Weekly Vulnerabilities Reports > December 14 to 20, 2015

Overview

95 new vulnerabilities reported during this period, including 12 critical vulnerabilities and 22 high severity vulnerabilities. This weekly summary report vulnerabilities in 87 products from 40 vendors including Fedoraproject, Opensuse, Mozilla, Cisco, and Redhat. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Improper Input Validation", "Information Exposure", "Permissions, Privileges, and Access Controls", and "Numeric Errors".

  • 82 reported vulnerabilities are remotely exploitables.
  • 8 reported vulnerabilities have public exploit available.
  • 12 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 82 reported vulnerabilities are exploitable by an anonymous user.
  • Fedoraproject has the most reported vulnerabilities, with 22 reported vulnerabilities.
  • Fedoraproject has the most reported critical vulnerabilities, with 6 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

12 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2015-12-19 CVE-2015-7755 Juniper Improper Authentication vulnerability in Juniper Screenos 6.3.0

Juniper ScreenOS 6.2.0r15 through 6.2.0r18, 6.3.0r12 before 6.3.0r12b, 6.3.0r13 before 6.3.0r13b, 6.3.0r14 before 6.3.0r14b, 6.3.0r15 before 6.3.0r15b, 6.3.0r16 before 6.3.0r16b, 6.3.0r17 before 6.3.0r17b, 6.3.0r18 before 6.3.0r18b, 6.3.0r19 before 6.3.0r19b, and 6.3.0r20 before 6.3.0r21 allows remote attackers to obtain administrative access by entering an unspecified password during a (1) SSH or (2) TELNET session.

10.0
2015-12-16 CVE-2015-7221 Mozilla
Fedoraproject
Opensuse
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Buffer overflow in the nsDeque::GrowCapacity function in xpcom/glue/nsDeque.cpp in Mozilla Firefox before 43.0 might allow remote attackers to cause a denial of service or possibly have unspecified other impact by triggering a deque size change.

10.0
2015-12-16 CVE-2015-7220 Opensuse
Mozilla
Fedoraproject
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Buffer overflow in the XDRBuffer::grow function in js/src/vm/Xdr.cpp in Mozilla Firefox before 43.0 might allow remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code.

10.0
2015-12-16 CVE-2015-7205 Fedoraproject
Mozilla
Opensuse
Numeric Errors vulnerability in multiple products

Integer underflow in the RTPReceiverVideo::ParseRtpPacket function in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 might allow remote attackers to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a crafted WebRTC RTP packet.

10.0
2015-12-16 CVE-2015-7203 Mozilla
Fedoraproject
Opensuse
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Buffer overflow in the DirectWriteFontInfo::LoadFontFamilyData function in gfx/thebes/gfxDWriteFontList.cpp in Mozilla Firefox before 43.0 might allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted font-family name.

10.0
2015-12-16 CVE-2015-7202 Mozilla
Opensuse
Fedoraproject
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 43.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

10.0
2015-12-16 CVE-2015-7201 Fedoraproject
Mozilla
Opensuse
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

10.0
2015-12-14 CVE-2015-8548 Google Unspecified vulnerability in Google Chrome and V8

Multiple unspecified vulnerabilities in Google V8 before 4.7.80.23, as used in Google Chrome before 47.0.2526.80, allow attackers to cause a denial of service or possibly have other impact via unknown vectors, a different issue than CVE-2015-8478.

10.0
2015-12-14 CVE-2015-6791 Google Multiple Security vulnerability in Google Chrome Prior to 47.0.2526.80

Multiple unspecified vulnerabilities in Google Chrome before 47.0.2526.80 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

10.0
2015-12-14 CVE-2015-6788 Google Multiple Security vulnerability in Google Chrome Prior to 47.0.2526.80

The ObjectBackedNativeHandler class in extensions/renderer/object_backed_native_handler.cc in the extensions subsystem in Google Chrome before 47.0.2526.80 improperly implements handler functions, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type confusion." <a href="https://cwe.mitre.org/data/definitions/843.html">CWE-843: Access of Resource Using Incompatible Type ('Type Confusion')</a>

10.0
2015-12-14 CVE-2015-6789 Google Multiple Security vulnerability in Google Chrome Prior to 47.0.2526.80

Race condition in the MutationObserver implementation in Blink, as used in Google Chrome before 47.0.2526.80, allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact by leveraging unanticipated object deletion.

9.3
2015-12-16 CVE-2015-8358 Bitrix Path Traversal vulnerability in Bitrix Mpbuilder 1.0.11

Directory traversal vulnerability in the bitrix.mpbuilder module before 1.0.12 for Bitrix allows remote administrators to include and execute arbitrary local files via a ..

9.0

22 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2015-12-17 CVE-2015-8341 XEN Resource Management Errors vulnerability in XEN

The libxl toolstack library in Xen 4.1.x through 4.6.x does not properly release mappings of files used as kernels and initial ramdisks when managing multiple domains in the same process, which allows attackers to cause a denial of service (memory and disk consumption) by starting domains.

7.8
2015-12-17 CVE-2015-8600 SAP Permissions, Privileges, and Access Controls vulnerability in SAP Mobile Platform

The SysAdminWebTool servlets in SAP Mobile Platform allow remote attackers to bypass authentication and obtain sensitive information, gain privileges, or have unspecified other impact via unknown vectors, aka SAP Security Note 2227855.

7.5
2015-12-17 CVE-2015-8369 Cacti SQL Injection vulnerability in Cacti

SQL injection vulnerability in include/top_graph_header.php in Cacti 0.8.8f and earlier allows remote attackers to execute arbitrary SQL commands via the rra_id parameter in a properties action to graph.php.

7.5
2015-12-17 CVE-2015-8327 Redhat
Linuxfoundation
Canonical
Debian
Arbitrary Command Execution vulnerability in cups-filters

Incomplete blacklist vulnerability in util.c in foomatic-rip in cups-filters 1.0.42 before 1.2.0 and in foomatic-filters in Foomatic 4.0.x allows remote attackers to execute arbitrary commands via ` (backtick) characters in a print job.

7.5
2015-12-17 CVE-2015-7527 Cool Video Gallery Project Improper Input Validation vulnerability in Cool Video Gallery Project Cool Video Gallery 1.9

lib/core.php in the Cool Video Gallery plugin 1.9 for WordPress allows remote attackers to execute arbitrary code via shell metacharacters in the "Width of preview image" and possibly other input fields in the "Video Gallery Settings" page.

7.5
2015-12-16 CVE-2015-8566 Joomla Remote Code Execution vulnerability in Joomla Session 1.3.0

The Session package 1.x before 1.3.1 for Joomla! Framework allows remote attackers to execute arbitrary code via unspecified session values.

7.5
2015-12-16 CVE-2015-8565 Joomla Improper Input Validation vulnerability in Joomla Joomla!

Directory traversal vulnerability in Joomla! 3.2.0 through 3.3.x and 3.4.x before 3.4.6 allows remote attackers to have unspecified impact via unknown vectors.

7.5
2015-12-16 CVE-2015-8564 Joomla Improper Input Validation vulnerability in Joomla Joomla!

Directory traversal vulnerability in Joomla! 3.4.x before 3.4.6 allows remote attackers to have unspecified impact via directory traversal sequences in the XML install file in an extension package archive.

7.5
2015-12-16 CVE-2015-8562 Joomla Improper Input Validation vulnerability in Joomla Joomla!

Joomla! 1.5.x, 2.x, and 3.x before 3.4.6 allow remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the HTTP User-Agent header, as exploited in the wild in December 2015.

7.5
2015-12-16 CVE-2015-7212 Fedoraproject
Opensuse
Mozilla
Numeric Errors vulnerability in multiple products

Integer overflow in the mozilla::layers::BufferTextureClient::AllocateForSurface function in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allows remote attackers to execute arbitrary code by triggering a graphics operation that requires a large texture allocation.

7.5
2015-12-16 CVE-2015-7210 Mozilla
Opensuse
Fedoraproject
Use After Free Denial of Service vulnerability in WebRTC

Use-after-free vulnerability in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allows remote attackers to execute arbitrary code by triggering attempted use of a data channel that has been closed by a WebRTC function.

7.5
2015-12-15 CVE-2015-6420 Apache Deserialization of Untrusted Data vulnerability in Apache Commons Collections

Serialized-object interfaces in certain Cisco Collaboration and Social Media; Endpoint Clients and Client Software; Network Application, Service, and Acceleration; Network and Content Security Devices; Network Management and Provisioning; Routing and Switching - Enterprise and Service Provider; Unified Computing; Voice and Unified Communications Devices; Video, Streaming, TelePresence, and Transcoding Devices; Wireless; and Cisco Hosted Services products allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.

7.5
2015-12-14 CVE-2015-6401 Cisco Improper Authentication vulnerability in Cisco Epc3928 Docsis 3.0 8X4 Wireless Residential Gateway With Embedded Digital Voice Adapter 5.5.10/5.5.11/5.7.1

Cisco EPC3928 devices with EDVA 5.5.10, 5.5.11, and 5.7.1 allow remote attackers to bypass an intended authentication requirement and execute unspecified administrative functions via a crafted HTTP request, aka Bug ID CSCux24941.

7.5
2015-12-15 CVE-2015-8570 Lepide Permissions, Privileges, and Access Controls vulnerability in Lepide Active Directory Self Service

The password reset functionality in Lepide Active Directory Self Service allows remote authenticated users to change arbitrary domain user passwords via a crafted request.

7.4
2015-12-18 CVE-2015-6426 Cisco Improper Input Validation vulnerability in Cisco Prime Network Services Controller 3.0.0

Cisco Prime Network Services Controller 3.0 allows local users to bypass intended access restrictions and execute arbitrary commands via additional parameters to an unspecified command, aka Bug ID CSCus99427.

7.2
2015-12-18 CVE-2015-6424 Cisco Credentials Management vulnerability in Cisco Application Policy Infrastructure Controller 1.1(0.920A)

The boot manager in Cisco Application Policy Infrastructure Controller (APIC) 1.1(0.920a) allows local users to bypass intended access restrictions and obtain single-user-mode root access via unspecified vectors, aka Bug ID CSCuu83985.

7.2
2015-12-17 CVE-2015-8338 XEN 7PK - Security Features vulnerability in XEN

Xen 4.6.x and earlier does not properly enforce limits on page order inputs for the (1) XENMEM_increase_reservation, (2) XENMEM_populate_physmap, (3) XENMEM_exchange, and possibly other HYPERVISOR_memory_op suboperations, which allows ARM guest OS administrators to cause a denial of service (CPU consumption, guest reboot, or watchdog timeout and host reboot) and possibly have unspecified other impact via unknown vectors.

7.2
2015-12-17 CVE-2015-5277 Redhat
GNU
Canonical
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

The get_contents function in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) before 2.20 might allow local users to cause a denial of service (heap corruption) or gain privileges via a long line in the NSS files database.

7.2
2015-12-17 CVE-2015-4027 Acunetix Permissions, Privileges, and Access Controls vulnerability in Acunetix web vulnerability Scanner

The AcuWVSSchedulerv10 service in Acunetix Web Vulnerability Scanner (WVS) before 10 build 20151125 allows local users to gain privileges via a command parameter in the reporttemplate property in a params JSON object to api/addScan.

7.2
2015-12-15 CVE-2015-6403 Cisco Improper Input Validation vulnerability in Cisco Spa300 Firmware and Spa500 Firmware

The TFTP implementation on Cisco Small Business SPA30x, SPA50x, SPA51x phones 7.5.7 improperly validates firmware-image file integrity, which allows local users to load a Trojan horse image by leveraging shell access, aka Bug ID CSCut67400.

7.2
2015-12-16 CVE-2015-8461 ISC Race Condition vulnerability in ISC Bind

Race condition in resolver.c in named in ISC BIND 9.9.8 before 9.9.8-P2 and 9.10.3 before 9.10.3-P2 allows remote attackers to cause a denial of service (INSIST assertion failure and daemon exit) via unspecified vectors.

7.1
2015-12-15 CVE-2015-5312 Canonical
Redhat
Apple
Xmlsoft
HP
Debian
Resource Management Errors vulnerability in multiple products

The xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.3 does not properly prevent entity expansion, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data, a different vulnerability than CVE-2014-3660.

7.1

57 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2015-12-16 CVE-2015-8370 GNU
Fedoraproject
Permissions, Privileges, and Access Controls vulnerability in multiple products

Multiple integer underflows in Grub2 1.98 through 2.02 allow physically proximate attackers to bypass authentication, obtain sensitive information, or cause a denial of service (disk corruption) via backspace characters in the (1) grub_username_get function in grub-core/normal/auth.c or the (2) grub_password_get function in lib/crypto.c, which trigger an "Off-by-two" or "Out of bounds overwrite" memory error.

6.9
2015-12-16 CVE-2015-8580 Foxitsoftware Unspecified vulnerability in Foxitsoftware Foxit Reader and Phantompdf

Multiple use-after-free vulnerabilities in the (1) Print method and (2) App object handling in Foxit Reader before 7.2.2 and Foxit PhantomPDF before 7.2.2 allow remote attackers to execute arbitrary code via a crafted PDF document.

