')</a>

7.5
2015-12-06 CVE-2015-6774 Google Multiple Security vulnerability in Google Chrome Prior to 47.0.2526.73

Use-after-free vulnerability in the GetLoadTimes function in renderer/loadtimes_extension_bindings.cc in the Extensions implementation in Google Chrome before 47.0.2526.73 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that modifies a pointer used for reporting loadTimes data.

7.5
2015-12-06 CVE-2015-6773 Google Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Google Chrome

The convolution implementation in Skia, as used in Google Chrome before 47.0.2526.73, does not properly constrain row lengths, which allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspecified other impact via crafted graphics data.

7.5
2015-12-06 CVE-2015-6772 Google Permissions, Privileges, and Access Controls vulnerability in Google Chrome

The DOM implementation in Blink, as used in Google Chrome before 47.0.2526.73, does not prevent javascript: URL navigation while a document is being detached, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code that improperly interacts with a plugin.

7.5
2015-12-06 CVE-2015-6771 Google Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Google Chrome

js/array.js in Google V8, as used in Google Chrome before 47.0.2526.73, improperly implements certain map and filter operations for arrays, which allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspecified other impact via crafted JavaScript code.

7.5
2015-12-06 CVE-2015-6770 Google Permissions, Privileges, and Access Controls vulnerability in Google Chrome

The DOM implementation in Google Chrome before 47.0.2526.73 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, a different vulnerability than CVE-2015-6768.

7.5
2015-12-06 CVE-2015-6769 Google Permissions, Privileges, and Access Controls vulnerability in Google Chrome

The provisional-load commit implementation in WebKit/Source/bindings/core/v8/WindowProxy.cpp in Google Chrome before 47.0.2526.73 allows remote attackers to bypass the Same Origin Policy by leveraging a delay in window proxy clearing.

7.5
2015-12-06 CVE-2015-6768 Google Permissions, Privileges, and Access Controls vulnerability in Google Chrome

The DOM implementation in Google Chrome before 47.0.2526.73 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, a different vulnerability than CVE-2015-6770.

7.5
2015-12-06 CVE-2015-6767 Google Multiple Security vulnerability in Google Chrome Prior to 47.0.2526.73

Use-after-free vulnerability in content/browser/appcache/appcache_dispatcher_host.cc in the AppCache implementation in Google Chrome before 47.0.2526.73 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging incorrect pointer maintenance associated with certain callbacks.

7.5
2015-12-06 CVE-2015-6766 Google Multiple Security vulnerability in Google Chrome Prior to 47.0.2526.73

Use-after-free vulnerability in the AppCache implementation in Google Chrome before 47.0.2526.73 allows remote attackers with renderer access to cause a denial of service or possibly have unspecified other impact by leveraging incorrect AppCacheUpdateJob behavior associated with duplicate cache selection.

7.5
2015-12-06 CVE-2015-6764 Google Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Google Chrome

The BasicJsonStringifier::SerializeJSArray function in json-stringifier.h in the JSON stringifier in Google V8, as used in Google Chrome before 47.0.2526.73, improperly loads array elements, which allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspecified other impact via crafted JavaScript code.

7.5
2015-12-03 CVE-2015-8078 Opensuse
Cyrus
Numeric Errors vulnerability in multiple products

Integer overflow in the index_urlfetch function in imap/index.c in Cyrus IMAP 2.3.19, 2.4.18, and 2.5.6 allows remote attackers to have unspecified impact via vectors related to urlfetch range checks and the section_offset variable.

7.5
2015-12-03 CVE-2015-8077 Cyrus
Opensuse
Numeric Errors vulnerability in multiple products

Integer overflow in the index_urlfetch function in imap/index.c in Cyrus IMAP 2.3.19, 2.4.18, and 2.5.6 allows remote attackers to have unspecified impact via vectors related to urlfetch range checks and the start_octet variable.

7.5
2015-12-03 CVE-2015-8076 Opensuse
Cyrus
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

The index_urlfetch function in index.c in Cyrus IMAP 2.3.x before 2.3.19, 2.4.x before 2.4.18, 2.5.x before 2.5.4 allows remote attackers to obtain sensitive information or possibly have unspecified other impact via vectors related to the urlfetch range, which triggers an out-of-bounds heap read.

7.5
2015-12-03 CVE-2015-0860 Canonical
Debian
Numeric Errors vulnerability in multiple products

Off-by-one error in the extracthalf function in dpkg-deb/extract.c in the dpkg-deb component in Debian dpkg 1.16.x before 1.16.17 and 1.17.x before 1.17.26 allows remote attackers to execute arbitrary code via the archive magic version number in an "old-style" Debian binary package, which triggers a stack-based buffer overflow.

