Upload
others
View
6
Download
0
Embed Size (px)
Citation preview
Vulnerability Summary for the Week of December 14, 2015Please Note:
• The vulnerabilities are cattegorized by their level of severity which is either High, Medium or Low.
• The CVE indentity number is the publicly known ID given to that particular vulnerability. Therefore you can
search the status of that particular vulnerability using that ID.
• The CVSS (Common Vulnerability Scoring System) score is a standard scoring system used to determine the
severity of the vulnerability.
High Severity Vulnerabilities
The Primary Vendor --- Product
Description Date Published
CVSS Score
The CVE Identity
accunetix --
web_vulnerability_scanne
r
The AcuWVSSchedulerv10 service in Acunetix
Web Vulnerability Scanner (WVS) before 10 build
20151125 allows local users to gain privileges via
a command parameter in the reporttemplate
property in a params JSON object to
api/addScan.
2015-12-17 7.2 CVE-2015-4027EXPLOIT-DB (link is external)CONFIRM (linkis external)MISC (link is external)
apache --
commons_collections
Serialized-object interfaces in certain Cisco
Collaboration and Social Media; Endpoint Clients
and Client Software; Network Application,
Service, and Acceleration; Network and Content
Security Devices; Network Management and
Provisioning; Routing and Switching - Enterprise
and Service Provider; Unified Computing; Voice
and Unified Communications Devices; Video,
Streaming, TelePresence, and Transcoding
Devices; Wireless; and Cisco Hosted Services
products allow remote attackers to execute
arbitrary commands via a crafted serialized Java
object, related to the Apache Commons
Collections (ACC) library.
2015-12-15 7.5 CVE-2015-6420CISCO (link is external)
apache -- tomee The EjbObjectInputStream class in Apache
TomEE allows remote attackers to execute
arbitrary commands via a serialized Java stream.
2015-12-16 7.5 CVE-2015-8581MISC (link is external)BID (link is external)
bitrix -- mpbuilder Directory traversal vulnerability in the
bitrix.mpbuilder module before 1.0.12 for Bitrix
allows remote administrators to include and
execute arbitrary local files via a .. (dot dot) in
the element name of the "work" array parameter
to admin/bitrix.mpbuilder_step2.php.
2015-12-16 9.0 CVE-2015-8358MISC (link is external)CONFIRM (linkis external)BUGTRAQ (link is external)MISC (link is external)
cacti -- cacti SQL injection vulnerability in
include/top_graph_header.php in Cacti 0.8.8f
and earlier allows remote attackers to execute
arbitrary SQL commands via the rra_id
parameter in a properties action to graph.php.
2015-12-17 7.5 CVE-2015-8369FULLDISCMISC (link is external)
cisco --
prime_collaboration_assu
rance
Cisco Prime Collaboration Assurance before 11.0
has a hardcoded cmuser account, which allows
remote attackers to obtain access by
establishing an SSH session and leveraging
knowledge of this account's password, aka Bug
ID CSCus62707.
2015-12-12 9.0 CVE-2015-6389CISCO (link is external)
cisco --
epc3928_docsis_3.0_8x4_
wireless_residential_
gateway_with_embedded
_digital_voice_adapter
Cisco EPC3928 devices with EDVA 5.5.10, 5.5.11,
and 5.7.1 allow remote attackers to bypass an
intended authentication requirement and
execute unspecified administrative functions via
a crafted HTTP request, aka Bug ID CSCux24941.
2015-12-13 7.5 CVE-2015-6401CISCO (link is external)
cisco -- spa300_firmware The TFTP implementation on Cisco Small
Business SPA30x, SPA50x, SPA51x phones 7.5.7
improperly validates firmware-image file
integrity, which allows local users to load a
Trojan horse image by leveraging shell access,
aka Bug ID CSCut67400.
2015-12-15 7.2 CVE-2015-6403CISCO (link is external)
cisco --
unified_computing_syste
m
Cisco Unified Computing System (UCS) 2.2(3f)A
on Fabric Interconnect 6200 devices allows
remote attackers to cause a denial of service
(CPU consumption or device outage) via a SYN
flood on the SSH port during the booting
2015-12-12 7.1 CVE-2015-6415CISCO (link is external)
process, aka Bug ID CSCuu81757.
cisco --
application_policy_infrast
ructure_controller
The boot manager in Cisco Application Policy
Infrastructure Controller (APIC) 1.1(0.920a)
allows local users to bypass intended access
restrictions and obtain single-user-mode root
access via unspecified vectors, aka Bug ID
CSCuu83985.
2015-12-18 7.2 CVE-2015-6424CISCO (link is external)
cisco --
prime_network_services_
controller
Cisco Prime Network Services Controller 3.0
allows local users to bypass intended access
restrictions and execute arbitrary commands via
additional parameters to an unspecified
command, aka Bug ID CSCus99427.
2015-12-18 7.2 CVE-2015-6426CISCO (link is external)
cool_video_gallery_proje
ct -- cool_video_gallery
lib/core.php in the Cool Video Gallery plugin 1.9
for WordPress allows remote attackers to
execute arbitrary code via shell metacharacters
in the "Width of preview image" and possibly
other input fields in the "Video Gallery Settings"
page.
2015-12-17 7.5 CVE-2015-7527MISC (link is external)MISCMISC (link is external)BUGTRAQ (link is external)MLIST (link is external)MISC (link is external)
gnu -- glibc The get_contents function in nss_files/files-
XXX.c in the Name Service Switch (NSS) in GNU C
Library (aka glibc or libc6) before 2.20 might
allow local users to cause a denial of service
(heap corruption) or gain privileges via a long
line in the NSS files database.