6.8
2015-12-16 CVE-2015-8563 Joomla Cross-Site Request Forgery (CSRF) vulnerability in Joomla Joomla!

Cross-site request forgery (CSRF) vulnerability in the com_templates component in Joomla! 3.2.0 through 3.3.x and 3.4.x before 3.4.6 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

6.8
2015-12-16 CVE-2015-7222 Mozilla
Opensuse
Fedoraproject
Numeric Errors vulnerability in multiple products

Integer underflow in the Metadata::setData function in MetaData.cpp in libstagefright in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allows remote attackers to execute arbitrary code or cause a denial of service (incorrect memory allocation and application crash) via an MP4 video file with crafted covr metadata that triggers a buffer overflow.

6.8
2015-12-16 CVE-2015-7216 Fedoraproject
Mozilla
Gnome
Opensuse
Improper Input Validation vulnerability in multiple products

The gdk-pixbuf configuration in Mozilla Firefox before 43.0 on Linux GNOME platforms incorrectly enables the JasPer decoder, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted JPEG 2000 image.

6.8
2015-12-16 CVE-2015-7213 Opensuse
Fedoraproject
Mozilla
Numeric Errors vulnerability in multiple products

Integer overflow in the MPEG4Extractor::readMetaData function in MPEG4Extractor.cpp in libstagefright in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 on 64-bit platforms allows remote attackers to execute arbitrary code via a crafted MP4 video file that triggers a buffer overflow.

6.8
2015-12-16 CVE-2015-7204 Opensuse
Fedoraproject
Mozilla
Code vulnerability in multiple products

Mozilla Firefox before 43.0 does not properly store the properties of unboxed objects, which allows remote attackers to execute arbitrary code via crafted JavaScript variable assignments.

6.8
2015-12-15 CVE-2015-8572 Autodesk Buffer Errors vulnerability in Autodesk Design Review 2013

Multiple buffer overflows in Autodesk Design Review (ADR) before 2013 Hotfix 2 allow remote attackers to execute arbitrary code via crafted RLE data in a (1) BMP or (2) FLI file, (3) encoded scan lines in a PCX file, or (4) DataSubBlock or (5) GlobalColorTable in a GIF file.

6.8
2015-12-15 CVE-2015-8571 Autodesk Numeric Errors vulnerability in Autodesk Design Review 2013

Integer overflow in Autodesk Design Review (ADR) before 2013 Hotfix 2 allows remote attackers to execute arbitrary code via a crafted biClrUsed value in a BMP file, which triggers a buffer overflow.

6.8
2015-12-15 CVE-2015-8561 Schneider Electric Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Schneider-Electric Proclima 6.0.1/6.1

The F1BookView ActiveX control in F1 Bookview in Schneider Electric ProClima before 6.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted integer value to the (1) AttachToSS, (2) CopyAll, (3) CopyRange, (4) CopyRangeEx, or (5) SwapTable method, a different vulnerability than CVE-2015-7918.

6.8
2015-12-15 CVE-2015-7918 Schneider Electric Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Schneider-Electric Proclima 6.0.1/6.1

Multiple buffer overflows in the F1BookView ActiveX control in F1 Bookview in Schneider Electric ProClima before 6.2 allow remote attackers to execute arbitrary code via the (1) Attach, (2) DefinedName, (3) DefinedNameLocal, (4) ODBCPrepareEx, (5) ObjCreatePolygon, (6) SetTabbedTextEx, or (7) SetValidationRule method, a different vulnerability than CVE-2015-8561.

6.8
2015-12-15 CVE-2015-6399 Cisco Resource Management Errors vulnerability in Cisco Integrated Management Controller Supervisor 1.0.0.0/1.0.0.1

The Supervisor 1.0.0.0 and 1.0.0.1 in Cisco Integrated Management Controller (IMC) before 2.0(9) allows remote authenticated users to cause a denial of service (IP interface outage) via crafted parameters in an HTTP request, aka Bug ID CSCuv38286.

6.8
2015-12-14 CVE-2015-6378 Cisco Cross-Site Request Forgery (CSRF) vulnerability in Cisco Dpq3925 8X4 Docsis 3.0 Wireless Residential Gateway With Embedded Digital Voice Adapter 5.5.2

Cross-site request forgery (CSRF) vulnerability on Cisco DPQ3925 devices with EDVA 5.5.2 allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuv05943.

