Weekly Vulnerabilities Reports > December 14 to 20, 2015
Overview
82 new vulnerabilities reported during this period, including 8 critical vulnerabilities and 20 high severity vulnerabilities. This weekly summary report vulnerabilities in 81 products from 37 vendors including Mozilla, Fedoraproject, Opensuse, Cisco, and Redhat. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Information Exposure", "Improper Input Validation", "Permissions, Privileges, and Access Controls", and "Numeric Errors".
- 71 reported vulnerabilities are remotely exploitables.
- 8 reported vulnerabilities have public exploit available.
- 10 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 69 reported vulnerabilities are exploitable by an anonymous user.
- Mozilla has the most reported vulnerabilities, with 21 reported vulnerabilities.
- Mozilla has the most reported critical vulnerabilities, with 6 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
8 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2015-12-19 | CVE-2015-7755 | Juniper | Improper Authentication vulnerability in Juniper Screenos 6.3.0 Juniper ScreenOS 6.2.0r15 through 6.2.0r18, 6.3.0r12 before 6.3.0r12b, 6.3.0r13 before 6.3.0r13b, 6.3.0r14 before 6.3.0r14b, 6.3.0r15 before 6.3.0r15b, 6.3.0r16 before 6.3.0r16b, 6.3.0r17 before 6.3.0r17b, 6.3.0r18 before 6.3.0r18b, 6.3.0r19 before 6.3.0r19b, and 6.3.0r20 before 6.3.0r21 allows remote attackers to obtain administrative access by entering an unspecified password during a (1) SSH or (2) TELNET session. | 10.0 |
2015-12-16 | CVE-2015-7221 | Mozilla Fedoraproject Opensuse | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Buffer overflow in the nsDeque::GrowCapacity function in xpcom/glue/nsDeque.cpp in Mozilla Firefox before 43.0 might allow remote attackers to cause a denial of service or possibly have unspecified other impact by triggering a deque size change. | 10.0 |
2015-12-16 | CVE-2015-7220 | Opensuse Mozilla Fedoraproject | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Buffer overflow in the XDRBuffer::grow function in js/src/vm/Xdr.cpp in Mozilla Firefox before 43.0 might allow remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code. | 10.0 |
2015-12-16 | CVE-2015-7205 | Fedoraproject Mozilla Opensuse | Numeric Errors vulnerability in multiple products Integer underflow in the RTPReceiverVideo::ParseRtpPacket function in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 might allow remote attackers to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a crafted WebRTC RTP packet. | 10.0 |
2015-12-16 | CVE-2015-7203 | Mozilla Fedoraproject Opensuse | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Buffer overflow in the DirectWriteFontInfo::LoadFontFamilyData function in gfx/thebes/gfxDWriteFontList.cpp in Mozilla Firefox before 43.0 might allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted font-family name. | 10.0 |
2015-12-16 | CVE-2015-7202 | Mozilla Opensuse Fedoraproject | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 43.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | 10.0 |
2015-12-16 | CVE-2015-7201 | Fedoraproject Mozilla Opensuse | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | 10.0 |
2015-12-16 | CVE-2015-8358 | Bitrix | Path Traversal vulnerability in Bitrix Mpbuilder 1.0.11 Directory traversal vulnerability in the bitrix.mpbuilder module before 1.0.12 for Bitrix allows remote administrators to include and execute arbitrary local files via a .. | 9.0 |
20 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2015-12-17 | CVE-2015-8341 | XEN | Resource Management Errors vulnerability in XEN The libxl toolstack library in Xen 4.1.x through 4.6.x does not properly release mappings of files used as kernels and initial ramdisks when managing multiple domains in the same process, which allows attackers to cause a denial of service (memory and disk consumption) by starting domains. | 7.8 |