7.5
2015-12-03 CVE-2015-0859 Debian Code vulnerability in Debian Linux 7.0/8.0

The Debian build procedure for the smokeping package in wheezy before 2.6.8-2+deb7u1 and jessie before 2.6.9-1+deb8u1 does not properly configure the way Apache httpd passes arguments to smokeping_cgi, which allows remote attackers to execute arbitrary code via crafted CGI arguments.

7.5
2015-12-02 CVE-2015-8395 Pcre Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Pcre Perl Compatible Regular Expression Library 8.36/8.37

PCRE before 8.38 mishandles certain references, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8384 and CVE-2015-8392.

7.5
2015-12-02 CVE-2015-8394 Pcre Numeric Errors vulnerability in Pcre Perl Compatible Regular Expression Library 8.36/8.37

PCRE before 8.38 mishandles the (?(<digits>) and (?(R<digits>) conditions, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.

7.5
2015-12-02 CVE-2015-8392 Pcre Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Pcre Perl Compatible Regular Expression Library 8.36/8.37

PCRE before 8.38 mishandles certain instances of the (?| substring, which allows remote attackers to cause a denial of service (unintended recursion and buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8384 and CVE-2015-8395.

7.5
2015-12-02 CVE-2015-8390 Pcre
Fedoraproject
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

PCRE before 8.38 mishandles the [: and \\ substrings in character classes, which allows remote attackers to cause a denial of service (uninitialized memory read) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.

7.5
2015-12-02 CVE-2015-8389 Pcre
Fedoraproject
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

PCRE before 8.38 mishandles the /(?:|a|){100}x/ pattern and related patterns, which allows remote attackers to cause a denial of service (infinite recursion) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.

7.5
2015-12-02 CVE-2015-8388 Oracle
Pcre
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

PCRE before 8.38 mishandles the /(?=di(?<=(?1))|(?=(.))))/ pattern and related patterns with an unmatched closing parenthesis, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.

7.5
2015-12-02 CVE-2015-8387 Pcre
Fedoraproject
Numeric Errors vulnerability in multiple products

PCRE before 8.38 mishandles (?123) subroutine calls and related subroutine calls, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.

7.5
2015-12-02 CVE-2015-8386 Pcre
Fedoraproject
Oracle
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

PCRE before 8.38 mishandles the interaction of lookbehind assertions and mutually recursive subpatterns, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.

7.5
2015-12-02 CVE-2015-8385 Oracle
Pcre
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

PCRE before 8.38 mishandles the /(?|(\k'Pm')|(?'Pm'))/ pattern and related patterns with certain forward references, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.

7.5
2015-12-02 CVE-2015-8384 Pcre Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Pcre Perl Compatible Regular Expression Library 8.36/8.37

PCRE before 8.38 mishandles the /(?J)(?'d'(?'d'\g{d}))/ pattern and related patterns with certain recursive back references, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8392 and CVE-2015-8395.

7.5
2015-12-02 CVE-2015-8383 Pcre
Fedoraproject
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

PCRE before 8.38 mishandles certain repeated conditional groups, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.

7.5
2015-12-02 CVE-2015-8381 Pcre Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Pcre Perl Compatible Regular Expression Library 8.36/8.37

The compile_regex function in pcre_compile.c in PCRE before 8.38 and pcre2_compile.c in PCRE2 before 10.2x mishandles the /(?J:(?|(:(?|(?'R')(\k'R')|((?'R')))H'Rk'Rf)|s(?'R'))))/ and /(?J:(?|(:(?|(?'R')(\z(?|(?'R')(\k'R')|((?'R')))k'R')|((?'R')))H'Ak'Rf)|s(?'R')))/ patterns, and related patterns with certain group references, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.

7.5
2015-12-02 CVE-2015-8380 Pcre
Fedoraproject
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

The pcre_exec function in pcre_exec.c in PCRE before 8.38 mishandles a // pattern with a \01 string, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.

7.5
2015-12-02 CVE-2015-2328 Oracle
Pcre
Data Processing Errors vulnerability in multiple products

PCRE before 8.36 mishandles the /((?(R)a|(?1)))+/ pattern and related patterns with certain recursion, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.

7.5
2015-12-02 CVE-2015-2327 Pcre Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Pcre Perl Compatible Regular Expression Library

PCRE before 8.36 mishandles the /(((a\2)|(a*)\g<-1>))*/ pattern and related patterns with certain internal recursive back references, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.