6.8
2015-12-16 CVE-2015-8357 Bitrix Path Traversal vulnerability in Bitrix Xscan 1.0.3

Directory traversal vulnerability in the bitrix.xscan module before 1.0.4 for Bitrix allows remote authenticated users to rename arbitrary files, and consequently obtain sensitive information or cause a denial of service, via a ..

6.5
2015-12-15 CVE-2015-8377 Cacti SQL Injection vulnerability in Cacti

SQL injection vulnerability in the host_new_graphs_save function in graphs_new.php in Cacti 0.8.8f and earlier allows remote authenticated users to execute arbitrary SQL commands via crafted serialized data in the selected_graphs_array parameter in a save action.

6.5
2015-12-16 CVE-2015-8579 Kaspersky Permissions, Privileges, and Access Controls vulnerability in Kaspersky Total Security 2015 15.0.2.361

Kaspersky Total Security 2015 15.0.2.361 allocates memory with Read, Write, Execute (RWX) permissions at predictable addresses when protecting user-mode processes, which allows attackers to bypass the DEP and ASLR protection mechanisms via unspecified vectors.

6.4
2015-12-16 CVE-2015-8578 AVG Permissions, Privileges, and Access Controls vulnerability in AVG Internet Security 2015

AVG Internet Security 2015 allocates memory with Read, Write, Execute (RWX) permissions at predictable addresses when protecting user-mode processes, which allows attackers to bypass the DEP and ASLR protection mechanisms via unspecified vectors.

6.4
2015-12-15 CVE-2015-8241 Debian
Redhat
HP
Canonical
Xmlsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

The xmlNextChar function in libxml2 2.9.2 does not properly check the state, which allows context-dependent attackers to cause a denial of service (heap-based buffer over-read and application crash) or obtain sensitive information via crafted XML data.

6.4
2015-12-15 CVE-2015-6359 Cisco Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cisco IOS

The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Cisco IOS 15.3(3)S0.1 on ASR devices mishandles internal tables, which allows remote attackers to cause a denial of service (memory consumption or device crash) via a flood of crafted ND messages, aka Bug ID CSCup28217.

6.1
2015-12-17 CVE-2015-8368 Ntop 7PK - Security Features vulnerability in Ntop Ntopng

ntopng (aka ntop) before 2.2 allows remote authenticated users to change the login context and gain privileges via the user cookie and username parameter to admin/password_reset.lua.

6.0
2015-12-15 CVE-2015-8242 Xmlsoft
HP
Apple
Canonical
Redhat
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

The xmlSAX2TextNode function in SAX2.c in the push interface in the HTML parser in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (stack-based buffer over-read and application crash) or obtain sensitive information via crafted XML data.

5.8
2015-12-19 CVE-2015-7756 Juniper Cryptographic Issues vulnerability in Juniper Screenos

The encryption implementation in Juniper ScreenOS 6.2.0r15 through 6.2.0r18, 6.3.0r12 before 6.3.0r12b, 6.3.0r13 before 6.3.0r13b, 6.3.0r14 before 6.3.0r14b, 6.3.0r15 before 6.3.0r15b, 6.3.0r16 before 6.3.0r16b, 6.3.0r17 before 6.3.0r17b, 6.3.0r18 before 6.3.0r18b, 6.3.0r19 before 6.3.0r19b, and 6.3.0r20 before 6.3.0r21 makes it easier for remote attackers to discover the plaintext content of VPN sessions by sniffing the network for ciphertext data and conducting an unspecified decryption attack.

5.0
2015-12-19 CVE-2015-6429 Cisco Data Processing Errors vulnerability in Cisco IOS and IOS XE

The IKEv1 state machine in Cisco IOS 15.4 through 15.6 and IOS XE 3.15 through 3.17 allows remote attackers to cause a denial of service (IPsec connection termination) via a crafted IKEv1 packet to a tunnel endpoint, aka Bug ID CSCuw08236.

5.0
2015-12-18 CVE-2015-6428 Cisco Information Exposure vulnerability in Cisco Dpq3925 8X4 Docsis 3.0 Wireless Residential Gateway With Embedded Digital Voice Adapter R1Base

Cisco DPQ3925 devices with EDVA r1 Base allow remote attackers to obtain sensitive information via a crafted HTTP request, aka Bug ID CSCuv03958.