2015-12-17 | CVE-2015-8600 | SAP | Permissions, Privileges, and Access Controls vulnerability in SAP Mobile Platform The SysAdminWebTool servlets in SAP Mobile Platform allow remote attackers to bypass authentication and obtain sensitive information, gain privileges, or have unspecified other impact via unknown vectors, aka SAP Security Note 2227855. | 7.5 |
2015-12-17 | CVE-2015-8369 | Cacti | SQL Injection vulnerability in Cacti SQL injection vulnerability in include/top_graph_header.php in Cacti 0.8.8f and earlier allows remote attackers to execute arbitrary SQL commands via the rra_id parameter in a properties action to graph.php. | 7.5 |
2015-12-17 | CVE-2015-8327 | Redhat Linuxfoundation Canonical Debian | Arbitrary Command Execution vulnerability in cups-filters Incomplete blacklist vulnerability in util.c in foomatic-rip in cups-filters 1.0.42 before 1.2.0 and in foomatic-filters in Foomatic 4.0.x allows remote attackers to execute arbitrary commands via ` (backtick) characters in a print job. | 7.5 |
2015-12-17 | CVE-2015-7527 | Cool Video Gallery Project | Improper Input Validation vulnerability in Cool Video Gallery Project Cool Video Gallery 1.9 lib/core.php in the Cool Video Gallery plugin 1.9 for WordPress allows remote attackers to execute arbitrary code via shell metacharacters in the "Width of preview image" and possibly other input fields in the "Video Gallery Settings" page. | 7.5 |
2015-12-16 | CVE-2015-8566 | Joomla | Remote Code Execution vulnerability in Joomla Session 1.3.0 The Session package 1.x before 1.3.1 for Joomla! Framework allows remote attackers to execute arbitrary code via unspecified session values. | 7.5 |
2015-12-16 | CVE-2015-8565 | Joomla | Improper Input Validation vulnerability in Joomla Joomla! Directory traversal vulnerability in Joomla! 3.2.0 through 3.3.x and 3.4.x before 3.4.6 allows remote attackers to have unspecified impact via unknown vectors. | 7.5 |
2015-12-16 | CVE-2015-8564 | Joomla | Improper Input Validation vulnerability in Joomla Joomla! Directory traversal vulnerability in Joomla! 3.4.x before 3.4.6 allows remote attackers to have unspecified impact via directory traversal sequences in the XML install file in an extension package archive. | 7.5 |
2015-12-16 | CVE-2015-8562 | Joomla | Improper Input Validation vulnerability in Joomla Joomla! Joomla! 1.5.x, 2.x, and 3.x before 3.4.6 allow remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the HTTP User-Agent header, as exploited in the wild in December 2015. | 7.5 |
2015-12-16 | CVE-2015-7212 | Fedoraproject Opensuse Mozilla | Numeric Errors vulnerability in multiple products Integer overflow in the mozilla::layers::BufferTextureClient::AllocateForSurface function in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allows remote attackers to execute arbitrary code by triggering a graphics operation that requires a large texture allocation. | 7.5 |
2015-12-16 | CVE-2015-7210 | Mozilla Opensuse Fedoraproject | Use After Free Denial of Service vulnerability in WebRTC Use-after-free vulnerability in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allows remote attackers to execute arbitrary code by triggering attempted use of a data channel that has been closed by a WebRTC function. | 7.5 |
2015-12-14 | CVE-2015-6401 | Cisco | Improper Authentication vulnerability in Cisco Epc3928 Docsis 3.0 8X4 Wireless Residential Gateway With Embedded Digital Voice Adapter 5.5.10/5.5.11/5.7.1 Cisco EPC3928 devices with EDVA 5.5.10, 5.5.11, and 5.7.1 allow remote attackers to bypass an intended authentication requirement and execute unspecified administrative functions via a crafted HTTP request, aka Bug ID CSCux24941. | 7.5 |
2015-12-15 | CVE-2015-8570 | Lepide | Permissions, Privileges, and Access Controls vulnerability in Lepide Active Directory Self Service The password reset functionality in Lepide Active Directory Self Service allows remote authenticated users to change arbitrary domain user passwords via a crafted request. | 7.4 |
2015-12-18 | CVE-2015-6426 | Cisco | Improper Input Validation vulnerability in Cisco Prime Network Services Controller 3.0.0 Cisco Prime Network Services Controller 3.0 allows local users to bypass intended access restrictions and execute arbitrary commands via additional parameters to an unspecified command, aka Bug ID CSCus99427. | 7.2 |
2015-12-18 | CVE-2015-6424 | Cisco | Credentials Management vulnerability in Cisco Application Policy Infrastructure Controller 1.1(0.920A) The boot manager in Cisco Application Policy Infrastructure Controller (APIC) 1.1(0.920a) allows local users to bypass intended access restrictions and obtain single-user-mode root access via unspecified vectors, aka Bug ID CSCuu83985. | 7.2 |
2015-12-17 | CVE-2015-8338 | XEN | 7PK - Security Features vulnerability in XEN Xen 4.6.x and earlier does not properly enforce limits on page order inputs for the (1) XENMEM_increase_reservation, (2) XENMEM_populate_physmap, (3) XENMEM_exchange, and possibly other HYPERVISOR_memory_op suboperations, which allows ARM guest OS administrators to cause a denial of service (CPU consumption, guest reboot, or watchdog timeout and host reboot) and possibly have unspecified other impact via unknown vectors. | 7.2 |
2015-12-17 | CVE-2015-4027 | Acunetix | Permissions, Privileges, and Access Controls vulnerability in Acunetix web vulnerability Scanner The AcuWVSSchedulerv10 service in Acunetix Web Vulnerability Scanner (WVS) before 10 build 20151125 allows local users to gain privileges via a command parameter in the reporttemplate property in a params JSON object to api/addScan. | 7.2 |
2015-12-15 | CVE-2015-6403 | Cisco | Improper Input Validation vulnerability in Cisco Spa300 Firmware and Spa500 Firmware The TFTP implementation on Cisco Small Business SPA30x, SPA50x, SPA51x phones 7.5.7 improperly validates firmware-image file integrity, which allows local users to load a Trojan horse image by leveraging shell access, aka Bug ID CSCut67400. | 7.2 |
2015-12-16 | CVE-2015-8461 | ISC | Race Condition vulnerability in ISC Bind Race condition in resolver.c in named in ISC BIND 9.9.8 before 9.9.8-P2 and 9.10.3 before 9.10.3-P2 allows remote attackers to cause a denial of service (INSIST assertion failure and daemon exit) via unspecified vectors. | 7.1 |
2015-12-15 | CVE-2015-5312 | Canonical Redhat Apple Xmlsoft HP Debian | Resource Management Errors vulnerability in multiple products The xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.3 does not properly prevent entity expansion, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data, a different vulnerability than CVE-2014-3660. | 7.1 |
50 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2015-12-16 | CVE-2015-8580 | Foxitsoftware | Unspecified vulnerability in Foxitsoftware Foxit Reader and Phantompdf Multiple use-after-free vulnerabilities in the (1) Print method and (2) App object handling in Foxit Reader before 7.2.2 and Foxit PhantomPDF before 7.2.2 allow remote attackers to execute arbitrary code via a crafted PDF document. | 6.8 |
2015-12-16 | CVE-2015-8563 | Joomla | Cross-Site Request Forgery (CSRF) vulnerability in Joomla Joomla! Cross-site request forgery (CSRF) vulnerability in the com_templates component in Joomla! 3.2.0 through 3.3.x and 3.4.x before 3.4.6 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | 6.8 |
2015-12-16 | CVE-2015-7222 | Mozilla Opensuse Fedoraproject | Numeric Errors vulnerability in multiple products Integer underflow in the Metadata::setData function in MetaData.cpp in libstagefright in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allows remote attackers to execute arbitrary code or cause a denial of service (incorrect memory allocation and application crash) via an MP4 video file with crafted covr metadata that triggers a buffer overflow. | 6.8 |
2015-12-16 | CVE-2015-7216 | Fedoraproject Mozilla Gnome Opensuse | Improper Input Validation vulnerability in multiple products The gdk-pixbuf configuration in Mozilla Firefox before 43.0 on Linux GNOME platforms incorrectly enables the JasPer decoder, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted JPEG 2000 image. | 6.8 |
2015-12-16 | CVE-2015-7213 | Opensuse Fedoraproject Mozilla | Numeric Errors vulnerability in multiple products Integer overflow in the MPEG4Extractor::readMetaData function in MPEG4Extractor.cpp in libstagefright in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 on 64-bit platforms allows remote attackers to execute arbitrary code via a crafted MP4 video file that triggers a buffer overflow. | 6.8 |
2015-12-16 | CVE-2015-7204 | Opensuse Fedoraproject Mozilla | Code vulnerability in multiple products Mozilla Firefox before 43.0 does not properly store the properties of unboxed objects, which allows remote attackers to execute arbitrary code via crafted JavaScript variable assignments. | 6.8 |
2015-12-15 | CVE-2015-8572 | Autodesk | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Autodesk Design Review 2013 Multiple buffer overflows in Autodesk Design Review (ADR) before 2013 Hotfix 2 allow remote attackers to execute arbitrary code via crafted RLE data in a (1) BMP or (2) FLI file, (3) encoded scan lines in a PCX file, or (4) DataSubBlock or (5) GlobalColorTable in a GIF file. | 6.8 |
2015-12-15 | CVE-2015-8571 | Autodesk | Numeric Errors vulnerability in Autodesk Design Review 2013 Integer overflow in Autodesk Design Review (ADR) before 2013 Hotfix 2 allows remote attackers to execute arbitrary code via a crafted biClrUsed value in a BMP file, which triggers a buffer overflow. | 6.8 |
2015-12-15 | CVE-2015-8561 | Schneider Electric | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Schneider-Electric Proclima 6.0.1/6.1 The F1BookView ActiveX control in F1 Bookview in Schneider Electric ProClima before 6.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted integer value to the (1) AttachToSS, (2) CopyAll, (3) CopyRange, (4) CopyRangeEx, or (5) SwapTable method, a different vulnerability than CVE-2015-7918. | 6.8 |
2015-12-15 | CVE-2015-7918 | Schneider Electric | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Schneider-Electric Proclima 6.0.1/6.1 Multiple buffer overflows in the F1BookView ActiveX control in F1 Bookview in Schneider Electric ProClima before 6.2 allow remote attackers to execute arbitrary code via the (1) Attach, (2) DefinedName, (3) DefinedNameLocal, (4) ODBCPrepareEx, (5) ObjCreatePolygon, (6) SetTabbedTextEx, or (7) SetValidationRule method, a different vulnerability than CVE-2015-8561. | 6.8 |
2015-12-15 | CVE-2015-6399 | Cisco | Resource Management Errors vulnerability in Cisco Integrated Management Controller Supervisor 1.0.0.0/1.0.0.1 The Supervisor 1.0.0.0 and 1.0.0.1 in Cisco Integrated Management Controller (IMC) before 2.0(9) allows remote authenticated users to cause a denial of service (IP interface outage) via crafted parameters in an HTTP request, aka Bug ID CSCuv38286. | 6.8 |
2015-12-14 | CVE-2015-6378 | Cisco | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Dpq3925 8X4 Docsis 3.0 Wireless Residential Gateway With Embedded Digital Voice Adapter 5.5.2 Cross-site request forgery (CSRF) vulnerability on Cisco DPQ3925 devices with EDVA 5.5.2 allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuv05943. | 6.8 |
2015-12-16 | CVE-2015-8357 | Bitrix | Path Traversal vulnerability in Bitrix Xscan 1.0.3 Directory traversal vulnerability in the bitrix.xscan module before 1.0.4 for Bitrix allows remote authenticated users to rename arbitrary files, and consequently obtain sensitive information or cause a denial of service, via a .. | 6.5 |
2015-12-15 | CVE-2015-8377 | Cacti | SQL Injection vulnerability in Cacti SQL injection vulnerability in the host_new_graphs_save function in graphs_new.php in Cacti 0.8.8f and earlier allows remote authenticated users to execute arbitrary SQL commands via crafted serialized data in the selected_graphs_array parameter in a save action. | 6.5 |
2015-12-16 | CVE-2015-8579 | Kaspersky | Permissions, Privileges, and Access Controls vulnerability in Kaspersky Total Security 2015 15.0.2.361 Kaspersky Total Security 2015 15.0.2.361 allocates memory with Read, Write, Execute (RWX) permissions at predictable addresses when protecting user-mode processes, which allows attackers to bypass the DEP and ASLR protection mechanisms via unspecified vectors. | 6.4 |
2015-12-16 | CVE-2015-8578 | AVG | Permissions, Privileges, and Access Controls vulnerability in AVG Internet Security 2015 AVG Internet Security 2015 allocates memory with Read, Write, Execute (RWX) permissions at predictable addresses when protecting user-mode processes, which allows attackers to bypass the DEP and ASLR protection mechanisms via unspecified vectors. | 6.4 |
2015-12-15 | CVE-2015-8241 | Debian Redhat HP Canonical Xmlsoft | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The xmlNextChar function in libxml2 2.9.2 does not properly check the state, which allows context-dependent attackers to cause a denial of service (heap-based buffer over-read and application crash) or obtain sensitive information via crafted XML data. | 6.4 |
2015-12-15 | CVE-2015-6359 | Cisco | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco IOS The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Cisco IOS 15.3(3)S0.1 on ASR devices mishandles internal tables, which allows remote attackers to cause a denial of service (memory consumption or device crash) via a flood of crafted ND messages, aka Bug ID CSCup28217. | 6.1 |
2015-12-17 | CVE-2015-8368 | Ntop | 7PK - Security Features vulnerability in Ntop Ntopng ntopng (aka ntop) before 2.2 allows remote authenticated users to change the login context and gain privileges via the user cookie and username parameter to admin/password_reset.lua. | 6.0 |
2015-12-15 | CVE-2015-8242 | Xmlsoft HP Apple Canonical Redhat | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The xmlSAX2TextNode function in SAX2.c in the push interface in the HTML parser in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (stack-based buffer over-read and application crash) or obtain sensitive information via crafted XML data. | 5.8 |
2015-12-19 | CVE-2015-7756 | Juniper | Cryptographic Issues vulnerability in Juniper Screenos The encryption implementation in Juniper ScreenOS 6.2.0r15 through 6.2.0r18, 6.3.0r12 before 6.3.0r12b, 6.3.0r13 before 6.3.0r13b, 6.3.0r14 before 6.3.0r14b, 6.3.0r15 before 6.3.0r15b, 6.3.0r16 before 6.3.0r16b, 6.3.0r17 before 6.3.0r17b, 6.3.0r18 before 6.3.0r18b, 6.3.0r19 before 6.3.0r19b, and 6.3.0r20 before 6.3.0r21 makes it easier for remote attackers to discover the plaintext content of VPN sessions by sniffing the network for ciphertext data and conducting an unspecified decryption attack. | 5.0 |
2015-12-19 | CVE-2015-6429 | Cisco | Data Processing Errors vulnerability in Cisco IOS and IOS XE The IKEv1 state machine in Cisco IOS 15.4 through 15.6 and IOS XE 3.15 through 3.17 allows remote attackers to cause a denial of service (IPsec connection termination) via a crafted IKEv1 packet to a tunnel endpoint, aka Bug ID CSCuw08236. | 5.0 |
2015-12-18 | CVE-2015-6428 | Cisco | Information Exposure vulnerability in Cisco Dpq3925 8X4 Docsis 3.0 Wireless Residential Gateway With Embedded Digital Voice Adapter R1Base Cisco DPQ3925 devices with EDVA r1 Base allow remote attackers to obtain sensitive information via a crafted HTTP request, aka Bug ID CSCuv03958. | 5.0 |
2015-12-18 | CVE-2015-6427 | Cisco | 7PK - Security Features vulnerability in Cisco Firesight System Software Cisco FireSIGHT Management Center allows remote attackers to bypass the HTTP attack detection feature and avoid triggering Snort IDS rules via an SSL session that is mishandled after decryption, aka Bug ID CSCux53437. | 5.0 |
2015-12-17 | CVE-2015-8601 | Chat Room Project | Information Exposure vulnerability in Chat Room Project Chat Room 7.X2.0/7.X2.1 The Chat Room module 7.x-2.x before 7.x-2.2 for Drupal does not properly check permissions when setting up a websocket for chat messages, which allows remote attackers to bypass intended access restrictions and read messages from arbitrary Chat Rooms via unspecified vectors. | 5.0 |
2015-12-16 | CVE-2015-8476 | Debian Phpmailer Project | Improper Input Validation vulnerability in multiple products Multiple CRLF injection vulnerabilities in PHPMailer before 5.2.14 allow attackers to inject arbitrary SMTP commands via CRLF sequences in an (1) email address to the validateAddress function in class.phpmailer.php or (2) SMTP command to the sendCommand function in class.smtp.php, a different vulnerability than CVE-2012-0796. | 5.0 |
2015-12-16 | CVE-2015-8000 | Oracle ISC | Improper Input Validation vulnerability in multiple products db.c in named in ISC BIND 9.x before 9.9.8-P2 and 9.10.x before 9.10.3-P2 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via a malformed class attribute. | 5.0 |
2015-12-16 | CVE-2015-6425 | Cisco | Resource Management Errors vulnerability in Cisco Unified Communications Manager 10.5(0.98000.88) The WebApplications Identity Management subsystem in Cisco Unified Communications Manager 10.5(0.98000.88) allows remote attackers to cause a denial of service (subsystem outage) via invalid session tokens, aka Bug ID CSCul83786. | 5.0 |
2015-12-16 | CVE-2015-7219 | Opensuse Mozilla Fedoraproject | Numeric Errors vulnerability in multiple products The HTTP/2 implementation in Mozilla Firefox before 43.0 allows remote attackers to cause a denial of service (integer underflow, assertion failure, and application exit) via a malformed PushPromise frame that triggers decompressed-buffer length miscalculation and incorrect memory allocation. | 5.0 |
2015-12-16 | CVE-2015-7218 | Opensuse Fedoraproject Mozilla | Numeric Errors vulnerability in multiple products The HTTP/2 implementation in Mozilla Firefox before 43.0 allows remote attackers to cause a denial of service (integer underflow, assertion failure, and application exit) via a single-byte header frame that triggers incorrect memory allocation. | 5.0 |
2015-12-16 | CVE-2015-7215 | Fedoraproject Opensuse Mozilla | Information Exposure vulnerability in multiple products The importScripts function in the Web Workers API implementation in Mozilla Firefox before 43.0 allows remote attackers to bypass the Same Origin Policy by triggering use of the no-cors mode in the fetch API to attempt resource access that throws an exception, leading to information disclosure after a rethrow. | 5.0 |
2015-12-16 | CVE-2015-7214 | Opensuse Mozilla Fedoraproject | Information Exposure vulnerability in multiple products Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allow remote attackers to bypass the Same Origin Policy via data: and view-source: URIs. | 5.0 |
2015-12-16 | CVE-2015-7211 | Mozilla Fedoraproject Opensuse | Improper Input Validation vulnerability in multiple products Mozilla Firefox before 43.0 mishandles the # (number sign) character in a data: URI, which allows remote attackers to spoof web sites via unspecified vectors. | 5.0 |
2015-12-16 | CVE-2015-7208 | Mozilla Fedoraproject Opensuse | Information Exposure vulnerability in multiple products Mozilla Firefox before 43.0 stores cookies containing vertical tab characters, which allows remote attackers to obtain sensitive information by reading HTTP Cookie headers. | 5.0 |
2015-12-16 | CVE-2015-7207 | Mozilla Opensuse Fedoraproject | Information Exposure vulnerability in multiple products Mozilla Firefox before 43.0 does not properly restrict the availability of IFRAME Resource Timing API times, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via crafted JavaScript code that leverages history.back and performance.getEntries calls, a related issue to CVE-2015-1300. | 5.0 |
2015-12-15 | CVE-2015-8317 | Debian Canonical Xmlsoft Redhat HP | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The xmlParseXMLDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive information via an (1) unterminated encoding value or (2) incomplete XML declaration in XML data, which triggers an out-of-bounds heap read. | 5.0 |
2015-12-15 | CVE-2015-6411 | Cisco | Information Exposure vulnerability in Cisco Firepower Management Center 5.4.1.3/6.0.0/6.0.1 Cisco FirePOWER Management Center 5.4.1.3, 6.0.0, and 6.0.1 provides verbose responses to requests for help files, which allows remote attackers to obtain potentially sensitive version information by reading an unspecified field, aka Bug ID CSCux37061. | 5.0 |
2015-12-17 | CVE-2015-8340 | XEN | Code vulnerability in XEN The memory_exchange function in common/memory.c in Xen 3.2.x through 4.6.x does not properly release locks, which might allow guest OS administrators to cause a denial of service (deadlock or host crash) via unspecified vectors, related to XENMEM_exchange error handling. | 4.7 |
2015-12-17 | CVE-2015-8339 | XEN | Data Processing Errors vulnerability in XEN The memory_exchange function in common/memory.c in Xen 3.2.x through 4.6.x does not properly hand back pages to a domain, which might allow guest OS administrators to cause a denial of service (host crash) via unspecified vectors related to domain teardown. | 4.7 |
2015-12-17 | CVE-2015-5204 | Apache | HTTP Header Injection vulnerability in Apache Cordova File Transfer 1.2.1 CRLF injection vulnerability in the Apache Cordova File Transfer Plugin (cordova-plugin-file-transfer) for Android before 1.3.0 allows remote attackers to inject arbitrary headers via CRLF sequences in the filename of an uploaded file. | 4.3 |
2015-12-16 | CVE-2015-7217 | Mozilla Gnome Opensuse Fedoraproject | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The gdk-pixbuf configuration in Mozilla Firefox before 43.0 on Linux GNOME platforms incorrectly enables the TGA decoder, which allows remote attackers to cause a denial of service (heap-based buffer overflow) via a crafted Truevision TGA image. | 4.3 |
2015-12-15 | CVE-2015-8247 | Synnefoims | Cross-site Scripting vulnerability in Synnefoims Internet Management Software 2015 Cross-site scripting (XSS) vulnerability in synnefoclient in Synnefo Internet Management Software (IMS) 2015 allows remote attackers to inject arbitrary web script or HTML via the plan_name parameter to packagehistory/listusagesdata. | 4.3 |
2015-12-15 | CVE-2015-4206 | Cisco | Cross-site Scripting vulnerability in Cisco Unified Communications Manager Cisco Unified Communications Manager (UCM) 8.0 through 8.6 allows remote attackers to bypass an XSS protection mechanism via a crafted parameter, aka Bug ID CSCuu15266. | 4.3 |
2015-12-14 | CVE-2015-6416 | Cisco | Cross-site Scripting vulnerability in Cisco Unified web and E-Mail Interaction Manager 11.0(1) Cross-site scripting (XSS) vulnerability in Cisco Unified Email Interaction Manager and Unified Web Interaction Manager 11.0(1) allows remote attackers to inject arbitrary web script or HTML a crafted URL, aka Bug ID CSCuw24479. | 4.3 |