7.5
2015-12-03 CVE-2015-6383 Cisco Permissions, Privileges, and Access Controls vulnerability in Cisco IOS XE 15.4(3)S

Cisco IOS XE 15.4(3)S on ASR 1000 devices improperly loads software packages, which allows local users to bypass license restrictions and obtain certain root privileges by using the CLI to enter crafted filenames, aka Bug ID CSCuv93130.

7.2
2015-12-01 CVE-2015-6385 Cisco Improper Input Validation vulnerability in Cisco IOS 15.5(2)S/15.5(3)S

The publish-event event-manager feature in Cisco IOS 15.5(2)S and 15.5(3)S on Cloud Services Router 1000V devices allows local users to execute arbitrary commands with root privileges by leveraging administrative access to enter crafted environment variables, aka Bug ID CSCux14943.

7.2

22 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2015-12-06 CVE-2015-6780 Google Multiple Security vulnerability in Google Chrome Prior to 47.0.2526.73

Use-after-free vulnerability in the Infobars implementation in Google Chrome before 47.0.2526.73 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted web site, related to browser/ui/views/website_settings/website_settings_popup_view.cc.

6.8
2015-12-06 CVE-2015-6776 Google Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Google Chrome

The opj_dwt_decode_1* functions in dwt.c in OpenJPEG, as used in PDFium in Google Chrome before 47.0.2526.73, allow remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JPEG 2000 data that is mishandled during a discrete wavelet transform.

6.8
2015-12-02 CVE-2015-8382 Pcre Buffer Errors vulnerability in Pcre Perl Compatible Regular Expression Library 8.36

The match function in pcre_exec.c in PCRE before 8.37 mishandles the /(?:((abcd))|(((?:(?:(?:(?:abc|(?:abcdef))))b)abcdefghi)abc)|((*ACCEPT)))/ pattern and related patterns involving (*ACCEPT), which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (partially initialized memory and application crash) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-2547.

6.4
2015-12-06 CVE-2015-3195 Apple
Oracle
Openssl
Redhat
Canonical
Debian
Opensuse
Suse
Fedoraproject
Information Exposure vulnerability in multiple products

The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q, and 1.0.2 before 1.0.2e mishandles errors caused by malformed X509_ATTRIBUTE data, which allows remote attackers to obtain sensitive information from process memory by triggering a decoding failure in a PKCS#7 or CMS application.

5.0
2015-12-06 CVE-2015-3194 Openssl
Canonical
Debian
Denial of Service vulnerability in OpenSSL

crypto/rsa/rsa_ameth.c in OpenSSL 1.0.1 before 1.0.1q and 1.0.2 before 1.0.2e allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an RSA PSS ASN.1 signature that lacks a mask generation function parameter.

5.0
2015-12-06 CVE-2015-3193 Openssl Information Exposure vulnerability in Openssl

The Montgomery squaring implementation in crypto/bn/asm/x86_64-mont5.pl in OpenSSL 1.0.2 before 1.0.2e on the x86_64 platform, as used by the BN_mod_exp function, mishandles carry propagation and produces incorrect output, which makes it easier for remote attackers to obtain sensitive private-key information via an attack against use of a (1) Diffie-Hellman (DH) or (2) Diffie-Hellman Ephemeral (DHE) ciphersuite.

5.0
2015-12-06 CVE-2015-1794 Openssl Numeric Errors vulnerability in Openssl

The ssl3_get_key_exchange function in ssl/s3_clnt.c in OpenSSL 1.0.2 before 1.0.2e allows remote servers to cause a denial of service (segmentation fault) via a zero p value in an anonymous Diffie-Hellman (DH) ServerKeyExchange message.

5.0
2015-12-05 CVE-2015-6388 Cisco Security Bypass vulnerability in Cisco Unified Computing System Central Software 1.3(0.1)

Cisco Unified Computing System (UCS) Central software 1.3(0.1) allows remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted request, aka Bug ID CSCux33575.

5.0
2015-12-02 CVE-2015-8393 Pcre
Fedoraproject
Information Exposure vulnerability in multiple products

pcregrep in PCRE before 8.38 mishandles the -q option for binary files, which might allow remote attackers to obtain sensitive information via a crafted file, as demonstrated by a CGI script that sends stdout data to a client.

5.0
2015-12-01 CVE-2015-6386 Cisco Resource Management Errors vulnerability in Cisco web Security Appliance 8.0.7142/8.5.1021

The passthrough FTP feature on Cisco Web Security Appliance (WSA) devices with software 8.0.7-142 and 8.5.1-021 allows remote attackers to cause a denial of service (CPU consumption) via FTP sessions in which the control connection is ended after data transfer, aka Bug ID CSCut94150.