5.0
2015-12-18 CVE-2015-6427 Cisco 7PK - Security Features vulnerability in Cisco Firesight System Software

Cisco FireSIGHT Management Center allows remote attackers to bypass the HTTP attack detection feature and avoid triggering Snort IDS rules via an SSL session that is mishandled after decryption, aka Bug ID CSCux53437.

5.0
2015-12-17 CVE-2015-8601 Chat Room Project Information Exposure vulnerability in Chat Room Project Chat Room 7.X2.0/7.X2.1

The Chat Room module 7.x-2.x before 7.x-2.2 for Drupal does not properly check permissions when setting up a websocket for chat messages, which allows remote attackers to bypass intended access restrictions and read messages from arbitrary Chat Rooms via unspecified vectors.

5.0
2015-12-16 CVE-2015-8476 Debian
Phpmailer Project
Improper Input Validation vulnerability in multiple products

Multiple CRLF injection vulnerabilities in PHPMailer before 5.2.14 allow attackers to inject arbitrary SMTP commands via CRLF sequences in an (1) email address to the validateAddress function in class.phpmailer.php or (2) SMTP command to the sendCommand function in class.smtp.php, a different vulnerability than CVE-2012-0796.

5.0
2015-12-16 CVE-2015-8000 Oracle
ISC
Improper Input Validation vulnerability in multiple products

db.c in named in ISC BIND 9.x before 9.9.8-P2 and 9.10.x before 9.10.3-P2 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via a malformed class attribute.

5.0
2015-12-16 CVE-2015-6425 Cisco Resource Management Errors vulnerability in Cisco Unified Communications Manager 10.5(0.98000.88)

The WebApplications Identity Management subsystem in Cisco Unified Communications Manager 10.5(0.98000.88) allows remote attackers to cause a denial of service (subsystem outage) via invalid session tokens, aka Bug ID CSCul83786.

5.0
2015-12-16 CVE-2015-7219 Opensuse
Mozilla
Fedoraproject
Numeric Errors vulnerability in multiple products

The HTTP/2 implementation in Mozilla Firefox before 43.0 allows remote attackers to cause a denial of service (integer underflow, assertion failure, and application exit) via a malformed PushPromise frame that triggers decompressed-buffer length miscalculation and incorrect memory allocation.

5.0
2015-12-16 CVE-2015-7218 Opensuse
Fedoraproject
Mozilla
Numeric Errors vulnerability in multiple products

The HTTP/2 implementation in Mozilla Firefox before 43.0 allows remote attackers to cause a denial of service (integer underflow, assertion failure, and application exit) via a single-byte header frame that triggers incorrect memory allocation.

5.0
2015-12-16 CVE-2015-7215 Fedoraproject
Opensuse
Mozilla
Information Exposure vulnerability in multiple products

The importScripts function in the Web Workers API implementation in Mozilla Firefox before 43.0 allows remote attackers to bypass the Same Origin Policy by triggering use of the no-cors mode in the fetch API to attempt resource access that throws an exception, leading to information disclosure after a rethrow.

5.0
2015-12-16 CVE-2015-7214 Opensuse
Mozilla
Fedoraproject
Information Exposure vulnerability in multiple products

Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allow remote attackers to bypass the Same Origin Policy via data: and view-source: URIs.

5.0
2015-12-16 CVE-2015-7211 Mozilla
Fedoraproject
Opensuse
Improper Input Validation vulnerability in multiple products

Mozilla Firefox before 43.0 mishandles the # (number sign) character in a data: URI, which allows remote attackers to spoof web sites via unspecified vectors.

5.0
2015-12-16 CVE-2015-7208 Mozilla
Fedoraproject
Opensuse
Information Exposure vulnerability in multiple products

Mozilla Firefox before 43.0 stores cookies containing vertical tab characters, which allows remote attackers to obtain sensitive information by reading HTTP Cookie headers.

5.0
2015-12-16 CVE-2015-7207 Mozilla
Opensuse
Fedoraproject
Information Exposure vulnerability in multiple products

Mozilla Firefox before 43.0 does not properly restrict the availability of IFRAME Resource Timing API times, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via crafted JavaScript code that leverages history.back and performance.getEntries calls, a related issue to CVE-2015-1300.

5.0
2015-12-15 CVE-2015-8317 Debian
Canonical
Xmlsoft
Redhat
HP
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

The xmlParseXMLDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive information via an (1) unterminated encoding value or (2) incomplete XML declaration in XML data, which triggers an out-of-bounds heap read.

5.0
2015-12-15 CVE-2015-7500 HP
Xmlsoft
Debian
Apple
Redhat
Canonical
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

The xmlParseMisc function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (out-of-bounds heap read) via unspecified vectors related to incorrect entities boundaries and start tags.

5.0
2015-12-15 CVE-2015-7499 Apple
Canonical
Redhat
HP
Xmlsoft
Debian
Opensuse
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Heap-based buffer overflow in the xmlGROW function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive process memory information via unspecified vectors.

5.0
2015-12-15 CVE-2015-7498 HP
Canonical
Debian
Redhat
Xmlsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Heap-based buffer overflow in the xmlParseXmlDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors related to extracting errors after an encoding conversion failure.

5.0
2015-12-15 CVE-2015-7497 Debian
Canonical
Xmlsoft
Redhat
HP
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Heap-based buffer overflow in the xmlDictComputeFastQKey function in dict.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors.

5.0
2015-12-15 CVE-2015-6411 Cisco Information Exposure vulnerability in Cisco Firepower Management Center 5.4.1.3/6.0.0/6.0.1

Cisco FirePOWER Management Center 5.4.1.3, 6.0.0, and 6.0.1 provides verbose responses to requests for help files, which allows remote attackers to obtain potentially sensitive version information by reading an unspecified field, aka Bug ID CSCux37061.

5.0
2015-12-17 CVE-2015-8340 XEN Code vulnerability in XEN

The memory_exchange function in common/memory.c in Xen 3.2.x through 4.6.x does not properly release locks, which might allow guest OS administrators to cause a denial of service (deadlock or host crash) via unspecified vectors, related to XENMEM_exchange error handling.

4.7
2015-12-17 CVE-2015-8339 XEN Data Processing Errors vulnerability in XEN

The memory_exchange function in common/memory.c in Xen 3.2.x through 4.6.x does not properly hand back pages to a domain, which might allow guest OS administrators to cause a denial of service (host crash) via unspecified vectors related to domain teardown.

4.7
2015-12-17 CVE-2015-7518 Theforeman Cross-Site Scripting vulnerability in Theforeman Foreman

Multiple cross-site scripting (XSS) vulnerabilities in information popups in Foreman before 1.10.0 allow remote attackers to inject arbitrary web script or HTML via (1) global parameters, (2) smart class parameters, or (3) smart variables in the (a) host or (b) hostgroup edit forms.

4.3
2015-12-17 CVE-2015-5204 Apache HTTP Header Injection vulnerability in Apache Cordova File Transfer 1.2.1

CRLF injection vulnerability in the Apache Cordova File Transfer Plugin (cordova-plugin-file-transfer) for Android before 1.3.0 allows remote attackers to inject arbitrary headers via CRLF sequences in the filename of an uploaded file.

4.3
2015-12-16 CVE-2015-7217 Mozilla
Gnome
Opensuse
Fedoraproject
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

The gdk-pixbuf configuration in Mozilla Firefox before 43.0 on Linux GNOME platforms incorrectly enables the TGA decoder, which allows remote attackers to cause a denial of service (heap-based buffer overflow) via a crafted Truevision TGA image.

4.3
2015-12-15 CVE-2015-8247 Synnefoims Cross-Site Scripting vulnerability in Synnefoims Internet Management Software 2015

Cross-site scripting (XSS) vulnerability in synnefoclient in Synnefo Internet Management Software (IMS) 2015 allows remote attackers to inject arbitrary web script or HTML via the plan_name parameter to packagehistory/listusagesdata.

4.3
2015-12-15 CVE-2015-4206 Cisco Cross-Site Scripting vulnerability in Cisco Unified Communications Manager

Cisco Unified Communications Manager (UCM) 8.0 through 8.6 allows remote attackers to bypass an XSS protection mechanism via a crafted parameter, aka Bug ID CSCuu15266.

4.3
2015-12-14 CVE-2015-6790 Google Improper Input Validation vulnerability in Google Chrome

The WebPageSerializerImpl::openTagToString function in WebKit/Source/web/WebPageSerializerImpl.cpp in the page serializer in Google Chrome before 47.0.2526.80 does not properly use HTML entities, which might allow remote attackers to inject arbitrary web script or HTML via a crafted document, as demonstrated by a double-quote character inside a single-quoted string.