2015-12-17 7.2 CVE-2015-5277MLISTCONFIRMCONFIRM (linkis external)SECTRACK (link is external)REDHAT (link is external)
google -- chrome The ObjectBackedNativeHandler class in
extensions/renderer/object_backed_native_han
dler.cc in the extensions subsystem in Google
Chrome before 47.0.2526.80 improperly
implements handler functions, which allows
remote attackers to cause a denial of service or
possibly have unspecified other impact via
vectors that leverage "type confusion."
2015-12-14 10.0 CVE-2015-6788CONFIRMCONFIRM (linkis external)CONFIRM (linkis external)
google -- chrome Race condition in the MutationObserver
implementation in Blink, as used in Google
2015-12-14 9.3 CVE-2015-6789CONFIRMCONFIRM (link
Chrome before 47.0.2526.80, allows remote
attackers to cause a denial of service (use-after-
free) or possibly have unspecified other impact
by leveraging unanticipated object deletion.
is external)CONFIRM (linkis external)
google -- chrome Multiple unspecified vulnerabilities in Google
Chrome before 47.0.2526.80 allow attackers to
cause a denial of service or possibly have other
impact via unknown vectors.
2015-12-14 10.0 CVE-2015-6791CONFIRM (linkis external)CONFIRM (linkis external)CONFIRM (linkis external)CONFIRM (linkis external)CONFIRM (linkis external)CONFIRM (linkis external)
google -- chrome Multiple unspecified vulnerabilities in Google V8
before 4.7.80.23, as used in Google Chrome
before 47.0.2526.80, allow attackers to cause a
denial of service or possibly have other impact
via unknown vectors, a different issue than CVE-
2015-8478.
2015-12-14 10.0 CVE-2015-8548CONFIRM (linkis external)
isc -- bind Race condition in resolver.c in named in ISC BIND
9.9.8 before 9.9.8-P2 and 9.10.3 before 9.10.3-P2
allows remote attackers to cause a denial of
service (INSIST assertion failure and daemon
exit) via unspecified vectors.
2015-12-16 7.1 CVE-2015-8461CONFIRM
joomla -- joomla! Joomla! 1.5.x, 2.x, and 3.x before 3.4.6 allow
remote attackers to conduct PHP object injection
attacks and execute arbitrary PHP code via the
HTTP User-Agent header, as exploited in the wild
in December 2015.
2015-12-16 7.5 CVE-2015-8562CONFIRMMISC (link is external)BID (link is external)
joomla -- joomla! Directory traversal vulnerability in Joomla! 3.4.x
before 3.4.6 allows remote attackers to have
unspecified impact via directory traversal
sequences in the XML install file in an extension
package archive.
2015-12-16 7.5 CVE-2015-8564CONFIRM
joomla -- joomla! Directory traversal vulnerability in Joomla! 3.2.0
through 3.3.x and 3.4.x before 3.4.6 allows
remote attackers to have unspecified impact via
2015-12-16 7.5 CVE-2015-8565CONFIRM
unknown vectors.
joomla -- session The Session package 1.x before 1.3.1 for Joomla!
Framework allows remote attackers to execute
arbitrary code via unspecified session values.
2015-12-16 7.5 CVE-2015-8566CONFIRMBID (link is external)
lepide --
active_directory_self_serv
ice
The password reset functionality in Lepide
Active Directory Self Service allows remote
authenticated users to change arbitrary domain
user passwords via a crafted request.
2015-12-15 7.4 CVE-2015-8570MISC (link is external)
linuxfoundation -- cups-
filters
Incomplete blacklist vulnerability in util.c in
foomatic-rip in cups-filters 1.0.42 before 1.2.0
and in foomatic-filters in Foomatic 4.0.x allows
remote attackers to execute arbitrary commands
via ` (backtick) characters in a print job.
2015-12-17 7.5 CVE-2015-8327MLISTMLISTCONFIRMUBUNTU (link is external)UBUNTU (link is external)DEBIANCONFIRMCONFIRM
mozilla -- firefox Multiple unspecified vulnerabilities in the
browser engine in Mozilla Firefox before 43.0
and Firefox ESR 38.x before 38.5 allow remote
attackers to cause a denial of service (memory
corruption and application crash) or possibly
execute arbitrary code via unknown vectors.
2015-12-16 10.0 CVE-2015-7201CONFIRMCONFIRMCONFIRMCONFIRM
mozilla -- firefox Multiple unspecified vulnerabilities in the
browser engine in Mozilla Firefox before 43.0
allow remote attackers to cause a denial of
service (memory corruption and application
crash) or possibly execute arbitrary code via
unknown vectors.
2015-12-16 10.0 CVE-2015-7202CONFIRMCONFIRMCONFIRMCONFIRMCONFIRMCONFIRMCONFIRMCONFIRMCONFIRMCONFIRMCONFIRMCONFIRMCONFIRMCONFIRM
mozilla -- firefox Buffer overflow in the
DirectWriteFontInfo::LoadFontFamilyData
function in gfx/thebes/gfxDWriteFontList.cpp in
Mozilla Firefox before 43.0 might allow remote
2015-12-16 10.0 CVE-2015-7203CONFIRMCONFIRMCONFIRM
attackers to cause a denial of service or possibly
have unspecified other impact via a crafted font-
family name.
mozilla -- firefox Integer underflow in the
RTPReceiverVideo::ParseRtpPacket function in
Mozilla Firefox before 43.0 and Firefox ESR 38.x
before 38.5 might allow remote attackers to
obtain sensitive information, cause a denial of
service, or possibly have unspecified other
impact by triggering a crafted WebRTC RTP
packet.