5.0
2015-12-05 CVE-2015-6394 Cisco Resource Management Errors vulnerability in Cisco Nx-Os 5.2(9)N1(1)

The kernel in Cisco NX-OS 5.2(9)N1(1) on Nexus 5000 devices allows local users to cause a denial of service (device crash) via crafted USB parameters, aka Bug ID CSCus89408.

4.9
2015-12-06 CVE-2015-3196 HP
Openssl
Oracle
Fedoraproject
Redhat
Canonical
Debian
Race Condition vulnerability in multiple products

ssl/s3_clnt.c in OpenSSL 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1p, and 1.0.2 before 1.0.2d, when used for a multi-threaded client, writes the PSK identity hint to an incorrect data structure, which allows remote servers to cause a denial of service (race condition and double free) via a crafted ServerKeyExchange message.

4.3
2015-12-06 CVE-2015-6786 Google Permissions, Privileges, and Access Controls vulnerability in Google Chrome

The CSPSourceList::matches function in WebKit/Source/core/frame/csp/CSPSourceList.cpp in the Content Security Policy (CSP) implementation in Google Chrome before 47.0.2526.73 accepts a blob:, data:, or filesystem: URL as a match for a * pattern, which allows remote attackers to bypass intended scheme restrictions in opportunistic circumstances by leveraging a policy that relies on this pattern.

4.3
2015-12-06 CVE-2015-6785 Google Permissions, Privileges, and Access Controls vulnerability in Google Chrome

The CSPSource::hostMatches function in WebKit/Source/core/frame/csp/CSPSource.cpp in the Content Security Policy (CSP) implementation in Google Chrome before 47.0.2526.73 accepts an x.y hostname as a match for a *.x.y pattern, which might allow remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging a policy that was intended to be specific to subdomains.

4.3
2015-12-06 CVE-2015-6784 Google Improper Input Validation vulnerability in Google Chrome

The page serializer in Google Chrome before 47.0.2526.73 mishandles Mark of the Web (MOTW) comments for URLs containing a "--" sequence, which might allow remote attackers to inject HTML via a crafted URL, as demonstrated by an initial http://example.com?-- substring.

4.3
2015-12-06 CVE-2015-6783 Google Improper Input Validation vulnerability in Google Android 5.0/6.0

The FindStartOffsetOfFileInZipFile function in crazy_linker_zip.cpp in crazy_linker (aka Crazy Linker) in Android 5.x and 6.x, as used in Google Chrome before 47.0.2526.73, improperly searches for an EOCD record, which allows attackers to bypass a signature-validation requirement via a crafted ZIP archive.

4.3
2015-12-06 CVE-2015-6782 Google Improper Input Validation vulnerability in Google Chrome

The Document::open function in WebKit/Source/core/dom/Document.cpp in Google Chrome before 47.0.2526.73 does not ensure that page-dismissal event handling is compatible with modal-dialog blocking, which makes it easier for remote attackers to spoof Omnibox content via a crafted web site.

4.3
2015-12-06 CVE-2015-6779 Google Permissions, Privileges, and Access Controls vulnerability in Google Chrome

PDFium, as used in Google Chrome before 47.0.2526.73, does not properly restrict use of chrome: URLs, which allows remote attackers to bypass intended scheme restrictions via a crafted PDF document, as demonstrated by a document with a link to a chrome://settings URL.

4.3
2015-12-05 CVE-2015-6387 Cisco Cross-Site Scripting vulnerability in Cisco Unified Computing System Central Software 1.3(0.1)

Cross-site scripting (XSS) vulnerability in Cisco Unified Computing System (UCS) Central Software 1.3(0.1) allows remote attackers to inject arbitrary web script or HTML via a crafted value in a URL, aka Bug ID CSCux33573.

4.3
2015-12-05 CVE-2015-6384 Cisco Permissions, Privileges, and Access Controls vulnerability in Cisco Webex Meetings 8.0Base

The Cisco WebEx Meetings application before 8.5.1 for Android improperly initializes custom application permissions, which allows attackers to bypass intended access restrictions via a crafted application, aka Bug ID CSCuw86442.

4.3
2015-12-03 CVE-2015-5245 Redhat HTTP Response Splitting vulnerability in RedHat Ceph

CRLF injection vulnerability in the Ceph Object Gateway (aka radosgw or RGW) in Ceph before 0.94.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted bucket name.

4.3
2015-12-03 CVE-2015-6390 Cisco Cross-Site Scripting vulnerability in Cisco Unity Connection 9.1(1.10)

Cross-site scripting (XSS) vulnerability in the management interface in Cisco Unity Connection 9.1(1.10) allows remote attackers to inject arbitrary web script or HTML via a crafted value in a URL, aka Bug ID CSCup92741.

4.3

0 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS