Weekly Vulnerabilities Reports > December 7 to 13, 2015
Overview
3 new vulnerabilities reported during this period, including 0 critical vulnerabilities and 3 high severity vulnerabilities. This weekly summary report vulnerabilities in 14 products from 5 vendors including Apple, Oracle, Microsoft, Redhat, and Openldap. Vulnerabilities are notably categorized as and "NULL Pointer Dereference".
- 1 reported vulnerabilities are remotely exploitables.
- 3 reported vulnerabilities are exploitable by an anonymous user.
- Apple has the most reported vulnerabilities, with 1 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
0 Critical Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|
3 High Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2015-12-11 | CVE-2015-7068 | Apple | NULL Pointer Dereference vulnerability in Apple products IOKit SCSI in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via an app that provides an unspecified userclient type. | 7.8 |
| 2015-12-09 | CVE-2015-6175 | Microsoft | Unspecified vulnerability in Microsoft Windows 10 1507 The kernel in Microsoft Windows 10 Gold allows local users to gain privileges via a crafted application, aka "Windows Kernel Memory Elevation of Privilege Vulnerability." | 7.8 |
| 2015-12-07 | CVE-2015-3276 | Openldap Oracle Redhat | The nss_parse_ciphers function in libraries/libldap/tls_m.c in OpenLDAP does not properly parse OpenSSL-style multi-keyword mode cipher strings, which might cause a weaker than intended cipher to be used and allow remote attackers to have unspecified impact via unknown vectors. | 7.5 |
0 Medium Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|
0 Low Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|