2015-12-14 | CVE-2015-6402 | Cisco | Cross-site Scripting vulnerability in Cisco Epc3928 Docsis 3.0 8X4 Wireless Residential Gateway With Embedded Digital Voice Adapter 5.5.10/5.5.11/5.7.1 Cross-site scripting (XSS) vulnerability in the management interface on Cisco EPC3928 devices with EDVA 5.5.10, 5.5.11, and 5.7.1 allows remote attackers to inject arbitrary web script or HTML via an unspecified value, aka Bug ID CSCux24935. | 4.3 |
2015-12-16 | CVE-2015-7223 | Fedoraproject Mozilla Opensuse | Permissions, Privileges, and Access Controls vulnerability in multiple products The WebExtension APIs in Mozilla Firefox before 43.0 allow remote attackers to gain privileges, and possibly obtain sensitive information or conduct cross-site scripting (XSS) attacks, via a crafted web site. | 4.0 |
2015-12-15 | CVE-2015-6404 | Cisco | Information Exposure vulnerability in Cisco Hosted Collaboration Solution 10.6(3)Base Cisco Hosted Collaboration Mediation Fulfillment 10.6(3) does not use RBAC, which allows remote authenticated users to obtain sensitive credential information by leveraging admin access and making SOAP API requests, aka Bug ID CSCuw84374. | 4.0 |
2015-12-15 | CVE-2015-5004 | IBM | Information Exposure vulnerability in IBM Websphere Application Server The Edge Component Caching Proxy in IBM WebSphere Application Server (WAS) 8.0 before 8.0.0.12 and 8.5 before 8.5.5.8 does not properly encrypt data, which allows remote authenticated users to obtain sensitive information via unspecified vectors. | 4.0 |
2015-12-14 | CVE-2015-6422 | Cisco | Resource Management Errors vulnerability in Cisco Unified Communications Domain Manager 10.6.1 The self-service application in Cisco Unified Communications Domain Manager (CUCDM) 10.6(1) allows remote authenticated users to cause a denial of service (subapplication outage) via malformed requests, aka Bug ID CSCuu10981. | 4.0 |
2015-12-14 | CVE-2015-6410 | Cisco | Improper Input Validation vulnerability in Cisco Telepresence Video Communication Server Software X8.5 The Mobile and Remote Access (MRA) services implementation in Cisco Unified Communications Manager mishandles edge-device identity validation, which allows remote attackers to bypass intended call-reception and call-setup restrictions by spoofing a user, aka Bug ID CSCuu97283. | 4.0 |
4 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2015-12-17 | CVE-2015-8602 | Token Insert Entity Project | Information Exposure vulnerability in Token Insert Entity Project Token Insert Entity 7.X1.0 The Token Insert Entity module 7.x-1.x before 7.x-1.1 for Drupal does not properly check permissions, which allows remote authenticated users with certain permissions to bypass intended access restrictions and possibly obtain sensitive information by inserting a token, which embeds a rendered entity in the main node. | 3.5 |
2015-12-16 | CVE-2015-5304 | Redhat | Permissions, Privileges, and Access Controls vulnerability in Redhat Jboss Enterprise Application Platform Red Hat JBoss Enterprise Application Platform (EAP) before 6.4.5 does not properly authorize access to shut down the server, which allows remote authenticated users with the Monitor, Deployer, or Auditor role to cause a denial of service via unspecified vectors. | 3.5 |
2015-12-16 | CVE-2015-8577 | Mcafee | Permissions, Privileges, and Access Controls vulnerability in Mcafee Virusscan Enterprise The Buffer Overflow Protection (BOP) feature in McAfee VirusScan Enterprise before 8.8 Patch 6 allocates memory with Read, Write, Execute (RWX) permissions at predictable addresses on 32-bit platforms when protecting another application, which allows attackers to bypass the DEP and ASLR protection mechanisms via unspecified vectors. | 2.6 |
2015-12-18 | CVE-2015-6556 | Symantec | Information Exposure vulnerability in Symantec Endpoint Encryption EACommunicatorSrv.exe in the Framework Service in the client in Symantec Endpoint Encryption (SEE) before 11.1.0 allows remote authenticated users to discover credentials by triggering a memory dump. | 2.3 |