4.3
2015-12-14 CVE-2015-6416 Cisco Cross-Site Scripting vulnerability in Cisco Unified web and E-Mail Interaction Manager 11.0(1)

Cross-site scripting (XSS) vulnerability in Cisco Unified Email Interaction Manager and Unified Web Interaction Manager 11.0(1) allows remote attackers to inject arbitrary web script or HTML a crafted URL, aka Bug ID CSCuw24479.

4.3
2015-12-14 CVE-2015-6402 Cisco Cross-Site Scripting vulnerability in Cisco Epc3928 Docsis 3.0 8X4 Wireless Residential Gateway With Embedded Digital Voice Adapter 5.5.10/5.5.11/5.7.1

Cross-site scripting (XSS) vulnerability in the management interface on Cisco EPC3928 devices with EDVA 5.5.10, 5.5.11, and 5.7.1 allows remote attackers to inject arbitrary web script or HTML via an unspecified value, aka Bug ID CSCux24935.

4.3
2015-12-16 CVE-2015-7223 Fedoraproject
Mozilla
Opensuse
Permissions, Privileges, and Access Controls vulnerability in multiple products

The WebExtension APIs in Mozilla Firefox before 43.0 allow remote attackers to gain privileges, and possibly obtain sensitive information or conduct cross-site scripting (XSS) attacks, via a crafted web site.

4.0
2015-12-15 CVE-2015-6404 Cisco Information Exposure vulnerability in Cisco Hosted Collaboration Solution 10.6(3)Base

Cisco Hosted Collaboration Mediation Fulfillment 10.6(3) does not use RBAC, which allows remote authenticated users to obtain sensitive credential information by leveraging admin access and making SOAP API requests, aka Bug ID CSCuw84374.

4.0
2015-12-15 CVE-2015-5004 IBM Information Exposure vulnerability in IBM Websphere Application Server

The Edge Component Caching Proxy in IBM WebSphere Application Server (WAS) 8.0 before 8.0.0.12 and 8.5 before 8.5.5.8 does not properly encrypt data, which allows remote authenticated users to obtain sensitive information via unspecified vectors.

4.0
2015-12-14 CVE-2015-6422 Cisco Resource Management Errors vulnerability in Cisco Unified Communications Domain Manager 10.6.1

The self-service application in Cisco Unified Communications Domain Manager (CUCDM) 10.6(1) allows remote authenticated users to cause a denial of service (subapplication outage) via malformed requests, aka Bug ID CSCuu10981.

4.0
2015-12-14 CVE-2015-6410 Cisco Improper Input Validation vulnerability in Cisco Telepresence Video Communication Server Software X8.5

The Mobile and Remote Access (MRA) services implementation in Cisco Unified Communications Manager mishandles edge-device identity validation, which allows remote attackers to bypass intended call-reception and call-setup restrictions by spoofing a user, aka Bug ID CSCuu97283.

4.0

4 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2015-12-17 CVE-2015-8602 Token Insert Entity Project Information Exposure vulnerability in Token Insert Entity Project Token Insert Entity 7.X1.0

The Token Insert Entity module 7.x-1.x before 7.x-1.1 for Drupal does not properly check permissions, which allows remote authenticated users with certain permissions to bypass intended access restrictions and possibly obtain sensitive information by inserting a token, which embeds a rendered entity in the main node.

3.5
2015-12-16 CVE-2015-5304 Redhat Permissions, Privileges, and Access Controls vulnerability in Redhat Jboss Enterprise Application Platform

Red Hat JBoss Enterprise Application Platform (EAP) before 6.4.5 does not properly authorize access to shut down the server, which allows remote authenticated users with the Monitor, Deployer, or Auditor role to cause a denial of service via unspecified vectors.

3.5
2015-12-16 CVE-2015-8577 Mcafee Permissions, Privileges, and Access Controls vulnerability in Mcafee Virusscan Enterprise

The Buffer Overflow Protection (BOP) feature in McAfee VirusScan Enterprise before 8.8 Patch 6 allocates memory with Read, Write, Execute (RWX) permissions at predictable addresses on 32-bit platforms when protecting another application, which allows attackers to bypass the DEP and ASLR protection mechanisms via unspecified vectors.

2.6
2015-12-18 CVE-2015-6556 Symantec Information Exposure vulnerability in Symantec Endpoint Encryption

EACommunicatorSrv.exe in the Framework Service in the client in Symantec Endpoint Encryption (SEE) before 11.1.0 allows remote authenticated users to discover credentials by triggering a memory dump.

2.3