2015-12-16 10.0 CVE-2015-7205CONFIRMCONFIRM
mozilla -- firefox Use-after-free vulnerability in Mozilla Firefox
before 43.0 and Firefox ESR 38.x before 38.5
allows remote attackers to execute arbitrary
code by triggering attempted use of a data
channel that has been closed by a WebRTC
function.
2015-12-16 7.5 CVE-2015-7210CONFIRMCONFIRM
mozilla -- firefox Integer overflow in the
mozilla::layers::BufferTextureClient::AllocateForS
urface function in Mozilla Firefox before 43.0 and
Firefox ESR 38.x before 38.5 allows remote
attackers to execute arbitrary code by triggering
a graphics operation that requires a large texture
allocation.
2015-12-16 7.5 CVE-2015-7212CONFIRMCONFIRM
mozilla -- firefox Buffer overflow in the XDRBuffer::grow function
in js/src/vm/Xdr.cpp in Mozilla Firefox before
43.0 might allow remote attackers to cause a
denial of service or possibly have unspecified
other impact via crafted JavaScript code.
2015-12-16 10.0 CVE-2015-7220CONFIRMCONFIRMCONFIRM
mozilla -- firefox Buffer overflow in the nsDeque::GrowCapacity
function in xpcom/glue/nsDeque.cpp in Mozilla
Firefox before 43.0 might allow remote attackers
to cause a denial of service or possibly have
unspecified other impact by triggering a deque
size change.
2015-12-16 10.0 CVE-2015-7221CONFIRMCONFIRMCONFIRM
sap -- mobile_platform The SysAdminWebTool servlets in SAP Mobile
Platform allow remote attackers to bypass
authentication and obtain sensitive information,
2015-12-17 7.5 CVE-2015-8600MISC (link is external)MISC (link is
gain privileges, or have unspecified other impact
via unknown vectors, aka SAP Security Note
2227855.
external)
xen -- xen Xen 4.6.x and earlier does not properly enforce
limits on page order inputs for the (1)
XENMEM_increase_reservation, (2)
XENMEM_populate_physmap, (3)
XENMEM_exchange, and possibly other
HYPERVISOR_memory_op suboperations, which
allows ARM guest OS administrators to cause a
denial of service (CPU consumption, guest
reboot, or watchdog timeout and host reboot)
and possibly have unspecified other impact via
unknown vectors.
2015-12-17 7.2 CVE-2015-8338CONFIRM
xen -- xen The libxl toolstack library in Xen 4.1.x through
4.6.x does not properly release mappings of files
used as kernels and initial ramdisks when
managing multiple domains in the same
process, which allows attackers to cause a denial
of service (memory and disk consumption) by
starting domains.
2015-12-17 7.8 CVE-2015-8341CONFIRM
xmlsoft -- libxml2 The xmlStringLenDecodeEntities function in
parser.c in libxml2 before 2.9.3 does not properly
prevent entity expansion, which allows context-
dependent attackers to cause a denial of service
(CPU consumption) via crafted XML data, a
different vulnerability than CVE-2014-3660.
2015-12-15 7.1 CVE-2015-5312CONFIRMCONFIRM (linkis external)CONFIRMUBUNTU (link is external)REDHAT (link is external)REDHAT (link is external)
Medium Severity Vulnerabilities
The Primary Vendor --- Product
Description Date Published CVSSScore
The CVE Identity
apache --
cordova_file_transf
er
CRLF injection vulnerability in the Apache Cordova
File Transfer Plugin (cordova-plugin-file-transfer)
for Android before 1.3.0 allows remote attackers to
inject arbitrary headers via CRLF sequences in the
filename of an uploaded file.
2015-12-17 4.3 CVE-2015-5204CONFIRMBID (link is external)
autodesk --
design_review
Integer overflow in Autodesk Design Review (ADR)
before 2013 Hotfix 2 allows remote attackers to
execute arbitrary code via a crafted biClrUsed value
in a BMP file, which triggers a buffer overflow.
2015-12-15 6.8 CVE-2015-8571CONFIRM (linkis external)MISC (link is external)
autodesk --
design_review
Multiple buffer overflows in Autodesk Design
Review (ADR) before 2013 Hotfix 2 allow remote
attackers to execute arbitrary code via crafted RLE
data in a (1) BMP or (2) FLI file, (3) encoded scan
lines in a PCX file, or (4) DataSubBlock or (5)
GlobalColorTable in a GIF file.
2015-12-15 6.8 CVE-2015-8572CONFIRM (linkis external)MISC (link is external)MISC (link is external)MISC (link is external)MISC (link is external)MISC (link is external)
avg --
internet_security
AVG Internet Security 2015 allocates memory with
Read, Write, Execute (RWX) permissions at
predictable addresses when protecting user-mode
processes, which allows attackers to bypass the DEP
and ASLR protection mechanisms via unspecified
vectors.
2015-12-16 6.4 CVE-2015-8578MISC (link is external)MISC (link is external)MISC (link is external)
bitrix -- xscan Directory traversal vulnerability in the bitrix.xscan
module before 1.0.4 for Bitrix allows remote
authenticated users to rename arbitrary files, and
consequently obtain sensitive information or cause
a denial of service, via a .. (dot dot) in the file
parameter to admin/bitrix.xscan_worker.php.
2015-12-16 6.5 CVE-2015-8357MISC (link is external)CONFIRM (linkis external)BUGTRAQ (link is external)MISC (link is external)
cacti -- cacti SQL injection vulnerability in the
host_new_graphs_save function in
2015-12-15 6.5 CVE-2015-8377FULLDISC
graphs_new.php in Cacti 0.8.8f and earlier allows
remote authenticated users to execute arbitrary
SQL commands via crafted serialized data in the
selected_graphs_array parameter in a save action.
chat_room_project
-- chat_room
The Chat Room module 7.x-2.x before 7.x-2.2 for
Drupal does not properly check permissions when
setting up a websocket for chat messages, which
allows remote attackers to bypass intended access
restrictions and read messages from arbitrary Chat
Rooms via unspecified vectors.
2015-12-17 5.0 CVE-2015-8601MISCCONFIRM
cisco --
unified_communica
tions_manager
Cisco Unified Communications Manager (UCM) 8.0
through 8.6 allows remote attackers to bypass an
XSS protection mechanism via a crafted parameter,
aka Bug ID CSCuu15266.
2015-12-15 4.3 CVE-2015-4206CISCO (link is external)
cisco -- ios The Neighbor Discovery (ND) protocol
implementation in the IPv6 stack in Cisco IOS
15.3(3)S0.1 on ASR devices mishandles internal
tables, which allows remote attackers to cause a
denial of service (memory consumption or device
crash) via a flood of crafted ND messages, aka Bug
ID CSCup28217.
2015-12-15 6.1 CVE-2015-6359CISCO (link is external)
cisco --
dpc3939_wireless_r
esidential_voice_ga
teway_firmware
The administrative web interface on Cisco DPC3939
(XB3) devices with firmware 121109aCMCST allows
remote authenticated users to execute arbitrary
commands via unspecified fields, aka Bug ID
CSCuw86170.
2015-12-12 6.5 CVE-2015-6361CISCO (link is external)
cisco --
dpq3925_8x4_docsi
s_3.0_wireless_resi
dential_
gateway_with_emb
edded_digital_voic
e_adapter
Cross-site request forgery (CSRF) vulnerability on
Cisco DPQ3925 devices with EDVA 5.5.2 allows
remote attackers to hijack the authentication of
arbitrary users, aka Bug ID CSCuv05943.
2015-12-13 6.8 CVE-2015-6378CISCO (link is external)
cisco --
prime_service_catal
og
Cisco Prime Service Catalog 10.0, 10.0(R2), 10.1, and
11.0 does not properly restrict access to web pages,
which allows remote attackers to modify the
configuration via a direct request, aka Bug ID
CSCuw48188.
2015-12-12 6.5 CVE-2015-6395CISCO (link is external)
cisco --
integrated_manage
ment_controller_su
pervisor
The Supervisor 1.0.0.0 and 1.0.0.1 in Cisco
Integrated Management Controller (IMC) before
2.0(9) allows remote authenticated users to cause a
denial of service (IP interface outage) via crafted
parameters in an HTTP request, aka Bug ID
CSCuv38286.
2015-12-15 6.8 CVE-2015-6399CISCO (link is external)
cisco --
emergency_respon
der
Multiple cross-site scripting (XSS) vulnerabilities in
Cisco Emergency Responder 10.5(1a) allow remote
attackers to inject arbitrary web script or HTML via
unspecified fields, aka Bug ID CSCuv25547.
2015-12-12 4.3 CVE-2015-6400CISCO (link is external)
cisco --
epc3928_docsis_3.0
_8x4_wireless_resid
ential_
gateway_with_emb
edded_digital_voic
e_adapter
Cross-site scripting (XSS) vulnerability in the
management interface on Cisco EPC3928 devices
with EDVA 5.5.10, 5.5.11, and 5.7.1 allows remote
attackers to inject arbitrary web script or HTML via
an unspecified value, aka Bug ID CSCux24935.
2015-12-13 4.3 CVE-2015-6402CISCO (link is external)
cisco --
hosted_collaboratio
n_solution
Cisco Hosted Collaboration Mediation Fulfillment
10.6(3) does not use RBAC, which allows remote
authenticated users to obtain sensitive credential
information by leveraging admin access and
making SOAP API requests, aka Bug ID
CSCuw84374.
2015-12-15 4.0 CVE-2015-6404CISCO (link is external)
cisco --
emergency_respon
der
Cross-site request forgery (CSRF) vulnerability in
Cisco Emergency Responder 10.5(1) and 10.5(1a)
allows remote attackers to hijack the authentication
of arbitrary users, aka Bug ID CSCuv26501.
2015-12-12 6.8 CVE-2015-6405CISCO (link is external)
cisco --
emergency_respon
der
Directory traversal vulnerability in the Tools menu
in Cisco Emergency Responder 10.5(1.10000.5)
allows remote authenticated users to write to
arbitrary files via a crafted filename, aka Bug ID
CSCuv21781.
2015-12-12 4.0 CVE-2015-6406CISCO (link is external)
cisco --
emergency_respon
der
Cisco Emergency Responder 10.5(3.10000.9) allows
remote attackers to upload files to arbitrary
locations via a crafted parameter, aka Bug ID
CSCuv25501.
2015-12-12 4.0 CVE-2015-6407CISCO (link is external)
cisco --
unity_connection
Cross-site request forgery (CSRF) vulnerability in
Cisco Unity Connection 11.5(0.98) allows remote
2015-12-12 6.8 CVE-2015-6408CISCO (link is
attackers to hijack the authentication of arbitrary
users, aka Bug ID CSCux24578.
external)
cisco --
telepresence_video
_communication_se
rver_software
The Mobile and Remote Access (MRA) services
implementation in Cisco Unified Communications
Manager mishandles edge-device identity
validation, which allows remote attackers to bypass
intended call-reception and call-setup restrictions
by spoofing a user, aka Bug ID CSCuu97283.
2015-12-13 4.0 CVE-2015-6410CISCO (link is external)
cisco --
firepower_manage
ment_center
Cisco FirePOWER Management Center 5.4.1.3, 6.0.0,
and 6.0.1 provides verbose responses to requests
for help files, which allows remote attackers to
obtain potentially sensitive version information by
reading an unspecified field, aka Bug ID
CSCux37061.
2015-12-15 5.0 CVE-2015-6411CISCO (link is external)
cisco --
telepresence_video
_communication_se
rver_software
Cisco TelePresence Video Communication Server
(VCS) Expressway X8.6 allows remote authenticated
users to bypass intended read-only restrictions and
upload Tandberg Linux Package (TLP) files by
visiting an administrative page, aka Bug ID
CSCuw55651.
2015-12-12 4.0 CVE-2015-6413CISCO (link is external)
cisco --
unified_web_and_e
-
mail_interaction_m
anager
Cross-site scripting (XSS) vulnerability in Cisco
Unified Email Interaction Manager and Unified Web
Interaction Manager 11.0(1) allows remote
attackers to inject arbitrary web script or HTML a
crafted URL, aka Bug ID CSCuw24479.
2015-12-13 4.3 CVE-2015-6416CISCO (link is external)
cisco --
videoscape_distribu
tion_suite_service_
manager
Cisco Videoscape Distribution Suite Service
Manager (VDS-SM) 3.4.0 and earlier does not always
use RBAC for backend database access, which
allows remote authenticated users to read or write
to database entries via (1) the GUI or (2) a crafted
HTTP request, aka Bug ID CSCuv87025.
2015-12-12 6.5 CVE-2015-6417CISCO (link is external)
cisco -- rv016_multi-
wan_vpn_firmware
The random-number generator on Cisco Small
Business RV routers 4.x and SA500 security
appliances 2.2.07 does not have sufficient entropy,
which makes it easier for remote attackers to
determine a TLS key pair via unspecified
computations upon handshake key-exchange data,
aka Bug ID CSCus15224.
2015-12-12 4.3 CVE-2015-6418CISCO (link is external)
cisco --
firesight_system_so
ftware
Cisco FireSIGHT Management Center with software
4.10.3, 5.2.0, 5.3.0, 5.3.1, and 5.4.0 allows remote
authenticated users to read arbitrary files via a
crafted GET request, aka Bug ID CSCur25410.
2015-12-12 6.8 CVE-2015-6419CISCO (link is external)
cisco --
unified_communica
tions_domain_man
ager
The self-service application in Cisco Unified
Communications Domain Manager (CUCDM) 10.6(1)
allows remote authenticated users to cause a denial
of service (subapplication outage) via malformed
requests, aka Bug ID CSCuu10981.
2015-12-13 4.0 CVE-2015-6422CISCO (link is external)
cisco --
unified_communica
tions_manager
The WebApplications Identity Management
subsystem in Cisco Unified Communications
Manager 10.5(0.98000.88) allows remote attackers
to cause a denial of service (subsystem outage) via
invalid session tokens, aka Bug ID CSCul83786.
2015-12-16 5.0 CVE-2015-6425CISCO (link is external)
cisco --
firesight_system_so
ftware
Cisco FireSIGHT Management Center allows remote
attackers to bypass the HTTP attack detection
feature and avoid triggering Snort IDS rules via an
SSL session that is mishandled after decryption, aka
Bug ID CSCux53437.
2015-12-18 5.0 CVE-2015-6427CISCO (link is external)
cisco --
dpq3925_8x4_docsi
s_3.0_wireless_resi
dential_
gateway_with_emb
edded_digital_voic
e_adapter
Cisco DPQ3925 devices with EDVA r1 Base allow
remote attackers to obtain sensitive information via
a crafted HTTP request, aka Bug ID CSCuv03958.
2015-12-18 5.0 CVE-2015-6428CISCO (link is external)
foxitsoftware --
phantompdf
Multiple use-after-free vulnerabilities in the (1) Print
method and (2) App object handling in Foxit Reader
before 7.2.2 and Foxit PhantomPDF before 7.2.2
allow remote attackers to execute arbitrary code via
a crafted PDF document.
2015-12-16 6.8 CVE-2015-8580CONFIRM (linkis external)MISC (link is external)MISC (link is external)
gnu -- grub2 Multiple integer underflows in Grub2 1.98 through
2.02 allow physically proximate attackers to bypass
authentication, obtain sensitive information, or
cause a denial of service (disk corruption) via
backspace characters in the (1) grub_username_get
function in grub-core/normal/auth.c or the (2)
grub_password_get function in lib/crypto.c, which
2015-12-16 6.9 CVE-2015-8370BUGTRAQ (link is external)MLIST (link is external)FEDORAMISC
trigger an "Off-by-two" or "Out of bounds
overwrite" memory error.
google -- chrome The WebPageSerializerImpl::openTagToString
function in
WebKit/Source/web/WebPageSerializerImpl.cpp in
the page serializer in Google Chrome before
47.0.2526.80 does not properly use HTML entities,
which might allow remote attackers to inject
arbitrary web script or HTML via a crafted
document, as demonstrated by a double-quote
character inside a single-quoted string.
2015-12-14 4.3 CVE-2015-6790CONFIRMCONFIRM (linkis external)CONFIRM (linkis external)
ibm --
websphere_applicat
ion_server
The Edge Component Caching Proxy in IBM
WebSphere Application Server (WAS) 8.0 before
8.0.0.12 and 8.5 before 8.5.5.8 does not properly
encrypt data, which allows remote authenticated
users to obtain sensitive information via
unspecified vectors.
2015-12-15 4.0 CVE-2015-5004CONFIRM (linkis external)AIXAPAR (link is external)
isc -- bind db.c in named in ISC BIND 9.x before 9.9.8-P2 and
9.10.x before 9.10.3-P2 allows remote attackers to
cause a denial of service (REQUIRE assertion failure
and daemon exit) via a malformed class attribute.
2015-12-16 5.0 CVE-2015-8000CONFIRM
joomla -- joomla! Cross-site request forgery (CSRF) vulnerability in the
com_templates component in Joomla! 3.2.0
through 3.3.x and 3.4.x before 3.4.6 allows remote
attackers to hijack the authentication of unspecified
victims via unknown vectors.
2015-12-16 6.8 CVE-2015-8563CONFIRMBID (link is external)
kaspersky --
total_security_2015
Kaspersky Total Security 2015 15.0.2.361 allocates
memory with Read, Write, Execute (RWX)
permissions at predictable addresses when
protecting user-mode processes, which allows
attackers to bypass the DEP and ASLR protection
mechanisms via unspecified vectors.
2015-12-16 6.4 CVE-2015-8579MISC (link is external)MISC (link is external)
mozilla -- firefox Mozilla Firefox before 43.0 does not properly store
the properties of unboxed objects, which allows
remote attackers to execute arbitrary code via
crafted JavaScript variable assignments.
2015-12-16 6.8 CVE-2015-7204CONFIRMCONFIRM
mozilla -- firefox Mozilla Firefox before 43.0 does not properly
restrict the availability of IFRAME Resource Timing
2015-12-16 5.0 CVE-2015-7207MISC (link is
API times, which allows remote attackers to bypass
the Same Origin Policy and obtain sensitive
information via crafted JavaScript code that
leverages history.back and performance.getEntries
calls, a related issue to CVE-2015-1300.
external)CONFIRMCONFIRM
mozilla -- firefox Mozilla Firefox before 43.0 stores cookies
containing vertical tab characters, which allows
remote attackers to obtain sensitive information by
reading HTTP Cookie headers.
2015-12-16 5.0 CVE-2015-7208CONFIRMCONFIRM
mozilla -- firefox Mozilla Firefox before 43.0 mishandles the #
(number sign) character in a data: URI, which allows
remote attackers to spoof web sites via unspecified
vectors.
2015-12-16 5.0 CVE-2015-7211CONFIRMCONFIRM
mozilla -- firefox Integer overflow in the
MPEG4Extractor::readMetaData function in
MPEG4Extractor.cpp in libstagefright in Mozilla
Firefox before 43.0 and Firefox ESR 38.x before 38.5
on 64-bit platforms allows remote attackers to
execute arbitrary code via a crafted MP4 video file
that triggers a buffer overflow.
2015-12-16 6.8 CVE-2015-7213CONFIRMCONFIRM
mozilla -- firefox Mozilla Firefox before 43.0 and Firefox ESR 38.x
before 38.5 allow remote attackers to bypass the
Same Origin Policy via data: and view-source: URIs.
2015-12-16 5.0 CVE-2015-7214CONFIRMCONFIRM
mozilla -- firefox The importScripts function in the Web Workers API
implementation in Mozilla Firefox before 43.0
allows remote attackers to bypass the Same Origin
Policy by triggering use of the no-cors mode in the
fetch API to attempt resource access that throws an
exception, leading to information disclosure after a
rethrow.
2015-12-16 5.0 CVE-2015-7215MISCMISC (link is external)MISC (link is external)CONFIRMCONFIRM
mozilla -- firefox The gdk-pixbuf configuration in Mozilla Firefox
before 43.0 on Linux GNOME platforms incorrectly
enables the JasPer decoder, which allows remote
attackers to cause a denial of service or possibly
have unspecified other impact via a crafted JPEG
2000 image.
2015-12-16 6.8 CVE-2015-7216CONFIRMCONFIRM
mozilla -- firefox The gdk-pixbuf configuration in Mozilla Firefox
before 43.0 on Linux GNOME platforms incorrectly
2015-12-16 4.3 CVE-2015-7217CONFIRM
enables the TGA decoder, which allows remote
attackers to cause a denial of service (heap-based
buffer overflow) via a crafted Truevision TGA image.
CONFIRM
mozilla -- firefox The HTTP/2 implementation in Mozilla Firefox
before 43.0 allows remote attackers to cause a
denial of service (integer underflow, assertion
failure, and application exit) via a single-byte
header frame that triggers incorrect memory
allocation.
2015-12-16 5.0 CVE-2015-7218CONFIRMCONFIRM
mozilla -- firefox The HTTP/2 implementation in Mozilla Firefox
before 43.0 allows remote attackers to cause a
denial of service (integer underflow, assertion
failure, and application exit) via a malformed
PushPromise frame that triggers decompressed-
buffer length miscalculation and incorrect memory
allocation.
2015-12-16 5.0 CVE-2015-7219CONFIRMCONFIRM
mozilla -- firefox Integer underflow in the Metadata::setData
function in MetaData.cpp in libstagefright in
Mozilla Firefox before 43.0 and Firefox ESR 38.x
before 38.5 allows remote attackers to execute
arbitrary code or cause a denial of service (incorrect
memory allocation and application crash) via an
MP4 video file with crafted covr metadata that
triggers a buffer overflow.
2015-12-16 6.8 CVE-2015-7222CONFIRMCONFIRM
mozilla -- firefox The WebExtension APIs in Mozilla Firefox before
43.0 allow remote attackers to gain privileges, and
possibly obtain sensitive information or conduct
cross-site scripting (XSS) attacks, via a crafted web
site.
2015-12-16 4.0 CVE-2015-7223CONFIRMCONFIRM
ntop -- ntopng ntopng (aka ntop) before 2.2 allows remote
authenticated users to change the login context
and gain privileges via the user cookie and
username parameter to admin/password_reset.lua.
2015-12-17 6.0 CVE-2015-8368EXPLOIT-DB (link is external)FULLDISCMISC (link is external)
php -- php The phar_get_entry_data function in ext/phar/util.c
in PHP before 5.5.30 and 5.6.x before 5.6.14 allows
remote attackers to cause a denial of service (NULL
pointer dereference and application crash) via a
2015-12-11 6.8 CVE-2015-7803CONFIRM (linkis external)CONFIRM (linkis external)CONFIRM (link
.phar file with a crafted TAR archive entry in which
the Link indicator references a file that does not
exist.
is external)MLIST (link is external)APPLE (link is external)CONFIRM (linkis external)
php -- php Off-by-one error in the phar_parse_zipfile function
in ext/phar/zip.c in PHP before 5.5.30 and 5.6.x
before 5.6.14 allows remote attackers to cause a
denial of service (uninitialized pointer dereference
and application crash) by including the / filename in
a .zip PHAR archive.
2015-12-11 6.8 CVE-2015-7804CONFIRM (linkis external)CONFIRM (linkis external)CONFIRM (linkis external)MLIST (link is external)APPLE (link is external)CONFIRM (linkis external)
phpmailer_project
-- phpmailer
Multiple CRLF injection vulnerabilities in PHPMailer
before 5.2.14 allow attackers to inject arbitrary
SMTP commands via CRLF sequences in an (1) email
address to the validateAddress function in
class.phpmailer.php or (2) SMTP command to the
sendCommand function in class.smtp.php, a
different vulnerability than CVE-2012-0796.
2015-12-16 5.0 CVE-2015-8476CONFIRM (linkis external)CONFIRM (linkis external)BID (link is external)MLIST (link is external)MLIST (link is external)DEBIAN
schneider-electric --
proclima
Multiple buffer overflows in the F1BookView
ActiveX control in F1 Bookview in Schneider Electric
ProClima before 6.2 allow remote attackers to
execute arbitrary code via the (1) Attach, (2)
DefinedName, (3) DefinedNameLocal, (4)
ODBCPrepareEx, (5) ObjCreatePolygon, (6)
SetTabbedTextEx, or (7) SetValidationRule method,
a different vulnerability than CVE-2015-8561.
2015-12-15 6.8 CVE-2015-7918MISCMISC (link is external)MISC (link is external)MISC (link is external)MISC (link is external)MISC (link is external)MISC (link is external)MISC (link is external)CONFIRM (linkis external)
schneider-electric --
proclima
The F1BookView ActiveX control in F1 Bookview in
Schneider Electric ProClima before 6.2 allows
remote attackers to execute arbitrary code or cause
a denial of service (memory corruption) via a
crafted integer value to the (1) AttachToSS, (2)
CopyAll, (3) CopyRange, (4) CopyRangeEx, or (5)
SwapTable method, a different vulnerability than
CVE-2015-7918.
2015-12-15 6.8 CVE-2015-8561MISCMISC (link is external)MISC (link is external)MISC (link is external)MISC (link is external)CONFIRM (linkis external)
synnefoims --
internet_managem
ent_software
Cross-site scripting (XSS) vulnerability in
synnefoclient in Synnefo Internet Management
Software (IMS) 2015 allows remote attackers to
inject arbitrary web script or HTML via the
plan_name parameter to
packagehistory/listusagesdata.
2015-12-15 4.3 CVE-2015-8247BUGTRAQ (link is external)FULLDISC
theforeman --
foreman
Multiple cross-site scripting (XSS) vulnerabilities in
information popups in Foreman before 1.10.0 allow
remote attackers to inject arbitrary web script or
HTML via (1) global parameters, (2) smart class
parameters, or (3) smart variables in the (a) host or
(b) hostgroup edit forms.
2015-12-17 4.3 CVE-2015-7518MLIST (link is external)CONFIRMCONFIRM
xen -- xen The memory_exchange function in
common/memory.c in Xen 3.2.x through 4.6.x does
not properly hand back pages to a domain, which
might allow guest OS administrators to cause a
denial of service (host crash) via unspecified vectors
related to domain teardown.
2015-12-17 4.7 CVE-2015-8339CONFIRM (linkis external)CONFIRM
xen -- xen The memory_exchange function in
common/memory.c in Xen 3.2.x through 4.6.x does
not properly release locks, which might allow guest
OS administrators to cause a denial of service
(deadlock or host crash) via unspecified vectors,
related to XENMEM_exchange error handling.
2015-12-17 4.7 CVE-2015-8340CONFIRM (linkis external)CONFIRM
xmlsoft -- libxml2 Heap-based buffer overflow in the
xmlDictComputeFastQKey function in dict.c in
libxml2 before 2.9.3 allows context-dependent
attackers to cause a denial of service via unspecified
vectors.
2015-12-15 5.0 CVE-2015-7497CONFIRMCONFIRM (linkis external)CONFIRMUBUNTU (link is external)
REDHAT (link is external)REDHAT (link is external)
xmlsoft -- libxml2 Heap-based buffer overflow in the
xmlParseXmlDecl function in parser.c in libxml2
before 2.9.3 allows context-dependent attackers to
cause a denial of service via unspecified vectors
related to extracting errors after an encoding
conversion failure.
2015-12-15 5.0 CVE-2015-7498CONFIRMCONFIRM (linkis external)CONFIRMUBUNTU (link is external)REDHAT (link is external)REDHAT (link is external)
xmlsoft -- libxml2 Heap-based buffer overflow in the xmlGROW
function in parser.c in libxml2 before 2.9.3 allows
context-dependent attackers to obtain sensitive
process memory information via unspecified
vectors.
2015-12-15 5.0 CVE-2015-7499CONFIRMCONFIRMCONFIRM (linkis external)CONFIRMUBUNTU (link is external)REDHAT (link is external)REDHAT (link is external)
xmlsoft -- libxml2 The xmlParseMisc function in parser.c in libxml2
before 2.9.3 allows context-dependent attackers to
cause a denial of service (out-of-bounds heap read)
via unspecified vectors related to incorrect entities
boundaries and start tags.
2015-12-15 5.0 CVE-2015-7500CONFIRMCONFIRM (linkis external)CONFIRMUBUNTU (link is external)REDHAT (link is external)REDHAT (link is external)
xmlsoft -- libxml2 The xmlNextChar function in libxml2 2.9.2 does not
properly check the state, which allows context-
dependent attackers to cause a denial of service
(heap-based buffer over-read and application
crash) or obtain sensitive information via crafted
XML data.
2015-12-15 6.4 CVE-2015-8241CONFIRMCONFIRM (linkis external)CONFIRMUBUNTU (link is external)MLIST (link is external)MLIST (link is external)REDHAT (link
is external)REDHAT (link is external)
xmlsoft -- libxml2 The xmlSAX2TextNode function in SAX2.c in the
push interface in the HTML parser in libxml2 before
2.9.3 allows context-dependent attackers to cause a
denial of service (stack-based buffer over-read and
application crash) or obtain sensitive information
via crafted XML data.
2015-12-15 5.8 CVE-2015-8242CONFIRMCONFIRM (linkis external)CONFIRMCONFIRMUBUNTU (link is external)MLIST (link is external)MLIST (link is external)REDHAT (link is external)REDHAT (link is external)
xmlsoft -- libxml2 The xmlParseXMLDecl function in parser.c in
libxml2 before 2.9.3 allows context-dependent
attackers to obtain sensitive information via an (1)
unterminated encoding value or (2) incomplete
XML declaration in XML data, which triggers an out-
of-bounds heap read.
2015-12-15 5.0 CVE-2015-8317CONFIRMCONFIRMCONFIRM (linkis external)CONFIRMCONFIRMMISCUBUNTU (link is external)MLIST (link is external)MLIST (link is external)REDHAT (link is external)
Low Severity Vulnerabilities
The Primary Vendor --- Product
Description Date Published CVSSScore
The CVE Identity
apple -- iphone_os CFNetwork HTTPProtocol in Apple iOS before 9.2 and
OS X before 10.11.2 allows man-in-the-middle
attackers to bypass the HSTS protection mechanism
via a crafted URL.
2015-12-11 2.6 CVE-2015-7094CONFIRM (linkis external)CONFIRM (linkis external)APPLE (link is external)APPLE (link is external)
cisco --
telepresence_video
_communication_s
erver_software
Cisco TelePresence Video Communication Server
(VCS) X8.6 uses the same encryption key across
different customers' installations, which makes it
easier for local users to defeat cryptographic
protection mechanisms by leveraging knowledge of
a key from another installation, aka Bug ID
CSCuw64516.
2015-12-12 2.1 CVE-2015-6414CISCO (link is external)
mcafee --
virusscan_enterpris
e
The Buffer Overflow Protection (BOP) feature in
McAfee VirusScan Enterprise before 8.8 Patch 6
allocates memory with Read, Write, Execute (RWX)
permissions at predictable addresses on 32-bit
platforms when protecting another application,
which allows attackers to bypass the DEP and ASLR
protection mechanisms via unspecified vectors.
2015-12-16 2.6 CVE-2015-8577CONFIRM (linkis external)MISC (link is external)MISC (link is external)
redhat --
jboss_enterprise_a
pplication_platform
Red Hat JBoss Enterprise Application Platform (EAP)
before 6.4.5 does not properly authorize access to
shut down the server, which allows remote
authenticated users with the Monitor, Deployer, or
Auditor role to cause a denial of service via
unspecified vectors.
2015-12-16 3.5 CVE-2015-5304CONFIRM (linkis external)SECTRACK (link is external)REDHAT (link is external)REDHAT (link is external)REDHAT (link is external)REDHAT (link is external)REDHAT (link is external)
symantec --
endpoint_encryptio
EACommunicatorSrv.exe in the Framework Service
in the client in Symantec Endpoint Encryption (SEE)
2015-12-18 2.3 CVE-2015-6556CONFIRM (link
n before 11.1.0 allows remote authenticated users to
discover credentials by triggering a memory dump.
is external)BID (link is external)
token_insert_entity
_project --
token_insert_entity
The Token Insert Entity module 7.x-1.x before 7.x-1.1
for Drupal does not properly check permissions,
which allows remote authenticated users with
certain permissions to bypass intended access
restrictions and possibly obtain sensitive
information by inserting a token, which embeds a
rendered entity in the main node.
2015-12-17 3.5 CVE-2015-8602MISCCONFIRM
• Sources: http://nvd.nist.gov (For more information visit the National Vulnerabilities Database (NVD) which
contains a database of every vulnerability that has ever been published).
Uganda Communications Commission – UGCERTEmail: [email protected] Tel + 256 414 302 100/150 Toll Free: 0800 133 911
Website www.ug-cert.ug Face book / Twitter: UGCERT